diff --git a/modules/machine.nix b/modules/machine.nix
index 6a56c2b..70d53ce 100644
--- a/modules/machine.nix
+++ b/modules/machine.nix
@@ -36,4 +36,14 @@
   local.programs.pass.enable = lib.mkDefault true;
 
   local.programs.browsers.librewolf.enable = lib.mkDefault true;
+
+  security.sudo.extraRules = [{
+    commands = [
+      {
+        command = "/run/current-system/sw/bin/nixos-container";
+        options = [ "NOPASSWD" ];
+      }
+    ];
+    groups = [ "wheel" ];
+  }];
 }
diff --git a/modules/nixos/configs/default.nix b/modules/nixos/configs/default.nix
index 8babd5c..29c173d 100644
--- a/modules/nixos/configs/default.nix
+++ b/modules/nixos/configs/default.nix
@@ -5,7 +5,6 @@
     ./fonts.nix
     ./keyboard.nix
     ./nix.nix
-    ./security.nix
     ./sound.nix
     ./system.nix
     ./yubikey.nix
diff --git a/modules/nixos/programs/browsers/default.nix b/modules/nixos/programs/browsers/default.nix
index 9dfeb0f..69cdd30 100644
--- a/modules/nixos/programs/browsers/default.nix
+++ b/modules/nixos/programs/browsers/default.nix
@@ -39,8 +39,6 @@ in
   config = lib.mkIf isEnable {
     environment.systemPackages = hostPackages;
 
-    local.security.sudo.nopasswd = [{ commands = hostPackages; }];
-
     local.sound.systemWide = true;
 
     containers.browsers = {
diff --git a/modules/nixos/programs/communication/skype.nix b/modules/nixos/programs/communication/skype.nix
index 77a1743..c6b6f8e 100644
--- a/modules/nixos/programs/communication/skype.nix
+++ b/modules/nixos/programs/communication/skype.nix
@@ -27,8 +27,6 @@ in
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ hostSkype ];
 
-    local.security.sudo.nopasswd = [{ commands = [ hostSkype ]; }];
-
     local.sound.systemWide = true;
 
     containers.skype = {
diff --git a/modules/nixos/programs/communication/telegram.nix b/modules/nixos/programs/communication/telegram.nix
index 644b9fb..b89df54 100644
--- a/modules/nixos/programs/communication/telegram.nix
+++ b/modules/nixos/programs/communication/telegram.nix
@@ -27,8 +27,6 @@ in
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ hostTelegram ];
 
-    local.security.sudo.nopasswd = [{ commands = [ hostTelegram ]; }];
-
     local.sound.systemWide = true;
 
     containers.telegram = {