add NordVPN module instead of not working external flake

2025-04-14 10:29:00 +02:00 · 2025-04-14 10:29:00 +02:00 · d670e245e4
commit d670e245e4
parent fec6e4eb0f
10 changed files with 158 additions and 63 deletions
--- a/flake.lock
+++ b/flake.lock
@ -829,22 +829,6 @@
      }
    },
    "nixpkgs_6": {
-      "locked": {
-        "lastModified": 1742422364,
-        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_7": {
      "locked": {
        "lastModified": 1741513245,
        "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
@ -860,24 +844,6 @@
        "type": "github"
      }
    },
-    "nordvpn": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_6"
-      },
-      "locked": {
-        "lastModified": 1742098294,
-        "narHash": "sha256-kszMKykXU1oZIn8RSDuBwIa5hY5om2wdy32KYgYKzs8=",
-        "owner": "m-lourenco0",
-        "repo": "nordvpn-flake",
-        "rev": "72594cb60df19951ee726dcad24ef0a9c5d29fbc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "m-lourenco0",
-        "repo": "nordvpn-flake",
-        "type": "github"
-      }
-    },
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts",
@ -946,7 +912,6 @@
        "home-manager": "home-manager",
        "hyprspace": "hyprspace",
        "nixpkgs": "nixpkgs_5",
-        "nordvpn": "nordvpn",
        "stylix": "stylix"
      }
    },
@ -1046,7 +1011,7 @@
        "git-hooks": "git-hooks",
        "gnome-shell": "gnome-shell",
        "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
        "nur": "nur",
        "systems": "systems_2",
        "tinted-foot": "tinted-foot",
--- a/flake.nix
+++ b/flake.nix
@ -1,15 +1,14 @@
 {
 	inputs = {
    	nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";	
-		stylix.url = "github:danth/stylix";

    	home-manager.url = "github:nix-community/home-manager/release-24.11";
 		home-manager.inputs.nixpkgs.follows = "nixpkgs";

+		stylix.url = "github:danth/stylix";
 		apple-fonts.url = "github:Lyndeno/apple-fonts.nix";
 		apple-emoji.url = "github:oxcl/apple-emoji-nix";

-		nordvpn.url = "github:m-lourenco0/nordvpn-flake";
    	ags.url = "github:Aylur/ags";
    	
 		fingerprint-sensor.url = "github:ahbnr/nixos-06cb-009a-fingerprint-sensor/24.11";
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -16,10 +16,9 @@ let
        	./${hostname}
        	homeDir
    	] ++ (
-			if useHomeManager then
-				[ inputs.home-manager.nixosModules.home-manager ]
-			else 
-				[ ]
+			if useHomeManager then [
+				inputs.home-manager.nixosModules.home-manager
+			] else [ ]
 		) ++ modules;
   	};
 in {
--- a/hosts/hulk/modules.nix
+++ b/hosts/hulk/modules.nix
@ -10,13 +10,14 @@
    	../../modules/nixos/greetd.nix
    	../../modules/nixos/audio.nix

-		# Apps
-    	inputs.nordvpn.nixosModules.nordvpn
+		# Apps/services
+		../../modules/nixos/nordvpn.nix
    ];

 	modules.apple-style.enable = true;
  	modules.bluetooth.enable = true;
 	modules.nvidia.enable = true;
+	modules.nordvpn.enable = true;
  	modules.audio.enable = true;
 	modules.fingerprint-fix = {
 		enable = true;
@ -25,7 +26,6 @@

 	services = {
 		tlp.enable = false;
-		nordvpn.enable = true;
        gvfs.enable = true;
        upower.enable = true;
        power-profiles-daemon.enable = true;
--- a/hosts/hulk/users.nix
+++ b/hosts/hulk/users.nix
@ -9,7 +9,7 @@ in {
    	isNormalUser = true;
    	description = fullname;
    	home = "/home/${username}";
-    	extraGroups = [ "wheel" "networkmanager" "plugdev" "adbusers" "video" ];
+    	extraGroups = [ "wheel" "networkmanager" "plugdev" "adbusers" "nordvpn" ];
    	shell = preferredShell;
    	ignoreShellProgramCheck = true; # Will do it later in profile configuration
  	};
--- a/modules/derivations/nordvpn.nix
+++ b/modules/derivations/nordvpn.nix
@ -0,0 +1,91 @@
+{ lib, pkgs, ... }:
+
+let
+	pname = "nordvpn";
+  	version = "3.20.1";
+
+  	nordVPNBase = pkgs.stdenv.mkDerivation rec {
+		inherit pname version;
+
+		src = pkgs.fetchurl {
+			url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/n/nordvpn/nordvpn_${version}_amd64.deb";
+			hash = "sha256-RJoI3G4Tr3272CZ/lI9HEfKXdwuwPzWlrOKm9taIjuU=";
+		};
+
+		buildInputs = with pkgs; [ libxml2 libidn2 ];
+		nativeBuildInputs = with pkgs; [
+			dpkg
+			autoPatchelfHook
+			stdenv.cc.cc.lib
+			libnl
+			libcap_ng
+		];
+
+		dontConfigure = true;
+		dontBuild = true;
+
+		unpackPhase = ''
+			runHook preUnpack
+			dpkg --extract $src .
+			runHook postUnpack
+		'';
+
+		installPhase = ''
+			runHook preInstall
+			mkdir -p $out
+			mv usr/* $out/
+			mv var/ $out/
+			mv etc/ $out/
+			runHook postInstall
+		'';
+	};
+
+	nordVPNfhs = pkgs.buildFHSEnvChroot {
+    	name = "nordvpnd";
+    	runScript = "nordvpnd";
+
+    	targetPkgs = pkgs: with pkgs; [
+			nordVPNBase
+			sysctl
+			iptables
+			iproute2
+			procps
+			cacert
+			libxml2
+			libidn2
+			zlib
+			wireguard-tools
+    	];
+  	};
+
+  	preScript = pkgs.writeShellScript "nordvpn-start" ''
+		mkdir -m 700 -p /var/lib/nordvpn;
+		if [ -z "$(ls -A /var/lib/nordvpn)" ]; then
+		  cp -r ${nordVPNBase}/var/lib/nordvpn/* /var/lib/nordvpn;
+		fi
+  	'';
+in pkgs.stdenv.mkDerivation rec {
+  	inherit pname version;
+
+  	dontUnpack = true;
+  	dontConfigure = true;
+  	dontBuild = true;
+
+  	installPhase = ''
+		runHook preInstall
+		mkdir -p $out/bin $out/share
+		ln -s ${nordVPNBase}/bin/nordvpn $out/bin
+		ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin
+		ln -s ${nordVPNBase}/share/* $out/share/
+		ln -s ${nordVPNBase}/var $out/
+		runHook postInstall
+  	'';
+
+  	meta = with lib; {
+		description = "CLI client for NordVPN";
+		homepage = "https://www.nordvpn.com";
+		license = licenses.unfreeRedistributable;
+		maintainers = with maintainers; [dr460nf1r3];
+		platforms = ["x86_64-linux"];
+	};
+}
--- a/modules/nixos/nordvpn.nix
+++ b/modules/nixos/nordvpn.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+  	options.modules.nordvpn.enable = lib.mkEnableOption "Whether to enable the NordVPN daemon";
+
+  	config = lib.mkIf config.modules.nordvpn.enable (let 
+		nordVPN = pkgs.callPackage ../derivations/nordvpn.nix { inherit pkgs lib; };
+		preScript = pkgs.writeShellScript "nordvpn-start" ''
+			mkdir -m 700 -p /var/lib/nordvpn;
+			if [ -z "$(ls -A /var/lib/nordvpn)" ]; then
+			  cp -r ${nordVPN}/var/lib/nordvpn/* /var/lib/nordvpn;
+			fi
+  		'';
+	in {
+    	networking.firewall.checkReversePath = false;
+    	networking.firewall.allowedUDPPorts = [ 1194 ];
+    	networking.firewall.allowedTCPPorts = [ 443 ];
+
+    	environment.systemPackages = [ nordVPN ];
+    	users.groups.nordvpn = {};
+
+    	systemd.services.nordvpn = {
+      		description = "NordVPN daemon.";
+      		serviceConfig = {
+				ExecStart = "${nordVPN}/bin/nordvpnd";
+				ExecStartPre = preScript;
+				NonBlocking = true;
+				KillMode = "process";
+        		Restart = "on-failure";
+        		RestartSec = 5;
+        		RuntimeDirectory = "nordvpn";
+        		RuntimeDirectoryMode = "0750";
+        		Group = "nordvpn";
+      		};
+      		wantedBy = ["multi-user.target"];
+      		after = ["network-online.target"];
+      		wants = ["network-online.target"];
+    	};
+	});
+}
--- a/profiles/hulk/default.nix
+++ b/profiles/hulk/default.nix
@ -5,8 +5,8 @@ let
  	homeDirectory = "/home/${username}";
 in {
 	imports = [
-    	./packages.nix
-    	./programs.nix
+		./packages.nix
+		./programs.nix
 		./theme.nix
 	];

--- a/profiles/hulk/packages.nix
+++ b/profiles/hulk/packages.nix
@ -8,8 +8,6 @@
 			pywayland
 		]))

-		inputs.nordvpn.packages.${system}.nordvpn
-
 		(birdtray.overrideAttrs (_: {
  			cmakeFlags = [ "-DOPT_THUNDERBIRD_CMDLINE=${thunderbird}/bin/thunderbird" ];
 		}))
--- a/shells/ddt4all.nix
+++ b/shells/ddt4all.nix
@ -8,12 +8,20 @@ let
    	ps.crcmod
    	ps.pyserial
  	]);
+
+	src = pkgs.fetchFromGitHub {
+		owner = "cedricp";
+		repo = "ddt4all";
+		rev = "v3.0.4";
+		sha256 = "sha256-SswaqV2UabVjuNeMTd7K3Vxa77LZKCb/qkgidkaE0R8=";
+	};
 in pkgs.mkShell {
 	name = "ddt4all-env";

  	buildInputs = [
    	pythonWithPkgs
-    	pkgs.qt5.qtbase
+    	src
+		pkgs.qt5.qtbase
    	pkgs.qt5.qttools
    	pkgs.git
    	pkgs.freetype
@ -32,20 +40,15 @@ in pkgs.mkShell {
  	];

  	nativeBuildInputs = [ pkgs.libsForQt5.qt5.wrapQtAppsHook ];
-  	shellHook = ''wrapQtAppsHook'';

-  	runScript = ''
+ 	shellHook = ''
+		mkdir -p $HOME/DDT4ALL
+		cp -r $src/bin/* $HOME/DDT4ALL
+
 		cd $HOME/DDT4ALL
+		wrapQtAppsHook

-    	if [ ! -d ".venv" ]; then
-      		python3 -m venv .venv
-      		source .venv/bin/activate
-      		pip install --upgrade pip
-      		pip install -r requirements.txt
-    	else
-      		source .venv/bin/activate
-    	fi
-
-    	python3 main.py
+    	python main.py
+		#exit
 	'';
 }