# Sops-Nix Setup

To set up the system to run sops-nix, I usually use the host SSH key like so:

```bash
nix run 'nixpkgs#ssh-to-age' -- -private-key -i /etc/ssh/ssh_host_ed25519_key  
```

Copy the generated private key to `/var/lib/sops/age/keys.txt` . This is the location set in the sopsFile option in `base/secrets.nix`.

No need to change from root permissions.

Afterwards, generate the public key from the private key and then copy and paste this into the .sops.yaml config file on the nix config:

```
nix shell 'nixpkgs#age' -c age-keygen -y /var/lib/sops/age/keys.txt 
```

<p class="callout info">Don't forget to run a `sops updatekeys` command if you are performing these steps after the secrets file has been created</p>