diff --git a/pkgs/tools/networking/opensnitch/daemon.nix b/pkgs/tools/networking/opensnitch/daemon.nix
index d7359ea0e70c..31057a8f5271 100644
--- a/pkgs/tools/networking/opensnitch/daemon.nix
+++ b/pkgs/tools/networking/opensnitch/daemon.nix
@@ -5,6 +5,8 @@
 , libnetfilter_queue
 , libnfnetlink
 , lib
+, coreutils
+, iptables
 }:
 
 buildGoModule rec {
@@ -32,6 +34,12 @@ buildGoModule rec {
 
   postBuild = ''
     mv $GOPATH/bin/daemon $GOPATH/bin/opensnitchd
+    mkdir -p $out/lib/systemd/system
+    substitute opensnitchd.service $out/lib/systemd/system/opensnitchd.service \
+      --replace "/usr/local/bin/opensnitchd" "$out/bin/opensnitchd" \
+      --replace "/etc/opensnitchd/rules" "/var/lib/opensnitch/rules" \
+      --replace "/bin/mkdir" "${coreutils}/bin/mkdir"
+    sed -i '/\[Service\]/a Environment=PATH=${iptables}/bin' $out/lib/systemd/system/opensnitchd.service
   '';
 
   vendorSha256 = "sha256-LMwQBFkHg1sWIUITLOX2FZi5QUfOivvrkcl9ELO3Trk=";