diff --git a/common/sudo.nix b/common/sudo.nix
new file mode 100644
index 0000000..fe9b2fc
--- /dev/null
+++ b/common/sudo.nix
@@ -0,0 +1,5 @@
+{ config, lib, pkgs,... }:
+
+{
+  security.sudo.execWheelOnly = true;
+}
diff --git a/hive.nix b/hive.nix
index c9e17de..e3ccd2b 100644
--- a/hive.nix
+++ b/hive.nix
@@ -23,6 +23,7 @@ in {
       (import "${sources.home-manager}/nixos")
       (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
+      ./common/sudo.nix
       ./common/utilities.nix
       ./users/qenya.nix
     ];