diff --git a/hosts/common/systemd.nix b/hosts/common/systemd.nix
index 6fa981f1..8b7d6bf0 100644
--- a/hosts/common/systemd.nix
+++ b/hosts/common/systemd.nix
@@ -7,9 +7,12 @@ let
   haltTimeout = 10;
 in
 {
-  # allow ordinary users to `reboot` or `shutdown`.
-  # source: <https://nixos.wiki/wiki/Polkit>
   security.polkit.extraConfig = ''
+    /* allow ordinary users to:
+     * - reboot
+     * - shutdown
+     * source: <https://nixos.wiki/wiki/Polkit>
+     */
     polkit.addRule(function(action, subject) {
       if (
         subject.isInGroup("users")
@@ -24,6 +27,19 @@ in
         return polkit.Result.YES;
       }
     })
+
+    /* allow members of wheel to:
+     * - systemctl daemon-reload
+     * - systemctl stop|start|restart SERVICE
+     */
+    polkit.addRule(function(action, subject) {
+      if (subject.isInGroup("wheel") && (
+        action.id == "org.freedesktop.systemd1.reload-daemon" ||
+        action.id == "org.freedesktop.systemd1.manage-units"
+      )) {
+        return polkit.Result.YES;
+      }
+    })
   '';
 
   services.journald.extraConfig = ''