diff --git a/nixos/syndicate-server.nix b/nixos/syndicate-server.nix
index 4d312a5..83697b2 100644
--- a/nixos/syndicate-server.nix
+++ b/nixos/syndicate-server.nix
@@ -5,6 +5,13 @@ with lib;
   options.services.syndicate-server = {
     enable = mkEnableOption "the Syndicate dataspace server";
 
+    group = mkOption {
+      type = types.str;
+      default = "wheel";
+      example = "users";
+      description = "Group account under which the Syndicate server runs.";
+    };
+
     package = mkOption {
       default = pkgs.syndicate-rs;
       defaultText = "pkgs.syndicate-rs";
@@ -49,6 +56,7 @@ with lib;
       serviceConfig = {
         ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
         ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
+        Group = cfg.group;
         AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
         DynamicUser = true;
         Restart = "always";