NixOS · different-error · May 12, 2025 · May 22, 2025
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
@@ -6661,6 +6661,11 @@
     githubId = 2096594;
     email = "Dietrich@Daroch.me";
   };
+  different-error = {
+    name = "Sanfer D'souza";
+    github = "different-error";
+    githubId = 9338001;
+  };
   different-name = {
     name = "different-name";
     email = "hello@different-name.dev";

diff --git a/pkgs/by-name/no/nordvpn/cli.nix b/pkgs/by-name/no/nordvpn/cli.nix
@@ -0,0 +1,155 @@
+{
+  myDesktopItemArgs,
+  myMeta,
+  mySrc,
+  myVersion,
+
+  buildGoModule,
+  copyDesktopItems,
+  e2fsprogs,
+  fetchFromGitHub,
+  iproute2,
+  iptables,
+  lib,
+  libxslt,
+  makeDesktopItem,
+  makeWrapper,
+  openvpn,
+  pkg-config,
+  procps,
+  systemdMinimal,
+  wireguard-tools,
+}:
+let
+  patchedOpenvpn = openvpn.overrideAttrs (old: {
+    # scramble packets to make nordvpn traffic over OpenVPN look "normal"
+    patches =
+      let
+        tunnelblickSrc = fetchFromGitHub {
+          owner = "Tunnelblick";
+          repo = "Tunnelblick";
+          tag = "v8.0";
+          hash = "sha256-Kj/F7hI6E+giT+4iGDUjXCLgy/6jcohtTWtLXOpZfo0=";
+        };
+
+        p = "third_party/sources/openvpn/openvpn-${old.version}/patches";
+        name2urlFtn = fname: "${tunnelblickSrc}/${p}/${fname}";
+      in
+      (old.patches or [ ])
+      ++ (lib.map name2urlFtn [
+        "02-tunnelblick-openvpn_xorpatch-a.diff"
+        "03-tunnelblick-openvpn_xorpatch-b.diff"
+        "04-tunnelblick-openvpn_xorpatch-c.diff"
+        "05-tunnelblick-openvpn_xorpatch-d.diff"
+        "06-tunnelblick-openvpn_xorpatch-e.diff"
+      ]);
+  });
+
+in
+buildGoModule (finalAttrs: {
+  pname = "nordvpn-cli";
+  version = myVersion;
+
+  src = mySrc;
+
+  nativeBuildInputs = [
+    copyDesktopItems
+    makeWrapper
+    pkg-config
+  ];
+
+  vendorHash = "sha256-outOvVAu76Pa9lQbiXQP2wA2cee3Ofq41SwfL6JEKs0=";
+
+  preBuild = ''
+    # use path $out/bin instead of /usr/lib
+    substituteInPlace internal/constants.go \
+        --replace-fail "/usr/lib/nordvpn" "$out/bin"
+
+    # use path <<openvpnPatch>>/bin/openvpn
+    old_ovpn_path='filepath.Join(internal.AppDataPathStatic, "openvpn")'
+    new_ovpn_path='"${patchedOpenvpn}/bin/openvpn"'
+    substituteInPlace daemon/vpn/openvpn/config.go \
+        --replace-fail "$old_ovpn_path" "$new_ovpn_path"
+  '';
+
+  ldflags = [
+    "-X main.Environment=prod"
+    "-X main.Version=${finalAttrs.version}"
+  ];
+
+  subPackages = [
+    "cmd/cli"
+    "cmd/daemon"
+    "cmd/norduser"
+  ];
+
+  doCheck = true;
+
+  checkPhase = ''
+    runHook preCheck
+
+    go test ./cli
+    # skip tests that require network access
+    go test ./daemon -skip \
+        'TestTransports|TestH1Transport_RoundTrip|Test.*FileList_RealURL'
+    go test ./norduser
+
+    runHook postCheck
+  '';
+
+  postInstall = ''
+    # rename to standard names
+    BIN_DIR=$out/bin
+    install $BIN_DIR/cli $BIN_DIR/nordvpn
+    install $BIN_DIR/daemon $BIN_DIR/nordvpnd
+    install $BIN_DIR/norduser $BIN_DIR/norduserd
+    rm $BIN_DIR/{cli,daemon,norduser}
+
+    # nordvpn needs icons for the system tray and notifications
+    ICONS_PATH=$out/share/icons/hicolor/scalable/apps
+    install -d $ICONS_PATH
+    install --mode=0444 assets/icon.svg $ICONS_PATH/nordvpn.svg
+    for file in assets/*; do
+        install --mode=0444 "$file" "$ICONS_PATH/nordvpn-$(basename $file)"
+    done
+  '';
+
+  postFixup = ''
+    wrapProgram $out/bin/nordvpnd --set PATH ${
+      lib.makeBinPath [
+        e2fsprogs
+        iproute2
+        iptables
+        libxslt
+        patchedOpenvpn
+        procps
+        systemdMinimal
+        wireguard-tools
+      ]
+    }
+  '';
+
+  desktopItems = [
+    (makeDesktopItem (
+      myDesktopItemArgs
+      // {
+        comment = "I get called after NordVPN oauth browser login.";
+        desktopName = "NordVPN CLI";
+        exec = "nordvpn click %u";
+        mimeTypes = [ "x-scheme-handler/nordvpn" ];
+        name = "nordvpn";
+        noDisplay = true;
+        terminal = true;
+      }
+    ))
+  ];
+
+  meta = myMeta // {
+    description = ''
+      NordVPN cli application.
+      Contains client and daemon.
+      Even if you intend to use the gui only, you'd need this package.
+    '';
+    mainProgram = "nordvpn";
+  };
+})
diff --git a/pkgs/by-name/no/nordvpn/gui.nix b/pkgs/by-name/no/nordvpn/gui.nix
@@ -0,0 +1,49 @@
+{
+  myDesktopItemArgs,
+  myMeta,
+  mySrc,
+  myVersion,
+
+  copyDesktopItems,
+  flutter,
+  lib,
+  makeDesktopItem,
+}:
+flutter.buildFlutterApplication {
+  pname = "nordvpn-gui";
+  version = myVersion;
+
+  src = mySrc;
+  sourceRoot = "${mySrc.name}/gui";
+
+  nativeBuildInputs = [
+    copyDesktopItems
+  ];
+
+  pubspecLock = lib.importJSON ./pubspec.lock.json;
+
+  # finds X11 using pkg-config
+  patches = [ ./linux-cmake.patch ];
+
+  desktopItems = [
+    (makeDesktopItem (
+      myDesktopItemArgs
+      // {
+        comment = "NordVPN's GUI to manage vpn connection, settings, etc.";
+        desktopName = "NordVPN GUI";
+        exec = "nordvpn-gui";
+        name = "nordvpn-gui";
+        noDisplay = false;
+        terminal = false;
+      }
+    ))
+  ];
+
+  meta = myMeta // {
+    description = ''
+      NordVPN gui application.
+      Presumes the dependent NordVPN cli application.
+    '';
+    mainProgram = "nordvpn-gui";
+  };
+}
diff --git a/pkgs/by-name/no/nordvpn/linux-cmake.patch b/pkgs/by-name/no/nordvpn/linux-cmake.patch
@@ -0,0 +1,23 @@
+--- a/linux/CMakeLists.txt
++++ b/linux/CMakeLists.txt
+@@ -51,10 +51,10 @@
+ # System-level dependencies.
+ find_package(PkgConfig REQUIRED)
+ pkg_check_modules(GTK REQUIRED IMPORTED_TARGET gtk+-3.0)
++pkg_check_modules(X11 REQUIRED IMPORTED_TARGET x11)
+
+ add_definitions(-DAPPLICATION_ID="${APPLICATION_ID}")
+ # Fix for: https://github.com/NordSecurity/nordvpn-linux/issues/1136
+-find_package(X11 REQUIRED)
+
+ # Define the application target. To change its name, change BINARY_NAME above,
+ # not the value here, or `flutter run` will no longer work.
+@@ -73,7 +73,7 @@
+ # Add dependency libraries. Add any application-specific dependencies here.
+ target_link_libraries(${BINARY_NAME} PRIVATE flutter)
+ target_link_libraries(${BINARY_NAME} PRIVATE PkgConfig::GTK)
+-target_link_libraries(${BINARY_NAME} PRIVATE X11::X11)
++target_link_libraries(${BINARY_NAME} PRIVATE PkgConfig::X11)
+
+ # Run the Flutter tool portions of the build. This must not be removed.
+ add_dependencies(${BINARY_NAME} flutter_assemble)
diff --git a/pkgs/by-name/no/nordvpn/package.nix b/pkgs/by-name/no/nordvpn/package.nix
@@ -0,0 +1,76 @@
+{
+  callPackage,
+  fetchFromGitHub,
+  lib,
+  symlinkJoin,
+}:
+let
+  commonArgs = rec {
+    myVersion = "4.3.1";
+
+    mySrc = fetchFromGitHub {
+      owner = "NordSecurity";
+      repo = "nordvpn-linux";
+      tag = myVersion;
+      hash = "sha256-o9+9IiXV2CS/Zj3bDg8EJn/UidwA6Fwn4ySFbwyCp60=";
+    };
+
+    myMeta = rec {
+      homepage = "https://github.com/${mySrc.owner}/${mySrc.repo}";
+      changelog = "${homepage}/releases/tag/${myVersion}";
+      license = lib.licenses.gpl3Only;
+      maintainers = with lib.maintainers; [ different-error ];
+      platforms = lib.platforms.linux;
+    };
+
+    myDesktopItemArgs = {
+      categories = [ "Network" ];
+      genericName = "a vpn provider";
+      icon = "nordvpn";
+      type = "Application";
+    };
+  };
+in
+symlinkJoin rec {
+  pname = "nordvpn";
+  version = commonArgs.myVersion;
+
+  # call packages here to override in corresponding module definition.
+  cli = callPackage ./cli.nix commonArgs;
+  gui = callPackage ./gui.nix commonArgs;
+
+  paths = [
+    cli
+    gui
+  ];
+
+  meta = commonArgs.myMeta // {
+    description = "NordVPN cli and gui applications for Linux.";
+    longDescription = ''
+      NordVPN cli and gui applications for Linux.
+      This package currently does not support meshnet.
+      Additionally, if `networking.firewall.enable = true;`,
+      then also set `networking.firewall.checkReversePath = "loose";`.
+      The closed-source nordwhisper protocol is also not supported.
+      Contributions welcome!
+
+      Run `nordvpnd` with root privileges:
+      ```bash
+      sudo nordvpnd
+      sudo chown $USER:$USER /run/nordvpn/nordvpnd.sock
+      ```
+
+      Some common cli commands:
+      ```bash
+      nordvpn login
+      nordvpn set technology nordlynx
+      nordvpn connect
+      ```
+
+      To launch the gui:
+      ```bash
+      nordvpn-gui
+      ```
+    '';
+  };
+}