nix/hosts/common/system/configs/sops/default.nix

{ inputs, pkgs, ... }:
{
  imports = [ inputs.sops-nix.nixosModules.sops ];

  environment = {
    persistence."/persist"."/etc/ssh/ssh_host_ed25519_key" = { };
    systemPackages = with pkgs; [ sops ];
  };

  sops.age = {
    generateKey = true;
    sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
    keyFile = "/var/lib/sops-nix/key.txt";
  };
}