diff --git a/modules/programs/virtualbox.nix b/modules/programs/virtualbox.nix
new file mode 100644
index 000000000000..6d9f269b889c
--- /dev/null
+++ b/modules/programs/virtualbox.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
+  boot.extraModulePackages = [ pkgs.linuxPackages.virtualbox ];
+  environment.systemPackages = [ pkgs.linuxPackages.virtualbox ];
+
+  # ‘VBoxNetAdpCtl’ needs to be setuid root to allow users to create
+  # host-only networks (https://www.virtualbox.org/ticket/4014).
+  security.setuidOwners = singleton
+    { program = "VBoxNetAdpCtl";
+      source = "${pkgs.linuxPackages.virtualbox}/virtualbox/VBoxNetAdpCtl";
+      owner = "root";
+      group = "root";
+      setuid = true;
+    };
+}