diff --git a/hosts/snowhawk/configuration.nix b/hosts/snowhawk/configuration.nix
index c69098d..5078612 100644
--- a/hosts/snowhawk/configuration.nix
+++ b/hosts/snowhawk/configuration.nix
@@ -81,16 +81,6 @@
     user = "ravenshade";
   };
 
-  security.sudo.extraRules = lib.mkIf false [
-    {
-      users = [ "ravenshade" ];
-      commands = [{
-        command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
-        options = [ "SETENV" "NOPASSWD" ];
-      }];
-    }
-  ];
-
   security.polkit.enable = true;
 
   home-manager.users = { "ravenshade" = import ./home.nix; };
diff --git a/modules/sudo-rules.nix b/modules/sudo-rules.nix
new file mode 100644
index 0000000..ad4895b
--- /dev/null
+++ b/modules/sudo-rules.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.snowhawk.sudo-rules;
+in
+{
+  options.snowhawk.sudo-rules = {
+    enable = mkEnableOption "sudo-rules nixos module";
+  };
+
+  config = mkIf cfg.enable {
+    security.sudo.extraRules = lib.mkIf false [
+      {
+        users = [ "ravenshade" ];
+        commands = [{
+          command = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
+          options = [ "SETENV" "NOPASSWD" ];
+        }];
+      }
+    ];
+
+  };
+}