diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index a4c389e6937..71c84fbe6b4 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -118,6 +118,7 @@
   ./misc/version.nix
   ./misc/wordlist.nix
   ./misc/nixops-autoluks.nix
+  ./programs/_1password-gui.nix
   ./programs/adb.nix
   ./programs/appgate-sdp.nix
   ./programs/atop.nix
diff --git a/nixos/modules/programs/_1password-gui.nix b/nixos/modules/programs/_1password-gui.nix
new file mode 100644
index 00000000000..f57de44bb9e
--- /dev/null
+++ b/nixos/modules/programs/_1password-gui.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.programs._1password-gui;
+
+in {
+  options = {
+    programs._1password-gui = {
+      enable = mkEnableOption "The 1Password Desktop application with browser integration";
+
+      groupId = mkOption {
+        type = types.int;
+        example = literalExpression "5000";
+        description = ''
+          The GroupID to assign to the onepassword group, which is needed for browser integration. The group ID must be 1000 or greater.
+          '';
+      };
+
+      polkitPolicyOwners = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = literalExpression "[\"user1\" \"user2\" \"user3\"]";
+        description = ''
+          A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. By default, no users will have such access.
+          '';
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs._1password-gui;
+        defaultText = literalExpression "pkgs._1password-gui";
+        example = literalExpression "pkgs._1password-gui";
+        description = ''
+          The 1Password derivation to use. This can be used to upgrade from the stable release that we keep in nixpkgs to the betas.
+          '';
+      };
+    };
+  };
+
+  config = let
+    package = cfg.package.override {
+      polkitPolicyOwners = cfg.polkitPolicyOwners;
+    };
+  in mkIf cfg.enable {
+    environment.systemPackages = [ package ];
+    users.groups.onepassword.gid = cfg.groupId;
+
+    security.wrappers = {
+      "1Password-BrowserSupport" =
+        { source = "${cfg.package}/share/1password/1Password-BrowserSupport";
+          owner = "root";
+          group = "onepassword";
+          setuid = false;
+          setgid = true;
+        };
+
+      "1Password-KeyringHelper" =
+        { source = "${cfg.package}/share/1password/1Password-KeyringHelper";
+          owner = "root";
+          group = "onepassword";
+          setuid = true;
+          setgid = true;
+        };
+    };
+
+  };
+}
diff --git a/pkgs/applications/misc/1password-gui/default.nix b/pkgs/applications/misc/1password-gui/default.nix
index 15622d799a4..311ef3037bb 100644
--- a/pkgs/applications/misc/1password-gui/default.nix
+++ b/pkgs/applications/misc/1password-gui/default.nix
@@ -101,6 +101,7 @@ in stdenv.mkDerivation rec {
         mkdir -p $out/share/polkit-1/actions
         substitute com.1password.1Password.policy.tpl $out/share/polkit-1/actions/com.1password.1Password.policy --replace "\''${POLICY_OWNERS}" "${policyOwners}"
         '') + ''
+
       # Icons
       cp -a resources/icons $out/share