Help making a NixOS module for ssh-chat

ilikeavocadoes · May 2, 2020, 10:22am

I’m trying to package ssh-chat. The packaging was not hard, just a standard call of buildGoModule. ssh-chat being server side software, I also want to make a NixOS module for it. I’ve never written a NixOS module before, and there are some things I need help with. Here’s my current implementation of the module:

{ config, lib, pkgs, ... }:

with lib;

let cfg = config.services.ssh-chat;

in {
  options.services.ssh-chat = {
    enable = mkEnableOption "Chat over SSH";

    bind = mkOption {
      default = "0.0.0.0:2022";
      example = "0.0.0.0:22";
      type = types.str;
      description = "Host and port to listen on.";
    };

    admin = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "File of public keys who are admins.";
    };

    whitelist = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "Optional file of public keys who are allowed to connect.";
    };

    motd = mkOption {
      default = null;
      example = "";
      type = types.nullOr types.path;
      description = "Optional Message of the Day file.";
    };
  };

  config = mkIf cfg.enable {
    systemd.services.ssh-chat = {
      description = "Chat over SSH";
      after = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = ''
          ${pkgs.ssh-chat}/bin/ssh-chat \
          --identity=/etc/ssh/ssh_host_ed25519_key \
          --bind=${cfg.bind} \
          ${if isNull cfg.admin then "\\" else "--admin=${cfg.admin} \\"}
          ${if isNull cfg.whitelist then "\\" else "--whitelist=${cfg.whitelist} \\"}
          ${if isNull cfg.motd then "\\" else "--motd=${cfg.motd} \\"}
        '';
        Type = "simple";
        DynamicUser = true;
        Restart = "on-failure";
        StartLimitBurst = 5;
      };
    };
  };
}

My questions:

How should I supply a default ssh identity file? Is it ok to read /etc/ssh/ssh_host_ed25519_key? This would require using a sudo user to run ssh-chat. Or should I make a dedicated user for ssh-chat? How would I make sure the user has an ssh identity?
Should I prevent the ssh identity file from being copied to Nix store? How can I do this?
Do I need other options for Systemd?
ssh-chat can optionally save chat logs to a specified file. How can I make the logs readable to the system user if ssh-chat itself is run with another user?
Any other suggestions/comments?

Any and all feedback would be much appreciated!

nixinator · March 16, 2021, 9:52pm

Did you ever any success with this… If your still trying, i can probably take a look

ilikeavocadoes · April 3, 2021, 8:45pm

Thanks for the response! I never found answers to the questions I had in the first post, so I never succeeded in my efforts. During this time, someone seems to have packaged ssh-chat, but hasn’t made a NixOS module, which was the part where I struggled myself. If you have any answers or pointers to my questions, I’m happy to dig this up from dust and actually complete it!