diff --git a/nixos/modules/services/networking/sslh.nix b/nixos/modules/services/networking/sslh.nix
index 2bfdfc89c880..e251571dca31 100644
--- a/nixos/modules/services/networking/sslh.nix
+++ b/nixos/modules/services/networking/sslh.nix
@@ -6,13 +6,13 @@ let
   cfg = config.services.sslh;
   configFile = pkgs.writeText "sslh.conf" ''
     verbose: ${if cfg.verbose then "true" else "false"};
-    foreground: false;
+    foreground: true;
     inetd: false;
     numeric: false;
     transparent: false;
     timeout: "${toString cfg.timeout}";
     user: "nobody";
-    pidfile: "/run/sslh.pid";
+    pidfile: "${cfg.pidfile}";
 
     listen:
     (
@@ -50,6 +50,12 @@ in
         description = "Timeout in seconds.";
       };
 
+      pidfile = mkOption {
+        type = types.path;
+        default = "/run/sslh.pid";
+        description = "PID file path for sslh daemon.";
+      };
+
       host = mkOption {
         type = types.str;
         default = config.networking.hostName;
@@ -77,7 +83,7 @@ in
       wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}";
       serviceConfig.KillMode = "process";
-      serviceConfig.PIDFile = "/run/sslh.pid";
+      serviceConfig.PIDFile = "${cfg.pidfile}";
     };
   };
 }
diff --git a/pkgs/servers/sslh/default.nix b/pkgs/servers/sslh/default.nix
index d646e28fb0f4..3f9aa4470f9d 100644
--- a/pkgs/servers/sslh/default.nix
+++ b/pkgs/servers/sslh/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libcap, libconfig, perl }:
+{ stdenv, fetchurl, libcap, libconfig, perl, tcp_wrappers }:
 
 stdenv.mkDerivation rec {
   name = "sslh-${version}";
@@ -11,9 +11,9 @@ stdenv.mkDerivation rec {
 
   postPatch = "patchShebangs *.sh";
 
-  buildInputs = [ libcap libconfig perl ];
+  buildInputs = [ libcap libconfig perl tcp_wrappers ];
 
-  makeFlags = "USELIBCAP=1";
+  makeFlags = "USELIBCAP=1 USELIBWRAP=1";
 
   installFlags = "PREFIX=$(out)";