diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index 3c3df827999..1a26a8f9e24 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -47,8 +47,10 @@ in
     gnunetd = 17;
     pulseaudio = 22; # must match `pulseaudio' GID
     gpsd = 23;
-    uptimed = 24;
-    ddclient = 25;
+    polkituser = 28;
+    uptimed = 29;
+    ddclient = 30;
+    # When adding a uid, make sure it doesn't match an existing gid.
 
     nixbld = 30000; # start of range of uids
     nobody = 65534;
@@ -82,6 +84,8 @@ in
     tape = 25;
     video = 26;
     dialout = 27;
+    polkituser = 28;
+    # When adding a gid, make sure it doesn't match an existing uid.
 
     users = 100;
     nixbld = 30000;
diff --git a/modules/module-list.nix b/modules/module-list.nix
index 9463c15de6f..68f639ea5ff 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -28,7 +28,8 @@
   ./programs/ssmtp.nix
   ./security/consolekit.nix
   ./security/pam.nix
-  ./security/polkit.nix
+  ./security/policykit.nix
+  #./security/polkit.nix # Currently disabled; using the old policykit.
   ./security/setuid-wrappers.nix
   ./security/sudo.nix
   ./services/audio/alsa.nix
diff --git a/modules/security/policykit.nix b/modules/security/policykit.nix
new file mode 100644
index 00000000000..a095270dc39
--- /dev/null
+++ b/modules/security/policykit.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.systemPackages = [ pkgs.policykit ];
+
+    services.dbus.packages = [ pkgs.policykit ];
+
+    security.pam.services = [ { name = "polkit"; } ];
+
+    users.extraUsers = singleton
+      { name = "polkituser";
+        uid = config.ids.uids.polkituser;
+        description = "PolicyKit user";
+      };
+
+    users.extraGroups = singleton
+      { name = "polkituser";
+        gid = config.ids.gids.polkituser;
+      };
+
+    system.activationScripts.policyKit = fullDepEntry
+      ''
+        mkdir -m 0770 -p /var/run/PolicyKit
+        chown root.polkituser /var/run/PolicyKit
+
+        mkdir -m 0770 -p /var/lib/PolicyKit
+        chown root.polkituser /var/lib/PolicyKit
+        
+        mkdir -p /var/lib/misc
+        touch /var/lib/misc/PolicyKit.reload
+        chmod 0664 /var/lib/misc/PolicyKit.reload
+        chown polkituser.polkituser /var/lib/misc/PolicyKit.reload
+      '' [ "users" ];
+
+  };
+
+}