diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..dba8494
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,9 @@
+# .sops.yaml
+
+keys:
+  - &primary age14gfh682a7m7jfp3qrulql03x5rs7yedwmxwksxrrmgjsunstyuksqx93pz
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
diff --git a/flake.nix b/flake.nix
index 387c495..dda53a8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,8 @@
       url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    inputs.sops-nix.url = "github:Mic92/sops-nix";
+    inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs";
   };
   
   outputs = { self, nixpkgs, home-manager, ... }@inputs: 
diff --git a/hosts/snowbelle/configuration.nix b/hosts/snowbelle/configuration.nix
index 94e8421..2e07eb1 100644
--- a/hosts/snowbelle/configuration.nix
+++ b/hosts/snowbelle/configuration.nix
@@ -5,13 +5,14 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../../users/users.nix
-      ../../modules/system/system.nix
-      ../../modules/homelab/homelab.nix
+      ../../modules/system/default.nix
+      ../../modules/homelab/default.nix
     ];
 
   modules = {
     system = {
       ssh.enable = true;
+      sops.enable = true;
       docker.enable = true;
       syncthing.enable = true;
       tailscale.enable = true;
diff --git a/modules/homelab/homelab.nix b/modules/homelab/default.nix
similarity index 100%
rename from modules/homelab/homelab.nix
rename to modules/homelab/default.nix
diff --git a/modules/system/system.nix b/modules/system/default.nix
similarity index 86%
rename from modules/system/system.nix
rename to modules/system/default.nix
index eee3112..f40ce95 100644
--- a/modules/system/system.nix
+++ b/modules/system/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./ssh.nix
+    ./sops.nix
     ./docker.nix
     ./tailscale.nix
     ./syncthing.nix
@@ -10,6 +11,7 @@
   ];
 
   modules.system.ssh.enable = lib.mkDefault true;
+  modules.system.sops.enable = lib.mkDefault true;
   modules.system.docker.enable = lib.mkDefault true;
   modules.system.tailscale.enable = lib.mkDefault true;
   modules.system.syncthing.enable = lib.mkDefault true;