{ pkgs, lib, gcc, autoPatchelfHook, ... }: let patchedPkgs = pkgs.appendOverlays [ (final: prev: { # Nordvpn uses a patched openvpn in order to perform xor obfuscation # See https://github.com/NordSecurity/nordvpn-linux/blob/e614303aaaf1a64fde5bb1b4de1a7863b22428c4/ci/openvpn/check_dependencies.sh openvpn = prev.openvpn.overrideAttrs (old: { patches = (old.patches or [ ]) ++ [ (prev.fetchpatch { url = "https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/02-tunnelblick-openvpn_xorpatch-a.diff"; hash = "sha256-b9NiWETc0g2a7FNwrLaNrWx7gfCql7VTbewFu3QluFk="; }) (prev.fetchpatch { url = "https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/03-tunnelblick-openvpn_xorpatch-b.diff"; hash = "sha256-X/SshB/8ItLFBx6TPhjBwyA97ra0iM2KgsGqGIy2s9I="; }) (prev.fetchpatch { url = "https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/04-tunnelblick-openvpn_xorpatch-c.diff"; hash = "sha256-fw0CxJGIFEydIVRVouTlD1n275eQcbejUdhrU1JAx7g="; }) (prev.fetchpatch { url = "https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/05-tunnelblick-openvpn_xorpatch-d.diff"; hash = "sha256-NLRtoRVz+4hQcElyz4elCAv9l1vp4Yb3/VJef+L/FZo="; }) (prev.fetchpatch { url = "https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/06-tunnelblick-openvpn_xorpatch-e.diff"; hash = "sha256-mybdjCIT9b6ukbGWYvbr74fKtcncCtTvS5xSVf92T6Y="; }) ]; }); }) ]; nordvpn = pkgs.buildGoModule rec { pname = "nordvpn"; version = "3.19.0"; #src = ./.; src = pkgs.fetchFromGitHub { owner = "NordSecurity"; repo = "nordvpn-linux"; rev = "e614303aaaf1a64fde5bb1b4de1a7863b22428c4"; sha256 = "sha256-uIzG9QIVwax0Cop2VuDzy033efEBudFnGNj7osT/x2g"; }; nativeBuildInputs = with pkgs; [ pkg-config gcc ]; buildInputs = with pkgs; [ libxml2 gcc ]; vendorHash = "sha256-h5G5J/Sw0277pDzVXT6b3BX0KUbtyN8ujITfYp5PmgE"; ldflags = [ "-X main.Version=${version}" "-X main.Environment=dev" "-X main.Salt=development" "-X main.Hash=${src.rev}" ]; buildPhase = '' runHook preBuild echo "Building nordvpn CLI..." export LDFLAGS="${builtins.concatStringsSep " " ldflags}" go build -ldflags "$LDFLAGS" -o bin/nordvpn ./cmd/cli echo "Building nordvpn user..." go build -ldflags "$LDFLAGS" -o bin/norduserd ./cmd/norduser # Fix missing include in a library preventing compilation chmod +w vendor/github.com/jbowtie/gokogiri/xpath/ sed -i '6i#include ' vendor/github.com/jbowtie/gokogiri/xpath/expression.go echo "Building nordvpn daemon..." go build -ldflags "$LDFLAGS" -o bin/nordvpnd ./cmd/daemon runHook postBuild ''; installPhase = '' runHook preInstall mkdir -p $out/lib/nordvpn/ mv bin/norduserd $out/lib/nordvpn/ ln -s ${patchedPkgs.openvpn}/bin/openvpn $out/lib/nordvpn/openvpn ln -s ${pkgs.wireguard-tools}/bin/wg $out/lib/nordvpn/wg # Nordvpn needs icons for the system tray mkdir -p $out/share/icons/hicolor/scalable/apps nordvpn_asset_prefix="nordvpn-" # hardcoded image prefix cp assets/icon.svg $out/share/icons/hicolor/scalable/apps/nordvpn.svg # Does not follow convention for file in assets/*.svg; do cp "$file" "$out/share/icons/hicolor/scalable/apps/''${nordvpn_asset_prefix}$(basename "$file")" done mkdir -p $out/bin cp bin/* $out/bin runHook postInstall ''; meta = with pkgs.lib; { description = "NordVPN CLI and daemon application for Linux"; homepage = "https://github.com/nordsecurity/nordvpn-linux"; mainProgram = "nordvpn"; license = licenses.gpl3; platforms = platforms.linux; }; }; in pkgs.buildFHSEnv { name = "nordvpnd"; targetPkgs = with pkgs; pkgs: [ nordvpn sysctl iptables iproute2 procps cacert libxml2 libidn2 zlib wireguard-tools patchedPkgs.openvpn e2fsprogs # for chattr ]; extraInstallCommands = '' mkdir -p $out/bin/ printf "#!${pkgs.bash}/bin/bash\n${nordvpn}/bin/nordvpn \"\$@\"" > $out/bin/nordvpn chmod +x $out/bin/nordvpn ''; runScript = '' ${nordvpn}/bin/nordvpnd ''; }