diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 0a563ab736d9..0e841218c81e 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -560,6 +560,7 @@
   ./services/desktops/system76-scheduler.nix
   ./services/desktops/telepathy.nix
   ./services/desktops/tumbler.nix
+  ./services/desktops/wlock.nix
   ./services/desktops/zeitgeist.nix
   ./services/development/athens.nix
   ./services/development/blackfire.nix
diff --git a/nixos/modules/services/desktops/wlock.nix b/nixos/modules/services/desktops/wlock.nix
new file mode 100644
index 000000000000..3ec766f5422c
--- /dev/null
+++ b/nixos/modules/services/desktops/wlock.nix
@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.wlock;
+in
+{
+  options = {
+    services.wlock = {
+      enable = lib.mkEnableOption "wlock, a Wayland sessionlocker using the ext-session-lock-v1 protocol";
+
+      package = lib.mkPackageOption pkgs "wlock" { };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.wrappers.wlock = {
+      owner = "root";
+      group = "root";
+      # mirror upstream chmod of 4755
+      setuid = true;
+      setgid = false;
+      source = lib.getExe cfg.package;
+    };
+  };
+
+  meta.maintainers = [ lib.maintainers.fliegendewurst ];
+}