You could just use plain wiregaurd built into the linux kernel... Download a tiny config from mullvad (there is a separate config for each server), pop it in `/etc/wiregaurd`, `chmod 600` and `chown root:root` it and use the `wg-quick` command to bring it up e.g `wg-quick up config-name`. That's it, no appy apps needed. I believe this is all the apps are doing, they just make it easier by retrieving and installing the configs for you and of course add more attack vectors in the process.

This is how i use wiregaurd and it's pretty easy via the wg-quick interface. If using systemd you can also generate a unit for a particular config to bring it up at boot with: `systemctl enable wg-quick@config-name` where config-name is whichever one you want from your /etc/wiregaurd dir.

If you want to be able to check a file to see it's up, e.g for i3status bar or something, you can use /sys like this: `/sys/devices/virtual/net/mullvad*/dev_id` i'm using a wildcard but you can be more specific if you aren't going to be changing configs.