# Packaging `rnsd` and `lxmd` on NixOS _Help · started by p1ld7a on Sun, Jun 14, 2026 6:04 AM_ --- ## Original post **p1ld7a** · Sun, Jun 14, 2026 6:04 AM Hello, I have been contributing to the [`NixOS/nixpkgs`](https://github.com/NixOS/nixpkgs) project as a maintainer for several years. Although I only started exploring Reticulum properly about 2 weeks ago (spoiler: I love it!), contributing support for the `rnsd` and `lxmd` services to NixOS project felt like an obvious next step. However, I have reached a roadblock, and I have not been able to find a clear answer in the documentation. My intention is to run `rnsd` and `lxmd` as 2 **fully independent systemd services**, each with `DynamicUser=true`. Running `rnsd` this way is straightforward, and I have encountered no issues with it. However, I am unsure how `lxmd` should be configured so that it can communicate with the existing `rnsd` daemon. What is the minimal `lxmd` configuration required to connect to and use an already-running `rnsd` instance? I noticed that we could use a shared instance, using socket or TCP. In that case, what is the minimal configuration of `lxmd` to use to connect using socket or TCP ? Find my PR at https://github.com/NixOS/nixpkgs/pull/530406 Thank you in advance for your help ! --- ## Reply 1 **falafool** · Sun, Jun 14, 2026 8:42 AM from my understanding: --rnsconfig flag exists for the existing rns season or rnsd deamon --config flag exists for additional programs that should connect to the session --- ## Reply 2 **falafool** · Sun, Jun 14, 2026 8:42 AM session* no season --- ## Reply 3 **falafool** · Sun, Jun 14, 2026 8:48 AM https://reticulum.miraheze.org/wiki/RNS#Security_hardening looks interesting --- ## Reply 4 **p1ld7a** · Sun, Jun 14, 2026 10:31 AM Thanks for the link. Using an additional `BackboneInterface` is indeed a neat idea! When hardening services with systemd using `DynamicUser` and `StateDirectory`, each daemon runs under its own dynamically allocated, unprivileged user and owns its dedicated state directory, typically `/var/lib/`. As a result, the user running `rnsd` cannot access the state directory owned by `lxmd`, and vice versa. Therefore, having `lxmd` use `--rnsconfig ` to access the configuration or state of the `rnsd` service is not really a viable option. This is why I would like to understand precisely how `lxmd` can be configured to use an existing, shared `rnsd` instance while keeping both services properly isolated. The more details I can gather about the expected communication mechanism and minimal configuration, the better I can design the corresponding NixOS services instead of relying on an ad hoc setup. --- ## Reply 5 **falafool** · Sun, Jun 14, 2026 10:37 AM Cool although I'm not a NixOs user would be awesome for other distros (like arch) too... Can't you use a shared directory like /etc/? --- ## Reply 6 **falafool** · Sun, Jun 14, 2026 10:46 AM BindPaths or BindReadOnlyPaths seem to be interesting in that regard. You can configure it to only be allowed to read in the shared directory But I think you're more knowledgeable in that regard. --- ## Reply 7 **p1ld7a** · Sun, Jun 14, 2026 10:47 AM > Can't you use a shared directory like /etc/? I have been trying, sadly `rnsd` and `lxmd` need to have write access to that directory, so this is not a viable option. --- ## Reply 8 **p1ld7a** · Sun, Jun 14, 2026 11:03 AM I have to admit that I don't really like the idea of "sharing" a directory between 2 services. If there's a better alternative, I will definitely use that. When everything will be done, running `rnsd` and `lxmd` services will boil down to adding: ```nix { services.rnsd = { enable = true; settings = { reticulum = { enable_transport = true; share_instance = true; instance_name = "default"; shared_instance_type = "unix"; }; interfaces = { auto = { type = "AutoInterface"; enabled = true; }; }; }; transportIdentityFile = ""; extraGroups = [ "dialout" ]; }; services.lxmd = { enable = true; settings = { propagation-node = { autopeer = true; }; }; rnsd = { settings = { reticulum = { is_shared_instance = true; enable_transport = true; instance_name = "default"; shared_instance_type = "unix"; }; interfaces = { auto = { type = "AutoInterface"; enabled = true; }; }; }; transportIdentifyFile = ""; }; identityFile = ""; }; networking.firewall.allowedTCPPorts = [ 4242 ]; } ``` This snippet is what I am already using on [my server](https://github.com/drupol/infra/blob/master/modules/reticulum/reticulum-server.nix) successfully so far... and you can see that the only way to get `lxmd` use the shared `rnsd` instance is to use the same `rnsd` config file in both services. I am pretty sure there's a better way to do that. --- ## Reply 9 **p1ld7a** · Mon, Jun 15, 2026 10:04 AM I added some help on how to setup the services: https://github.com/NixOS/nixpkgs/pull/530406 Rendered views: - rnsd: https://github.com/drupol/nixpkgs/blob/push-mntwnvrylymq/nixos/modules/services/networking/rnsd.md - lxmd: https://github.com/drupol/nixpkgs/blob/push-mntwnvrylymq/nixos/modules/services/networking/lxmd.md Comments and feedback are more than welcome. ---