Hi all
Can anyone help me to get my VPN to work? I use Surfshark but the only download options I’ve got are flatpak or snap and when I’ve tried the flatpak, I can login but get no connection.
Can anyone help?
Using OpenVPN or WireGuard with Surfshark’s config seems like the best option for you.
You can use pkgs.fetchurl to get the config files from their API and put them into services.openvpn.servers.
Here’s a minimal example for OpenVPN:
{ lib, pkgs, ... }:
let
configs = pkgs.stdenv.mkDerivation {
name = "surfshark-configs";
src = pkgs.fetchurl {
url = "https://my.surfshark.com/vpn/api/v1/server/configurations";
sha256 = lib.fakeSha256; # Replace this with the actual hash.
};
nativeBuildInputs = [ pkgs.unzip ];
installPhase = ''
mkdir -p output
unzip $src -d output
# You can use `sed` here to input a path your credentials (using agenix for example).
mkdir -p $out
mv output/* $out
'';
};
files = builtins.attrNames (builtins.readDir "${configs}");
servers = builtins.listToAttrs (map (file:
let name = lib.removeSuffix ".ovpn" file;
in {
inherit name;
value = {
config = "config ${configs}/${file}";
autoStart = false;
};
}) files);
in
{
# If you're using NetworkManager
networking.networkmanager.plugins = [ pkgs.networkmanager-openvpn ];
services.openvpn.servers = servers;
}
Don’t forget to flag this reply as the solution if it answers your question.
Hi, thanks for your reply. Sorry for my late reply, I was having some issues with certain packages (Digikam mainly) as there was an issue with a library which seems to have now been fixed.
I’ve tried using the config you specified above (changing the hash) but I’m getting these errors and can’t figure out where it’s going wrong. Could you please help?
building the system configuration...
building '/nix/store/7v326pnfqvvp4v2mv3aplmmfakw9992b-surfshark-configs.drv'...
Running phase: unpackPhase
unpacking source archive /nix/store/dqg74pk1y0rxzl8hndzi3l9f659svd59-configurations
do not know how to unpack source archive /nix/store/dqg74pk1y0rxzl8hndzi3l9f659svd59-configurations
error:
… while calling the 'head' builtin
at /nix/store/9f5dwv7fmimdas0by3iw40pxnnrx9avf-nixos/nixos/lib/attrsets.nix:1696:13:
1695| if length values == 1 || pred here (elemAt values 1) (head values) then
1696| head values
| ^
1697| else
… while evaluating the attribute 'value'
at /nix/store/9f5dwv7fmimdas0by3iw40pxnnrx9avf-nixos/nixos/lib/modules.nix:1118:7:
1117| // {
1118| value = addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
1119| inherit (res.defsFinal') highestPrio;
… while evaluating the option `system.build.toplevel':
… while evaluating definitions from `/nix/store/9f5dwv7fmimdas0by3iw40pxnnrx9avf-nixos/nixos/nixos/modules/system/activation/top-level.nix':
… while evaluating the option `assertions':
… while evaluating definitions from `/nix/store/9f5dwv7fmimdas0by3iw40pxnnrx9avf-nixos/nixos/nixos/modules/system/boot/systemd.nix':
… while evaluating the option `systemd.services':
… while evaluating definitions from `/nix/store/9f5dwv7fmimdas0by3iw40pxnnrx9avf-nixos/nixos/nixos/modules/services/networking/openvpn.nix':
… while evaluating the option `services.openvpn.servers':
… while evaluating definitions from `/etc/nixos/vpn.nix':
(stack trace truncated; use '--show-trace' to show the full, detailed trace)
error: Cannot build '/nix/store/7v326pnfqvvp4v2mv3aplmmfakw9992b-surfshark-configs.drv'.
Reason: builder failed with exit code 1.
Output paths:
/nix/store/hy8j4lp20gq2jwbl36wx691ghcd48glr-surfshark-configs
Command 'nix-build '<nixpkgs/nixos>' --attr config.system.build.toplevel --no-out-link' returned non-zero exit status 100.
Forgot to say, I’m still new to NixOS so I’ve put this config into a file called vpn.nix and added it as an import in configuration.nix so I might be doing something wrong.
This needs to go in unpackPhase instead of installPhase, I believe.
mkdir -p output
unzip $src -d output
2 Likes
Oh, yes, sorry. Here’s the updated working version:
{ lib, pkgs, ... }:
let
configs = pkgs.stdenv.mkDerivation {
name = "surfshark-configs";
src = pkgs.fetchurl {
url = "https://my.surfshark.com/vpn/api/v1/server/configurations";
sha256 = lib.fakeSha256; # Replace this with the actual hash.
};
nativeBuildInputs = [ pkgs.unzip ];
unpackPhase = ''
mkdir -p output
unzip $src -d output
'';
# You can use `sed` in `patchPhase` here to input a path your credentials (using agenix for example).
installPhase = ''
mkdir -p $out
mv output/* $out
'';
};
files = builtins.attrNames (builtins.readDir "${configs}");
servers = builtins.listToAttrs (map (file:
let name = lib.removeSuffix ".ovpn" file;
in {
inherit name;
value = {
config = "config ${configs}/${file}";
autoStart = false;
};
}) files);
in
{
# If you're using NetworkManager
networking.networkmanager.plugins = [ pkgs.networkmanager-openvpn ];
services.openvpn.servers = servers;
}
Don’t forget to flag this reply as the solution if it answers your question.
Thank you both, this is the first time I’ve ever used surfshark without the GUI, how do I go about connecting? The instructions on their page don’t work.
So sorry to be a nuisance
You can follow the wiki on OpenVPN from here.
If you’re using NetworkManager, you can connect from there with either a GUI (like GNOME settings) or nmtui/cli.
Or you can start a config directly as a systemd service, so first do systemctl list-units | grep openvpn to list your configs (might need sudo) and then systemctl start openvpn-server-name.
So sorry to be a nuisance
You’re not 