mullvad.openvpn-wireguard: init at 2.5.3

3 files changed, 91 insertions, 0 deletions

diff --git a/pkgs/applications/networking/mullvad/default.nix b/pkgs/applications/networking/mullvad/default.nix
index 81eedb0d597b7..7b4bcf9d61b25 100644
--- a/pkgs/applications/networking/mullvad/default.nix
+++ b/pkgs/applications/networking/mullvad/default.nix
@@ -4,4 +4,5 @@
 lib.makeScope newScope (self: {
   libwg = self.callPackage ./libwg.nix { };
   mullvad = self.callPackage ./mullvad.nix { };
+  openvpn-mullvad = self.callPackage ./openvpn.nix { };
 })
diff --git a/pkgs/applications/networking/mullvad/mullvad.nix b/pkgs/applications/networking/mullvad/mullvad.nix
index 526f39866457d..6fe37da270c70 100644
--- a/pkgs/applications/networking/mullvad/mullvad.nix
+++ b/pkgs/applications/networking/mullvad/mullvad.nix
@@ -10,6 +10,7 @@
 , libnftnl
 , libmnl
 , libwg
+, openvpn-mullvad
 }:
 let
   # result of running address_cache as of 02 Mar 2022
@@ -88,6 +89,8 @@ rustPlatform.buildRustPackage rec {
         --set-default MULLVAD_RESOURCE_DIR "$out/share/mullvad"
     '';
 
+  passthru = { inherit openvpn-mullvad; };
+
   meta = with lib; {
     description = "Mullvad VPN command-line client tools";
     homepage = "https://github.com/mullvad/mullvadvpn-app";
diff --git a/pkgs/applications/networking/mullvad/openvpn.nix b/pkgs/applications/networking/mullvad/openvpn.nix
new file mode 100644
index 0000000000000..b191c31d39ac7
--- /dev/null
+++ b/pkgs/applications/networking/mullvad/openvpn.nix
@@ -0,0 +1,87 @@
+{ lib
+, openvpn
+, fetchpatch
+, fetchurl
+, iproute2
+, autoconf
+, automake
+}:
+
+openvpn.overrideAttrs (oldAttrs:
+  let
+    fetchMullvadPatch = { commit, sha256 }: fetchpatch {
+      url = "https://github.com/mullvad/openvpn/commit/${commit}.patch";
+      inherit sha256;
+    };
+  in
+  rec {
+    pname = "openvpn-mullvad";
+    version = "2.5.3";
+
+    src = fetchurl {
+      url = "https://swupdate.openvpn.net/community/releases/openvpn-${version}.tar.gz";
+      sha256 = "sha256-dfAETfRJQwVVynuZWit3qyTylG/cNmgwG47cI5hqX34=";
+    };
+
+    buildInputs = oldAttrs.buildInputs or [ ] ++ [
+      iproute2
+    ];
+
+    configureFlags = oldAttrs.configureFlags  or [ ] ++ [
+      "--enable-iproute2"
+      "IPROUTE=${iproute2}/sbin/ip"
+    ];
+
+    nativeBuildInputs = oldAttrs.nativeBuildInputs or [ ] ++ [
+      autoconf
+      automake
+    ];
+
+    patches = oldAttrs.patches or [ ] ++ [
+      # look at compare to find the relevant commits
+      # https://github.com/OpenVPN/openvpn/compare/release/2.5...mullvad:mullvad-patches
+      # used openvpn version is the latest tag ending with -mullvad
+      # https://github.com/mullvad/openvpn/tags
+      (fetchMullvadPatch {
+        # "Reduce PUSH_REQUEST_INTERVAL to one second"
+        commit = "41e44158fc71bb6cc8cc6edb6ada3307765a12e8";
+        sha256 = "sha256-UoH0V6gTPdEuybFkWxdaB4zomt7rZeEUyXs9hVPbLb4=";
+      })
+      (fetchMullvadPatch {
+        # "Allow auth plugins to set a failure reason"
+        commit = "f51781c601e8c72ae107deaf25bf66f7c193e9cd";
+        sha256 = "sha256-+kwG0YElL16T0e+avHlI8gNQdAxneRS6fylv7QXvC1s=";
+      })
+      (fetchMullvadPatch {
+        # "Send an event to any plugins when authentication fails"
+        commit = "c2f810f966f2ffd68564d940b5b8946ea6007d5a";
+        sha256 = "sha256-PsKIxYwpLD66YaIpntXJM8OGcObyWBSAJsQ60ojvj30=";
+      })
+      (fetchMullvadPatch {
+        # "Shutdown when STDIN is closed"
+        commit = "879d6a3c0288b5443bbe1b94261655c329fc2e0e";
+        sha256 = "sha256-pRFY4r+b91/xAKXx6u5GLzouQySXuO5gH0kMGm77a3c=";
+      })
+      (fetchMullvadPatch {
+        # "Update TAP hardware ID"
+        commit = "7f71b37a3b25bec0b33a0e29780c222aef869e9d";
+        sha256 = "sha256-RF/GvD/ZvhLdt34wDdUT/yxa+IVWx0eY6WRdNWXxXeQ=";
+      })
+      (fetchMullvadPatch {
+        # "Undo dependency on Python docutils"
+        commit = "abd3c6214529d9f4143cc92dd874d8743abea17c";
+        sha256 = "sha256-SC2RlpWHUDMAEKap1t60dC4hmalk3vok6xY+/xhC2U0=";
+      })
+      (fetchMullvadPatch {
+        # "Prevent signal when stdin is closed from being cleared (#10)"
+        commit = "b45b090c81e7b4f2dc938642af7a1e12f699f5c5";
+        sha256 = "sha256-KPTFmbuJhMI+AvaRuu30CPPLQAXiE/VApxlUCqbZFls=";
+      })
+    ];
+
+    meta = oldAttrs.meta or { } // {
+      description = "OpenVPN with Mullvad-specific patches applied";
+      homepage = "https://github.com/mullvad/openvpn";
+      maintainers = with lib; [ maintainers.cole-h ];
+    };
+  })