One of the things I struggled with initailly when using immutables was installing programs like VPNS that need to interact with the immutable parts of the distro but don’t have a flatpak option. I figured I’d just make a post to help anyone with this specific issue regarding mullvad or if it helps people install other software they need.

Adding the repo

Jump into a location to download the repo file

cd Downloads/

Download the repo

wget https://repository.mullvad.net/rpm/stable/mullvad.repo

copy the repo file to the yum.repos.d folder

sudo cp mullvad.repo /etc/yum.repos.d

Install mullvad vpn

rpm-ostree install mullvad-vpn

Reboot to reimage

systemctl reboot

Join the client to the service

sudo systemctl enable --now mullvad-daemon

Install libappindicator that at the time wasn’t included in Kinoite

sudo rpm-ostree install libappindicator-gtk3

Reboot to reimage

systemctl reboot

  • stepanzak@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    21
    ·
    8 months ago

    I don’t know anything about immutable distros, but any good VPN provide Wireguard or OpenVPN config that you can just import into your network settings/manager. Mullvad does.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      8 months ago

      They do, but networkmanager doesnt have the necessary features like a block mode. Read my other comment.

      Btw there is a GNOME applet for mullvadvpn, so you dont need to use electron, just the background stuff.

  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    12
    ·
    edit-2
    8 months ago

    Very cool! Mullvad also updated their Linux install guides to reference the repos immediately, but they use dnf for whatever reason, making it unnecessarily complicated (issue report).

    Your commands where good and secure, but this is a quicker way

    curl https://repository.mullvad.net/rpm/stable/mullvad.repo` | sudo tee /etc/yum.repos.d/mullvad.repo
    
    rpm-ostree install --reboot mullvad-vpn libappindicator-gtk3
    
    systemctl enable --now mullvad-daemon
    

    You dont need sudo for rpm-ostree and systemctl, they work natively with polkit. In general you can replace sudo with pkexec in your shell config and have easier and more granular permission controls. But dont remove sudo, that will currently break at least some things like shutdown.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      10
      ·
      8 months ago

      Doesnt work. Networkmanager has no native concept of a “airtight VPN mode”.

      The mullvad daemon does stuff like

      • control DNS
      • block internet when not connected
      • prevent early boot connections

      Those require it to be privileged. For sure it would be nice to have all these features integrated into networkmanager, and vpn apps just placing their wireguard configs and DNS settings in there.

      But for now the Mullvad App is way better than what we have. You can also keep a very insecure DNS conf (no DNSSEC, no DOT, no custom servers) as a fallback for public wifi bs, and when the Mullvad app is running the system uses a secure DNS.