Help making a NixOS module for ssh-chat

I’m trying to package ssh-chat. The packaging was not hard, just a standard call of buildGoModule. ssh-chat being server side software, I also want to make a NixOS module for it. I’ve never written a NixOS module before, and there are some things I need help with. Here’s my current implementation of the module:

{ config, lib, pkgs, ... }:

with lib;

let cfg =;

in { = {
    enable = mkEnableOption "Chat over SSH";

    bind = mkOption {
      default = "";
      example = "";
      type = types.str;
      description = "Host and port to listen on.";

    admin = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "File of public keys who are admins.";

    whitelist = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "Optional file of public keys who are allowed to connect.";

    motd = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "Optional Message of the Day file.";

  config = mkIf cfg.enable { = {
      description = "Chat over SSH";
      after = [ "" ];
      wantedBy = [ "" ];
      serviceConfig = {
        ExecStart = ''
          ${pkgs.ssh-chat}/bin/ssh-chat \
          --identity=/etc/ssh/ssh_host_ed25519_key \
          --bind=${cfg.bind} \
          ${if isNull cfg.admin then "\\" else "--admin=${cfg.admin} \\"}
          ${if isNull cfg.whitelist then "\\" else "--whitelist=${cfg.whitelist} \\"}
          ${if isNull cfg.motd then "\\" else "--motd=${cfg.motd} \\"}
        Type = "simple";
        DynamicUser = true;
        Restart = "on-failure";
        StartLimitBurst = 5;

My questions:

  1. How should I supply a default ssh identity file? Is it ok to read /etc/ssh/ssh_host_ed25519_key? This would require using a sudo user to run ssh-chat. Or should I make a dedicated user for ssh-chat? How would I make sure the user has an ssh identity?
  2. Should I prevent the ssh identity file from being copied to Nix store? How can I do this?
  3. Do I need other options for Systemd?
  4. ssh-chat can optionally save chat logs to a specified file. How can I make the logs readable to the system user if ssh-chat itself is run with another user?
  5. Any other suggestions/comments?

Any and all feedback would be much appreciated!


Did you ever any success with this… If your still trying, i can probably take a look

Thanks for the response! I never found answers to the questions I had in the first post, so I never succeeded in my efforts. During this time, someone seems to have packaged ssh-chat, but hasn’t made a NixOS module, which was the part where I struggled myself. If you have any answers or pointers to my questions, I’m happy to dig this up from dust and actually complete it!