wip wip wip

testing out the suggestions in
`https://github.com/OpenVPN/openvpn3-linux/issues/208`

overlays/default.nix

@@ -1,3 +1,14 @@
+let
+  pkgsWithOpenvpn3 = import
+    (builtins.fetchGit {
+      # Descriptive name to make the store path easier to identify
+      name = "nixpkgs-with-openvpn3-21";
+      url = "https://github.com/jfly/nixpkgs/";
+      ref = "upgrade-openvpn3";
+      rev = "5e5319a2b01f4aa39dc99a7d7a1b70bacfe60f24";
+    })
+    { system = "x86_64-linux"; };
+in
 [
   (
     self: super:
@@ -59,6 +70,17 @@
             if builtins.pathExists (absoluteRepoPath encrypted) then builtins.readFile (absoluteRepoPath encrypted) else builtins.trace missingMsg missingMsg
           );
         };
+
+        # >>> <<<<
+        #<<< openvpn3 = pkgsWithOpenvpn3.openvpn3;
+
+        openvpn3 = pkgsWithOpenvpn3.openvpn3.overrideAttrs (oldAttrs: {
+          patches = [ ../ovpn3.diff ];
+        });
+
+        #<<< openvpn3 = super.openvpn3.overrideAttrs (oldAttrs: {
+        #<<<   #<<< patches = [ ../ovpn3.diff ];
+        #<<< });
       }
   )
 ]

ovpn3-core.diff

@@ -0,0 +1,46 @@
+diff --git a/openvpn/tun/client/tunprop.hpp b/openvpn/tun/client/tunprop.hpp
+index e830d9cd..0eeb7c1b 100644
+--- a/openvpn/tun/client/tunprop.hpp
++++ b/openvpn/tun/client/tunprop.hpp
+@@ -546,9 +546,8 @@ class TunProp
+         DnsOptions dns_options(opt);
+         for (const auto &domain : dns_options.search_domains)
+         {
+-            if (!tb->tun_builder_set_adapter_domain_suffix(domain))
+-                throw tun_prop_dhcp_option_error("tun_builder_set_adapter_domain_suffix");
+-            break; // use only the first domain for now
++            if (!tb->tun_builder_add_search_domain(domain))
++                throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed");
+         }
+         for (const auto &keyval : dns_options.servers)
+         {
+@@ -565,11 +564,6 @@ class TunProp
+                     throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed");
+                 flags |= F_ADD_DNS;
+             }
+-            for (const auto &domain : server.domains)
+-            {
+-                if (!tb->tun_builder_add_search_domain(domain))
+-                    throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed");
+-            }
+         }
+
+         OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
+@@ -595,7 +589,7 @@ class TunProp
+                             throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed");
+                         flags |= F_ADD_DNS;
+                     }
+-                    else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.servers.empty())
++                    else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.search_domains.empty())
+                     {
+                         o.min_args(3);
+                         for (size_t j = 2; j < o.size(); ++j)
+@@ -609,7 +603,7 @@ class TunProp
+                             }
+                         }
+                     }
+-                    else if (type == "ADAPTER_DOMAIN_SUFFIX" && dns_options.search_domains.empty())
++                    else if (type == "ADAPTER_DOMAIN_SUFFIX")
+                     {
+                         o.exact_args(3);
+                         const std::string &adapter_domain_suffix = o.get(2, 256);

ovpn3.diff

@@ -0,0 +1,84 @@
+diff --git a/src/netcfg/dns/resolver-settings.cpp b/src/netcfg/dns/resolver-settings.cpp
+index 4c1ee9c..26b784f 100644
+--- a/src/netcfg/dns/resolver-settings.cpp
++++ b/src/netcfg/dns/resolver-settings.cpp
+@@ -231,7 +231,7 @@ const std::string ResolverSettings::AddNameServers(GVariant *params)
+ }
+
+
+-void ResolverSettings::AddSearchDomains(GVariant *params)
++const std::string ResolverSettings::AddSearchDomains(GVariant *params)
+ {
+     std::string params_type(g_variant_get_type_string(params));
+     if ("(as)" != params_type)
+@@ -247,6 +247,7 @@ void ResolverSettings::AddSearchDomains(GVariant *params)
+     }
+
+     GVariant *srchdom = nullptr;
++    std::string ret;
+     while ((srchdom = g_variant_iter_next_value(srchlist)))
+     {
+         gsize len;
+@@ -260,10 +261,13 @@ void ResolverSettings::AddSearchDomains(GVariant *params)
+         {
+             search_domains.push_back(v);
+         }
++        ret += (!ret.empty() ? ", " : "") + v;
+
+         g_variant_unref(srchdom);
+     }
+     g_variant_iter_free(srchlist);
++
++    return ret;
+ }
+ } // namespace DNS
+ } // namespace NetCfg
+diff --git a/src/netcfg/dns/resolver-settings.hpp b/src/netcfg/dns/resolver-settings.hpp
+index 9fe76cc..d3910ea 100644
+--- a/src/netcfg/dns/resolver-settings.hpp
++++ b/src/netcfg/dns/resolver-settings.hpp
+@@ -302,8 +302,11 @@ class ResolverSettings
+      *
+      * @param params  GVariant object containing an (as) based string
+      *                array of elements to process
++     *
++     * @returns Returns a std::string list of added DNS search domains,
++     *          comma separated
+      */
+-    void AddSearchDomains(GVariant *params);
++    const std::string AddSearchDomains(GVariant *params);
+ #endif
+
+
+diff --git a/src/netcfg/dns/systemd-resolved.cpp b/src/netcfg/dns/systemd-resolved.cpp
+index aeb2139..86982f9 100644
+--- a/src/netcfg/dns/systemd-resolved.cpp
++++ b/src/netcfg/dns/systemd-resolved.cpp
+@@ -116,6 +116,13 @@ void SystemdResolved::Commit(NetCfgSignals *signal)
+                 upd.link->SetDNSServers(upd.resolver);
+                 signal->LogVerb2("systemd-resolved: [" + upd.link->GetPath()
+                                  + "] Committing DNS search domains");
++
++                //<<<
++                for (const auto &dom : upd.search)
++                {
++                    signal->LogVerb2("systemd-resolved: dom.search: [" + dom.search + "]");
++                }
++                //<<<
+                 upd.link->SetDomains(upd.search);
+                 upd.link->SetDefaultRoute(upd.default_routing);
+             }
+diff --git a/src/netcfg/netcfg-device.hpp b/src/netcfg/netcfg-device.hpp
+index c119128..f31ed6a 100644
+--- a/src/netcfg/netcfg-device.hpp
++++ b/src/netcfg/netcfg-device.hpp
+@@ -411,7 +411,8 @@ class NetCfgDevice : public DBusObject,
+                 }
+
+                 // Adds DNS search domains
+-                dnsconfig->AddSearchDomains(params);
++                std::string added = dnsconfig->AddSearchDomains(params);
++                signal.Debug(device_name, "Added DNS Search Domains: " + added);
+                 modified = true;
+             }
+ #ifdef ENABLE_OVPNDCO

shared/homies/bin/h4vpn

@@ -27,4 +27,6 @@ function toggle() {
 # If we don't get an answer there, we could implement this with a custom script.
 # See script documentation here: https://github.com/OpenVPN/openvpn3-linux/blob/master/docs/man/openvpn2.1.rst#script-execution
 # The command to run will be something like: `sudo resolvectl domain tun0 '~honorcare.com'`.
+#
+# <<< OR: `sudo resolvectl default-route tun0 false` >>>
 toggle ~/sync/linux-secrets/h4-vpn/ovpn-access-server.ovpn

shared/polybar-openvpn3/default.nix

@@ -9,14 +9,15 @@ with pkgs.python3Packages; buildPythonApplication {
   src = ./.;
 
   propagatedBuildInputs = pkgs.openvpn3.pythonPath ++ [
-    (pkgs.openvpn3.overrideAttrs (oldAttrs: {
-      patches = [
-        # TODO: remove this when v21 of openvpn3 lands on nixpkgs-unstable.
-        (pkgs.fetchpatch {
-          url = "https://github.com/OpenVPN/openvpn3-linux/commit/ba6fe37e7e28d1e633b56052383da3072f03c11e.patch";
-          sha256 = "sha256-MBXDEfeyg0VQGp9GYcpTZyLB0h6LX1qlaqZSDhOAJgQ=";
-        })
-      ];
-    }))
+    pkgs.openvpn3
+    #<<< (pkgs.openvpn3.overrideAttrs (oldAttrs: {
+    #<<<   patches = [
+    #<<<     # TODO: remove this when v21 of openvpn3 lands on nixpkgs-unstable.
+    #<<<     (pkgs.fetchpatch {
+    #<<<       url = "https://github.com/OpenVPN/openvpn3-linux/commit/ba6fe37e7e28d1e633b56052383da3072f03c11e.patch";
+    #<<<       sha256 = "sha256-MBXDEfeyg0VQGp9GYcpTZyLB0h6LX1qlaqZSDhOAJgQ=";
+    #<<<     })
+    #<<<   ];
+    #<<< }))
   ];
 }