diff --git a/hosts/common/global/default.nix b/hosts/common/global/default.nix
index 6f4afa3..32ba2f7 100644
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@@ -5,9 +5,11 @@
 }: {
   imports = [
     inputs.home-manager.nixosModules.home-manager
+
+    ./sops.nix
   ] ++ (builtins.attrValues outputs.nixosModules);
 
-  home-manager.useGlobalpkgs = true;
+  home-manager.useGlobalPkgs = true;
   home-manager.extraSpecialArgs = {
     inherit inputs outputs;
   };
@@ -19,7 +21,7 @@
     };
   };
 
-  hardware.enableRedistrubutableFirmware = true;
+  hardware.enableRedistributableFirmware = true;
   networking.domain = "wessels.local";
 
   security.pam.loginLimits = [
diff --git a/hosts/common/global/sops.nix b/hosts/common/global/sops.nix
new file mode 100644
index 0000000..d5dc869
--- /dev/null
+++ b/hosts/common/global/sops.nix
@@ -0,0 +1,15 @@
+{
+  inputs,
+  outputs,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [inputs.sop-nix.nixosModules.sops];
+
+  sops = {
+    age.sshKeyPaths = map getKeyPath keys;
+  };
+}
diff --git a/hosts/orpheus/default.nix b/hosts/orpheus/default.nix
index d60a44f..ee08085 100644
--- a/hosts/orpheus/default.nix
+++ b/hosts/orpheus/default.nix
@@ -21,7 +21,7 @@
 
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest;
 
-  powerManagment.powertop.enable = true;
+  powerManagement.powertop.enable = true;
   programs = {
     adb.enable = true;
     dconf.enable = true;