diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix
index 757a20f6164..876ce01615a 100644
--- a/modules/virtualisation/libvirtd.nix
+++ b/modules/virtualisation/libvirtd.nix
@@ -7,6 +7,13 @@ with pkgs.lib;
 let
 
   cfg = config.virtualisation.libvirtd;
+  configFile = pkgs.writeText "libvirtd.conf" ''
+    unix_sock_group = "libvirtd"
+    unix_sock_rw_perms = "0770"
+    auth_unix_ro = "none"
+    auth_unix_rw = "none"
+    ${cfg.extraConfig}
+  '';
 
 in
 
@@ -36,6 +43,16 @@ in
           '';
       };
 
+    virtualisation.libvirtd.extraConfig =
+      mkOption {
+        default = "";
+        description =
+          ''
+            Extra contents appended to the libvirtd configuration file,
+            libvirtd.conf.
+          '';
+      };
+
   };
 
 
@@ -83,7 +100,7 @@ in
             done
           ''; # */
 
-        serviceConfig.ExecStart = "@${pkgs.libvirt}/sbin/libvirtd libvirtd --daemon --verbose";
+        serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
         serviceConfig.Type = "forking";
         serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
 
@@ -124,6 +141,8 @@ in
         serviceConfig.RemainAfterExit = true;
       };
 
+    users.extraGroups.libvirtd = {};
+
   };
 
 }