diff --git a/modules/module-list.nix b/modules/module-list.nix
index 93c63bf81..6bb45f4af 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -7,6 +7,7 @@
   ./security/pam.nix
   ./security/pki
   ./security/sandbox
+  ./security/sudo.nix
   ./system
   ./system/base.nix
   ./system/checks.nix
diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix
new file mode 100644
index 000000000..99ada115e
--- /dev/null
+++ b/modules/security/sudo.nix
@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.security.sudo;
+in
+{
+  meta.maintainers = [
+    lib.maintainers.samasaur or "samasaur"
+  ];
+
+  options = {
+    security.sudo.extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = mdDoc ''
+        Extra configuration text appended to {file}`sudoers`.
+      '';
+    };
+  };
+
+  config = {
+    environment.etc."sudoers.d/10-nix-darwin-extra-config".text = lib.mkIf (cfg.extraConfig != "") cfg.extraConfig;
+  };
+}