From d670e245e4e3398e815fc43cab0220bb731438e5 Mon Sep 17 00:00:00 2001 From: Franek Date: Mon, 14 Apr 2025 10:29:00 +0200 Subject: [PATCH] add NordVPN module instead of not working external flake --- flake.lock | 37 +------------- flake.nix | 3 +- hosts/default.nix | 7 ++- hosts/hulk/modules.nix | 6 +-- hosts/hulk/users.nix | 2 +- modules/derivations/nordvpn.nix | 91 +++++++++++++++++++++++++++++++++ modules/nixos/nordvpn.nix | 40 +++++++++++++++ profiles/hulk/default.nix | 4 +- profiles/hulk/packages.nix | 2 - shells/ddt4all.nix | 29 ++++++----- 10 files changed, 158 insertions(+), 63 deletions(-) create mode 100644 modules/derivations/nordvpn.nix create mode 100644 modules/nixos/nordvpn.nix diff --git a/flake.lock b/flake.lock index d0890ed..640f58f 100644 --- a/flake.lock +++ b/flake.lock @@ -829,22 +829,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1741513245, "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", @@ -860,24 +844,6 @@ "type": "github" } }, - "nordvpn": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1742098294, - "narHash": "sha256-kszMKykXU1oZIn8RSDuBwIa5hY5om2wdy32KYgYKzs8=", - "owner": "m-lourenco0", - "repo": "nordvpn-flake", - "rev": "72594cb60df19951ee726dcad24ef0a9c5d29fbc", - "type": "github" - }, - "original": { - "owner": "m-lourenco0", - "repo": "nordvpn-flake", - "type": "github" - } - }, "nur": { "inputs": { "flake-parts": "flake-parts", @@ -946,7 +912,6 @@ "home-manager": "home-manager", "hyprspace": "hyprspace", "nixpkgs": "nixpkgs_5", - "nordvpn": "nordvpn", "stylix": "stylix" } }, @@ -1046,7 +1011,7 @@ "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nur": "nur", "systems": "systems_2", "tinted-foot": "tinted-foot", diff --git a/flake.nix b/flake.nix index d2e94b2..e7d974c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,15 +1,14 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - stylix.url = "github:danth/stylix"; home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + stylix.url = "github:danth/stylix"; apple-fonts.url = "github:Lyndeno/apple-fonts.nix"; apple-emoji.url = "github:oxcl/apple-emoji-nix"; - nordvpn.url = "github:m-lourenco0/nordvpn-flake"; ags.url = "github:Aylur/ags"; fingerprint-sensor.url = "github:ahbnr/nixos-06cb-009a-fingerprint-sensor/24.11"; diff --git a/hosts/default.nix b/hosts/default.nix index 7e33026..8b3a245 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -16,10 +16,9 @@ let ./${hostname} homeDir ] ++ ( - if useHomeManager then - [ inputs.home-manager.nixosModules.home-manager ] - else - [ ] + if useHomeManager then [ + inputs.home-manager.nixosModules.home-manager + ] else [ ] ) ++ modules; }; in { diff --git a/hosts/hulk/modules.nix b/hosts/hulk/modules.nix index a10c55d..43fff10 100644 --- a/hosts/hulk/modules.nix +++ b/hosts/hulk/modules.nix @@ -10,13 +10,14 @@ ../../modules/nixos/greetd.nix ../../modules/nixos/audio.nix - # Apps - inputs.nordvpn.nixosModules.nordvpn + # Apps/services + ../../modules/nixos/nordvpn.nix ]; modules.apple-style.enable = true; modules.bluetooth.enable = true; modules.nvidia.enable = true; + modules.nordvpn.enable = true; modules.audio.enable = true; modules.fingerprint-fix = { enable = true; @@ -25,7 +26,6 @@ services = { tlp.enable = false; - nordvpn.enable = true; gvfs.enable = true; upower.enable = true; power-profiles-daemon.enable = true; diff --git a/hosts/hulk/users.nix b/hosts/hulk/users.nix index 451e5d1..1d8aae8 100644 --- a/hosts/hulk/users.nix +++ b/hosts/hulk/users.nix @@ -9,7 +9,7 @@ in { isNormalUser = true; description = fullname; home = "/home/${username}"; - extraGroups = [ "wheel" "networkmanager" "plugdev" "adbusers" "video" ]; + extraGroups = [ "wheel" "networkmanager" "plugdev" "adbusers" "nordvpn" ]; shell = preferredShell; ignoreShellProgramCheck = true; # Will do it later in profile configuration }; diff --git a/modules/derivations/nordvpn.nix b/modules/derivations/nordvpn.nix new file mode 100644 index 0000000..d439ebf --- /dev/null +++ b/modules/derivations/nordvpn.nix @@ -0,0 +1,91 @@ +{ lib, pkgs, ... }: + +let + pname = "nordvpn"; + version = "3.20.1"; + + nordVPNBase = pkgs.stdenv.mkDerivation rec { + inherit pname version; + + src = pkgs.fetchurl { + url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/n/nordvpn/nordvpn_${version}_amd64.deb"; + hash = "sha256-RJoI3G4Tr3272CZ/lI9HEfKXdwuwPzWlrOKm9taIjuU="; + }; + + buildInputs = with pkgs; [ libxml2 libidn2 ]; + nativeBuildInputs = with pkgs; [ + dpkg + autoPatchelfHook + stdenv.cc.cc.lib + libnl + libcap_ng + ]; + + dontConfigure = true; + dontBuild = true; + + unpackPhase = '' + runHook preUnpack + dpkg --extract $src . + runHook postUnpack + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out + mv usr/* $out/ + mv var/ $out/ + mv etc/ $out/ + runHook postInstall + ''; + }; + + nordVPNfhs = pkgs.buildFHSEnvChroot { + name = "nordvpnd"; + runScript = "nordvpnd"; + + targetPkgs = pkgs: with pkgs; [ + nordVPNBase + sysctl + iptables + iproute2 + procps + cacert + libxml2 + libidn2 + zlib + wireguard-tools + ]; + }; + + preScript = pkgs.writeShellScript "nordvpn-start" '' + mkdir -m 700 -p /var/lib/nordvpn; + if [ -z "$(ls -A /var/lib/nordvpn)" ]; then + cp -r ${nordVPNBase}/var/lib/nordvpn/* /var/lib/nordvpn; + fi + ''; +in pkgs.stdenv.mkDerivation rec { + inherit pname version; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin $out/share + ln -s ${nordVPNBase}/bin/nordvpn $out/bin + ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin + ln -s ${nordVPNBase}/share/* $out/share/ + ln -s ${nordVPNBase}/var $out/ + runHook postInstall + ''; + + meta = with lib; { + description = "CLI client for NordVPN"; + homepage = "https://www.nordvpn.com"; + license = licenses.unfreeRedistributable; + maintainers = with maintainers; [dr460nf1r3]; + platforms = ["x86_64-linux"]; + }; +} diff --git a/modules/nixos/nordvpn.nix b/modules/nixos/nordvpn.nix new file mode 100644 index 0000000..476c297 --- /dev/null +++ b/modules/nixos/nordvpn.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + options.modules.nordvpn.enable = lib.mkEnableOption "Whether to enable the NordVPN daemon"; + + config = lib.mkIf config.modules.nordvpn.enable (let + nordVPN = pkgs.callPackage ../derivations/nordvpn.nix { inherit pkgs lib; }; + preScript = pkgs.writeShellScript "nordvpn-start" '' + mkdir -m 700 -p /var/lib/nordvpn; + if [ -z "$(ls -A /var/lib/nordvpn)" ]; then + cp -r ${nordVPN}/var/lib/nordvpn/* /var/lib/nordvpn; + fi + ''; + in { + networking.firewall.checkReversePath = false; + networking.firewall.allowedUDPPorts = [ 1194 ]; + networking.firewall.allowedTCPPorts = [ 443 ]; + + environment.systemPackages = [ nordVPN ]; + users.groups.nordvpn = {}; + + systemd.services.nordvpn = { + description = "NordVPN daemon."; + serviceConfig = { + ExecStart = "${nordVPN}/bin/nordvpnd"; + ExecStartPre = preScript; + NonBlocking = true; + KillMode = "process"; + Restart = "on-failure"; + RestartSec = 5; + RuntimeDirectory = "nordvpn"; + RuntimeDirectoryMode = "0750"; + Group = "nordvpn"; + }; + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + wants = ["network-online.target"]; + }; + }); +} diff --git a/profiles/hulk/default.nix b/profiles/hulk/default.nix index da71d67..a23a7d4 100644 --- a/profiles/hulk/default.nix +++ b/profiles/hulk/default.nix @@ -5,8 +5,8 @@ let homeDirectory = "/home/${username}"; in { imports = [ - ./packages.nix - ./programs.nix + ./packages.nix + ./programs.nix ./theme.nix ]; diff --git a/profiles/hulk/packages.nix b/profiles/hulk/packages.nix index 12e1013..1a94dd9 100644 --- a/profiles/hulk/packages.nix +++ b/profiles/hulk/packages.nix @@ -8,8 +8,6 @@ pywayland ])) - inputs.nordvpn.packages.${system}.nordvpn - (birdtray.overrideAttrs (_: { cmakeFlags = [ "-DOPT_THUNDERBIRD_CMDLINE=${thunderbird}/bin/thunderbird" ]; })) diff --git a/shells/ddt4all.nix b/shells/ddt4all.nix index e29bfbe..edece91 100644 --- a/shells/ddt4all.nix +++ b/shells/ddt4all.nix @@ -8,12 +8,20 @@ let ps.crcmod ps.pyserial ]); + + src = pkgs.fetchFromGitHub { + owner = "cedricp"; + repo = "ddt4all"; + rev = "v3.0.4"; + sha256 = "sha256-SswaqV2UabVjuNeMTd7K3Vxa77LZKCb/qkgidkaE0R8="; + }; in pkgs.mkShell { name = "ddt4all-env"; buildInputs = [ pythonWithPkgs - pkgs.qt5.qtbase + src + pkgs.qt5.qtbase pkgs.qt5.qttools pkgs.git pkgs.freetype @@ -32,20 +40,15 @@ in pkgs.mkShell { ]; nativeBuildInputs = [ pkgs.libsForQt5.qt5.wrapQtAppsHook ]; - shellHook = ''wrapQtAppsHook''; - runScript = '' + shellHook = '' + mkdir -p $HOME/DDT4ALL + cp -r $src/bin/* $HOME/DDT4ALL + cd $HOME/DDT4ALL + wrapQtAppsHook - if [ ! -d ".venv" ]; then - python3 -m venv .venv - source .venv/bin/activate - pip install --upgrade pip - pip install -r requirements.txt - else - source .venv/bin/activate - fi - - python3 main.py + python main.py + #exit ''; }