diff --git a/system/shared/security/default.nix b/system/shared/security/default.nix
index c7c2b61..f2f6476 100644
--- a/system/shared/security/default.nix
+++ b/system/shared/security/default.nix
@@ -2,5 +2,6 @@
   imports = [
     ./apparmor.nix
     ./auditd.nix
+    ./polkit.nix
   ];
 }
diff --git a/system/shared/security/polkit.nix b/system/shared/security/polkit.nix
new file mode 100644
index 0000000..ac8d279
--- /dev/null
+++ b/system/shared/security/polkit.nix
@@ -0,0 +1,14 @@
+{ config, lib, ... }: {
+  security.polkit = {
+    enable = true;
+    debug = lib.mkDefault true;
+
+    # Have polkit log all actions, if debug is enabled
+    extraConfig = lib.mkIf config.security.polkit.debug ''
+      /* Log authorization checks. */
+      polkit.addRule(function(action, subject) {
+        polkit.log("user " +  subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
+      });
+    '';
+  };
+}