[Help]: What is the correct path in nixos?

[tbaumann]

Version in use.

nixpkgs-unstable

Your Linux distribution.

NixOS 23.05 nixpkgs-unstable

Your systemd version.

systemd 254 (254.3)

Your network management software.

systemd-networkd

Please describe the issue.

I can't find the correct path of the executable in nixpkgs-unstable

/usr/local/libexec/openvpn/update-systemd-resolved doesn't exist. It's also not in $PATH

What location should I use in my openvpn config?

Output of resolvectl status.

No response

Other helpful details.

No response

I have read and followed relevant documentation.

• [ ] (If reporting DNS leakage) I have read the "DNS Leakage" README section.
• [ ] (If you are using NetworkManager) I have read the known issues with NetworkManager.

[tomeon]

@tbaumann --

$ find "$(nix build --print-out-paths --no-link 'nixpkgs#update-systemd-resolved')" -type f -executable
/nix/store/065w6bzgmvmc2jjb43vk5kd0yazkdvh2-update-systemd-resolved-1.3.0/libexec/openvpn/update-systemd-resolved

I'd suggest using ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved in your OpenVPN configs, if possible (e.g. if you configure your OpenVPN instances with the services.openvpn NixOS module). Otherwise you could add update-systemd-resolved to environment.systemPackages and use /run/current-system/sw/libexec/openvpn/update-systemd-resolved in your OpenVPN configs.

Alternatively, you could use the programs.update-systemd-resolved module that this project now provides.

[tbaumann]

$ find "$(nix build --print-out-paths --no-link 'nixpkgs#update-systemd-resolved')" -type f -executable
/nix/store/065w6bzgmvmc2jjb43vk5kd0yazkdvh2-update-systemd-resolved-1.3.0/libexec/openvpn/update-systemd-resolved

Could do

I'd suggest using ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved in your OpenVPN configs, if possible (e.g. if you configure your OpenVPN instances with the services.openvpn NixOS module).

My config is not nix managed at the moment. That won't work (yet)

Otherwise you could add update-systemd-resolved to environment.systemPackages and use /run/current-system/sw/libexec/openvpn/update-systemd-resolved in your OpenVPN configs.

Interestingly I had that all along. But I don't have those paths.

Alternatively, you could use the programs.update-systemd-resolved module that [this project now provides]

Looks like I should use upstream. I shall try to add it to my flake.

[tbaumann]

Pulling the flake strangely didn't change anything. I don't have programs.update-systemd-resolved and no executables linked in /run/current-system/sw/

I made sure to have

modules = [
   inputs.update-systemd-resolved.nixosModules.update-systemd-resolved
   [...]

in my nixosConfiguration

In fact I don't even have the entire libexec path

› ls /run/current-system/sw/libexec
ls: cannot access '/run/current-system/sw/libexec': No such file or directory

[tomeon]

Pulling the flake strangely didn't change anything.

Given that you aren't managing your OpenVPN instances with the NixOS module system, using our NixOS module isn't going to help. programs.update-systemd-resolved is meant to integrate with services.openvpn; see here for an example.

In fact I don't even have the entire libexec path

Sounds like you need environment.pathsToLink.

[tomeon]

@tbaumann -- FWIW, in the past I've used something like the following to adapt a non-Nix-specific OpenVPN configuration into my NixOS configuration:

{pkgs, ...}: {
  services.openvpn.servers.my-instance.config = ''
    config /path/to/the/existing/openvpn.conf
    script-security 2
    up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
    up-restart
    down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
    down-pre
  '';
}

[tbaumann]

Ah sorry I forgot yo close this up.

environment.pathsToLink = [ "/libexec" ];

Works well for me. Perhaps a worthwhile doku hint...

I might try to manage my config via Nix, but it's all a bit idiosyncratic how I use it so that doesn't make much sense yet. (I'm passing my password and OTP in via a script)