update

hosts/common/global/default.nix

@@ -5,9 +5,11 @@
 }: {
   imports = [
     inputs.home-manager.nixosModules.home-manager
+
+    ./sops.nix
   ] ++ (builtins.attrValues outputs.nixosModules);
 
-  home-manager.useGlobalpkgs = true;
+  home-manager.useGlobalPkgs = true;
   home-manager.extraSpecialArgs = {
     inherit inputs outputs;
   };
@@ -19,7 +21,7 @@
     };
   };
 
-  hardware.enableRedistrubutableFirmware = true;
+  hardware.enableRedistributableFirmware = true;
   networking.domain = "wessels.local";
 
   security.pam.loginLimits = [

hosts/common/global/sops.nix

@@ -0,0 +1,15 @@
+{
+  inputs,
+  outputs,
+  ...
+}: let
+  isEd25519 = k: k.type == "ed25519";
+  getKeyPath = k: k.path;
+  keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
+in {
+  imports = [inputs.sop-nix.nixosModules.sops];
+
+  sops = {
+    age.sshKeyPaths = map getKeyPath keys;
+  };
+}