diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..aa3f5f4
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,14 @@
+# This example uses YAML anchors which allows reuse of multiple keys 
+# without having to repeat yourself.
+# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
+# for a more complex example.
+keys:
+  - &ephase 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
+  - &luci age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *luci
+      pgp:
+      - *ephase
diff --git a/flake.lock b/flake.lock
index d5012c7..398d504 100644
--- a/flake.lock
+++ b/flake.lock
@@ -71,6 +71,22 @@
         "type": "indirect"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1725762081,
+        "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1725115514,
@@ -91,7 +107,29 @@
         "home-manager": "home-manager",
         "nixgl": "nixgl",
         "nixpkgs": "nixpkgs",
-        "nur": "nur"
+        "nur": "nur",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1726524647,
+        "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 6549eb4..76d5592 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,8 +11,12 @@
       url = "github:nix-community/home-manager";
 	    inputs.nixpkgs.follows = "nixpkgs";
     };
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
-  outputs = { self, nixpkgs, home-manager, nur, nixgl, ... }@inputs: 
+  outputs = { self, nixpkgs, home-manager, nur, nixgl, sops-nix, ... }@inputs:
 let
   stateVersion = "23.11";
   
@@ -28,7 +32,9 @@ in {
     devShells = forAllSystems ({ pkgs }: {
       default = pkgs.mkShell {
         name = "nixfiles";
-        buildInputs = [     
+        buildInputs = [
+          pkgs.sops
+          pkgs.age
           pkgs.shellcheck
           pkgs.shfmt
           pkgs.lefthook
diff --git a/nixos/default.nix b/nixos/default.nix
index a32272a..4ff196f 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, stateVersion, hostname, username, hostConfig, ... }:
+{ inputs, pkgs, lib, stateVersion, hostname, username, hostConfig, config, ... }:
 {
   imports = [ # Include the results of the hardware scan.
     ../hosts/${hostname}/hardware-configuration.nix
@@ -43,6 +43,12 @@
       inherit hostConfig;
       inherit hostname;
     };
+
+    # NixOS system-wide home-manager configuration
+    sharedModules = [
+      inputs.sops-nix.homeManagerModules.sops
+    ];
+
     users.${username} = {
       home.stateVersion = stateVersion;
       programs.home-manager.enable = true;