diff --git a/flake.nix b/flake.nix
index 6264dd4..85bff37 100644
--- a/flake.nix
+++ b/flake.nix
@@ -131,6 +131,7 @@
         nixfiles-generate-backup-secrets
         nixfiles-update-ssh-host-keys
         print-afra
+        run-with-docker-group
         ssh-gpg
         update-from-hydra
         uptimestatus;
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 9f24963..ef56c14 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -16,6 +16,7 @@ final: prev: {
   nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
   nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
   print-afra = final.callPackage ./print-afra {};
+  run-with-docker-group = final.callPackage ./run-with-docker-group {};
   ssh-gpg = final.callPackage ./ssh-gpg {};
   update-from-hydra = final.callPackage ./update-from-hydra {};
   uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
diff --git a/pkgs/run-with-docker-group/default.nix b/pkgs/run-with-docker-group/default.nix
new file mode 100644
index 0000000..469aef3
--- /dev/null
+++ b/pkgs/run-with-docker-group/default.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "run-with-docker-group";
+  text = builtins.readFile ./run-with-docker-group.sh;
+}
diff --git a/pkgs/run-with-docker-group/run-with-docker-group.sh b/pkgs/run-with-docker-group/run-with-docker-group.sh
new file mode 100755
index 0000000..2c6087a
--- /dev/null
+++ b/pkgs/run-with-docker-group/run-with-docker-group.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [[ $# -eq 0 ]]; then
+	set -- "${SHELL}"
+fi
+
+exec systemd-run \
+	"--property=User=$(id -un)" \
+	"--property=SupplementaryGroups=docker" \
+	"--pty" "--same-dir" "--wait" "--collect" "--service-type=exec" \
+	"--quiet" \
+	"$@"