OpenVPN with DNSCrypt

I’ve been trying to configure OpenVPN in combination with dnscrypt-proxy2, but with little to no success. Since I can’t use the resolv.conf file, this leads to conflict over DNS requests.

I already have a working dnscrypt-proxy2 configuration, so I would prefer to keep using it.

Show OpenVPN Configuration
services.openvpn.servers = {
  mullvad = {
    config = ''
      client
      dev tun
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      verb 3
      remote-cert-tls server
      ping 10
      ping-restart 60
      sndbuf 524288
      rcvbuf 524288
      cipher AES-256-GCM
      tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
      proto tcp
      auth-user-pass ${directory}/mullvad_userpass.txt
      ca ${directory}/mullvad_ca.crt
      script-security 2
      up ${pkgs.writeScript "openvpn-up-script" ''}
        #!${pkgs.runtimeShell}
        # Nothing here
      '';
      down ${pkgs.writeScript "openvpn-down-script" ''}
        #!${pkgs.runtimeShell}
        # Nothing here
      '';
      remote-random
      remote 141.98.255.83 443 
    '';
    autoStart = true;
  };
};

In order to “lie” about the resolv.conf file, I gave it some empty scripts.

Show dnscrypt-proxy Configuration
  networking.nameservers = [ "127.0.0.1" ];

  services.resolved.enable = false;
  services.dnscrypt-proxy2 = {
    enable = true;
    settings = {
      ipv4_servers = false;
      ipv6_servers = config.networking.enableIPv6;
      block_ipv6 = !(config.networking.enableIPv6);
      force_tcp = true;
      ignore_system_dns = true;
      proxy = "socks5://127.0.0.1:9050";

      ...
  };

  systemd.services = {
    dnscrypt-proxy2 = {
      serviceConfig = {
        StateDirectory = "dnscrypt-proxy";
        ReadWritePaths = "/persist/var/lib/dnscrypt-proxy";
      };
      after = ["tor.service"];
      requires = ["tor.service"];
    };
  };

I’ve seen Encrypted DNS - NixOS Wiki, but I can’t get it to work with OpenVPN. This discourse issue doesn’t help much either. For reference, my OpenVPN setup is using Mullvad. I’m well aware that services.mullvad-vpn exists, but it uses Wireguard and I would prefer to use the TCP port for Tor integration.