diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..ef377d9
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,4 @@
+{
+  pkgs ? import (import ./npins).nixpkgs { },
+}:
+pkgs.callPackage ./package.nix {}
diff --git a/module.nix b/module.nix
new file mode 100644
index 0000000..df39011
--- /dev/null
+++ b/module.nix
@@ -0,0 +1,82 @@
+{ pkgs, config, lib, ... }:
+let
+  cfg = config.services.signal-irc-bridge;
+  mkSystemdRunOptions = opts: lib.escapeShellArgs (lib.mapAttrsToList (k: v: "-p${k}=${builtins.toString v}") opts);
+  commonServiceOptions = {
+    DynamicUser = true;
+    User = "signal-irc-client";
+    StateDirectory = "signal-cli";
+    RuntimeDirectory = "signal-cli";
+
+    PrivateDevices=true;
+    PrivateTmp=true;
+    ProtectControlGroups=true;
+    ProtectKernelTunables=true;
+    RestrictSUIDSGID=true;
+
+    ProtectSystem="strict";
+    ProtectKernelLogs=true;
+    ProtectProc="invisible";
+    PrivateUsers=true;
+    ProtectHome=true;
+    UMask="0077";
+    RuntimeDirectoryMode="0750";
+    StateDirectoryMode="0750";
+  };
+  signal-cli-bridge-wrapper = pkgs.writeShellApplication {
+    name = "signal-cli-bridge-wrapper";
+    text = ''
+      systemd-run ${mkSystemdRunOptions commonServiceOptions} --pty --pipe --unit="signal-cli-bridge"  ${lib.getExe pkgs.signal-cli} --config "\''${STATE_DIRECTORY}"/signal-cli-config/  "$@"
+    '';
+  };
+in {
+  options = {
+    services.signal-irc-bridge = {
+      enable = lib.mkEnableOption "signal-irc bridge";
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.signal-irc-bridge;
+      };
+      configFile = lib.mkOption {
+        type = lib.types.path;
+        description = "Path to the toml config file";
+      };
+    };
+  };
+
+  config = {
+
+    nixpkgs.overlays = [
+      (import ./overlay.nix)
+    ];
+
+    systemd.services = lib.mkIf cfg.enable {
+      signal-irc-bridge = {
+        environment = {
+          CONFIG_PATH = cfg.configFile;
+        };
+        unitConfig = {
+          BindsTo = [ "signal-irc-bridge-signal-cli.service" ];
+          After = [ "signal-irc-bridge-signal-cli.service" ];
+        };
+        serviceConfig = commonServiceOptions // {
+          ExecStart = "${lib.getExe cfg.package}";
+          Restart = "always";
+          RestartSec= "5s";
+          StateDirectory = "signal-irc";
+          RuntimeDirectory = "signal-irc";
+        };
+      };
+      signal-irc-bridge-signal-cli = {
+        serviceConfig = commonServiceOptions // {
+          ExecStart = "${lib.getExe pkgs.signal-cli} --config \"\${STATE_DIRECTORY}\"/signal-cli-config/ daemon --socket \"\${RUNTIME_DIRECTORY}\"/socket --receive-mode=manual";
+          Restart = "always";
+          RestartSec= "5s";
+        };
+      };
+    };
+    environment.systemPackages = lib.mkIf cfg.enable [
+      signal-cli-bridge-wrapper
+    ];
+  };
+}
diff --git a/overlay.nix b/overlay.nix
new file mode 100644
index 0000000..2df67f0
--- /dev/null
+++ b/overlay.nix
@@ -0,0 +1,3 @@
+final: prev: {
+  signal-irc-bridge = final.callPackage ./package.nix {};
+}
diff --git a/package.nix b/package.nix
new file mode 100644
index 0000000..7442df3
--- /dev/null
+++ b/package.nix
@@ -0,0 +1,25 @@
+{ lib, openssl, pkg-config, rustPlatform }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "signal-irc-bridge";
+  version = "0.1";
+
+  src =
+    with lib.fileset;
+    toSource {
+      root = ./.;
+      fileset =
+        intersection (gitTracked ./.) (fileFilter (file: !file.hasExt "nix") ./.);
+    };
+
+    nativeBuildInputs = [
+
+    pkg-config
+  ];
+
+    buildInputs = [
+    openssl
+    ];
+
+  cargoHash = "sha256-J7+o6krHuK3CwwOIcDfm0s6F0cmviFQhSHpdKpXsa/g=";
+}