diff --git a/nix/os/devices/steveej-nuc7pjyh-work/system.nix b/nix/os/devices/steveej-nuc7pjyh-work/system.nix
index b04ec58..8d673ba 100644
--- a/nix/os/devices/steveej-nuc7pjyh-work/system.nix
+++ b/nix/os/devices/steveej-nuc7pjyh-work/system.nix
@@ -2,6 +2,8 @@
 
 let
 in {
+  services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
+  users.groups.sgx = {};
   networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
 }
diff --git a/nix/os/devices/steveej-nuc7pjyh-work/user.nix b/nix/os/devices/steveej-nuc7pjyh-work/user.nix
index eecba37..05a9670 100644
--- a/nix/os/devices/steveej-nuc7pjyh-work/user.nix
+++ b/nix/os/devices/steveej-nuc7pjyh-work/user.nix
@@ -12,6 +12,7 @@ in {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
     shell = pkgs.posh { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; };
+    extraGroups = [ "sgx" ];
 
     subUidRanges = [{ startUid = 100000; count = 65536; }];
     subGidRanges = [{ startGid = 100000; count = 65536; }];