Initial commit

.env.example

@@ -0,0 +1,3 @@
+TOKEN=NORDVPN_TOKEN
+# API_QUERY="https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"
+# DNS_SERVER=1.1.1.1

.gitignore

@@ -0,0 +1 @@
+.env

README.md

@@ -0,0 +1,17 @@
+# Get NordVPN WireGuard Config
+
+Use docker compose to construct wireguard config for NordVPN connections
+
+## Usage
+- Copy .env.example to .env `cp .env.example .env`
+- Update TOKEN variable within .env
+- API_QUERY for server has basic filters but can be changed as needed
+- DNS_SERVER is set to quad9 but can also be changed as needed
+- Start with compose `docker-compose up -d`
+- Config is available in output directory and container logs `docker logs nordvpn_get_wireguard_config`
+- Remove the container `docker-compose down`
+
+## Links
+[Script is based on this gist and its comments ](https://gist.github.com/bluewalk/7b3db071c488c82c604baf76a42eaad3)
+
+[Docker image is based on this NordVPN support article](https://support.nordvpn.com/Connectivity/Linux/1507838432/How-to-build-the-NordVPN-Docker-image.html)

build/Dockerfile

@@ -0,0 +1,19 @@
+FROM ubuntu:22.04
+
+ARG NORDVPN_VERSION=${NORDVPN_VERSION:-3.16.5}
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && \
+    apt-get install -y curl iputils-ping wireguard-tools jq && \
+    curl https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn-release_1.0.0_all.deb -o "/tmp/nordrepo.deb" && \
+    apt-get install -y /tmp/nordrepo.deb && \
+    apt-get update && \
+    apt-get install -y nordvpn${NORDVPN_VERSION:+=$NORDVPN_VERSION} && \
+    apt-get remove -y wget nordvpn-release && \
+    rm /tmp/nordrepo.deb && \
+    apt-get clean
+
+COPY get_wireguard_config.sh ./get_wireguard_config.sh
+
+ENTRYPOINT /etc/init.d/nordvpn start && sleep 5 && /bin/bash -c "$@"
+CMD ./get_wireguard_config.sh

build/get_wireguard_config.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Get the chosen server
+api_response=$(curl -s ${API_QUERY:-"https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1"})
+server_identifier=$(jq -r '.[]|.hostname' <<< "$api_response" | cut -d "." -f 1)
+server_hostname=$(jq -r '.[]|.hostname' <<< "$api_response")
+server_ip=$(jq -r '.[]|.station' <<< "$api_response")
+server_city=$(jq -r '.[]|(.locations|.[]|.country|.city.name)' <<< "$api_response")
+server_country=$(jq -r '.[]|(.locations|.[]|.country|.name)' <<< "$api_response")
+server_public_key=$(jq -r '.[]|(.technologies|.[].metadata|.[].value)' <<< "$api_response")
+
+echo "#################### Recommended Server ####################"
+echo "Server Identifier: $server_identifier"
+echo "Hostname: $server_hostname"
+echo "IP: $server_ip"
+echo "City: $server_city"
+echo "Country: $server_country"
+echo "Server Public Key: $server_public_key"
+echo "############################################################"
+echo ""
+
+# Get client details
+nordvpn login --token "${TOKEN}"
+nordvpn set technology NordLynx 2>&1 >/dev/null
+nordvpn connect "$server_identifier" 2>&1 >/dev/null
+
+client_private_key=$(wg show nordlynx private-key)
+client_ip_address=$(ip -o addr show dev nordlynx | awk '$3 == "inet" {print $4}')
+
+echo "###################### Client Details ######################"
+echo "Private Key: $client_private_key"
+echo "IP Address: $client_ip_address"
+echo "############################################################"
+echo ""
+
+# Construct config
+config=$(cat << EOF
+# Configuration for $server_hostname ($server_ip) - $server_city, $server_country
+[Interface]
+Address = $client_ip_address
+PrivateKey = $client_private_key
+DNS = ${DNS_SERVER:-9.9.9.9}
+
+[Peer]
+PublicKey = $server_public_key
+AllowedIPs = 0.0.0.0/0
+Endpoint = $server_hostname:51820
+EOF
+)
+
+echo "##################### WireGuard Config #####################"
+echo "$config"
+echo "############################################################"
+
+# Write config
+rm -f -r /output/*
+echo "$config" > "/output/nordvpn-$server_identifier.conf"
+
+# Disconnect
+nordvpn disconnect

docker-compose.yml

@@ -0,0 +1,16 @@
+
+services:
+
+  nordvpn_get_wireguard_config:
+    image: nordvpn_get_wireguard_config
+    build:
+      context: "./build"
+    container_name: nordvpn_get_wireguard_config
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TOKEN
+      - API_QUERY
+      - DNS_SERVER
+    volumes:
+      - ./output:/output

output/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore