Can't start cloudflare warp-cli

Luga · November 15, 2022, 4:45pm

warp-cli register
Unable to connect to CloudflareWARP daemon. Maybe the daemon is not running?

and I typed the command to start the service

sudo systemctl enable --now warp-svc.service
Failed to enable unit: Unit file warp-svc.service does not exist.

usually can on other linux distro but on nixos the command can’t. Can you help fix this problem?

tobiasBora · November 15, 2022, 6:03pm

Seems like this is a know issue, a workaround seems to be provided here to manually start the service without systemd. To better solve this issue, a Pull Request is waiting for review since one month here. Maybe you can try it out and help the reviewing process to go further?

To test it, the simplest is certainly to manually create the file cloudflare-warp.nix as describe here and add this file to your imports like:

imports = [
  # …
  ./cloudflare-warp.nix
];
services.cloudflare-warp = {
  enable = true;
  certificate = ./Cloudflare_CA.crt; # download here https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/install-cloudflare-cert/
};

WolfangAukang · November 15, 2022, 9:50pm

I maintain cloudflare-warp. Yes, the problem is that the service, although contained on the package, will not work. The only way to use it on that case would be running the warp-svc on the background and then run the rest of commands through warp-cli. That’s why the module (the one linked by @tobiasBora) was created, to specifically move that service to /etc/systemd and make it available (which is why on NixOS it works differently compared to the other distros).

Feel free to try the module and see if it works.

Luga · January 15, 2023, 5:25pm

sudo nixos-rebuild switch instead appears erorr like this

error: builder for ‘/nix/store/h82pgsnl6a05s2bxw32bhy6vccgqdcp7-nss-cacert-3.86.drv’ failed with exit code 1
error: 1 dependencies of derivation ‘/nix/store/z2v318zraq18kg4j9qbx7wwyy3hp1fd5-etc.drv’ failed to build
error: 1 dependencies of derivation ‘/nix/store/ga0zw4rk5g026rbza93cc1xg0qlw3njp-nixos-system-nixos-22.11.1580.e285dd0ca97.drv’ failed to build

Luga · January 15, 2023, 5:31pm

the config that I use is like this

AMZ-X · January 15, 2023, 7:33pm

I have gotten this to work, but it’s not 100% reproducible. You have to download the CA Certificate and point it to the downloaded file in the config.

I have this section commented in my config:

github.com

amz-x/nixos-config/blob/7712a68b7c2d95a7e3bf8fec5618777f6c248a5f/modules/vpn.nix

#
#  Specific system VPN configuration settings module
#
#  flake.nix
#   ├─ ./darwin
#   │   ├─ ./configuration.nix
#   │   ├─ ./default.nix
#   │   └─ ./home.nix
#   │
#   ├─ ./hosts
#   │   ├─ ./default.nix
#   │   ├─ ./home.nix
#   │   └─ ./desktop
#   │        ├─ default.nix
#   │        └─ hardware.nix
#   │
#   └─ ./modules
#       ├─ ./home-manager
#       │    ├─ direnv.nix
#       │    ├─ git.nix

This file has been truncated. show original

adwinwhite · August 18, 2023, 12:32am

The certificate file should be .pem rather than .crt format.
That’s what buildcatrust accepts which is used to generate certificates in NixOS.