diff --git a/pkgs/development/python-modules/restrictedpython/default.nix b/pkgs/development/python-modules/restrictedpython/default.nix
new file mode 100644
index 000000000000..5163c7389b27
--- /dev/null
+++ b/pkgs/development/python-modules/restrictedpython/default.nix
@@ -0,0 +1,34 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+
+# Test dependencies
+, pytest, pytest-mock
+}:
+
+buildPythonPackage rec {
+  pname = "RestrictedPython";
+  version = "5.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1g0sffn6ifkl1w8gq15rpaqm8c7l68bsnm77wcd3flyzzydmd050";
+  };
+
+  #propagatedBuildInputs = [ xmltodict requests ifaddr ];
+
+  checkInputs = [
+    pytest pytest-mock
+  ];
+
+  checkPhase = ''
+    pytest
+  '';
+
+  meta = {
+    homepage = https://github.com/zopefoundation/RestrictedPython;
+    description = "A restricted execution environment for Python to run untrusted code";
+    license = lib.licenses.zpl21;
+    maintainers = with lib.maintainers; [ juaningan ];
+  };
+}
diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix
index 492d5a0b0dc5..c9278cd16e6f 100644
--- a/pkgs/servers/home-assistant/component-packages.nix
+++ b/pkgs/servers/home-assistant/component-packages.nix
@@ -583,7 +583,7 @@
     "pushsafer" = ps: with ps; [  ];
     "pvoutput" = ps: with ps; [  ];
     "pyload" = ps: with ps; [  ];
-    "python_script" = ps: with ps; [  ];
+    "python_script" = ps: with ps; [ restrictedpython ];
     "qbittorrent" = ps: with ps; [  ];
     "qld_bushfire" = ps: with ps; [  ];
     "qnap" = ps: with ps; [  ];
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 760af1bcf078..7cbae0956e79 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5131,6 +5131,8 @@ in {
 
   repocheck = callPackage ../development/python-modules/repocheck { };
 
+  restrictedpython = callPackage ../development/python-modules/restrictedpython { };
+
   restview = callPackage ../development/python-modules/restview { };
 
   readme = callPackage ../development/python-modules/readme { };