diff --git a/.sops.yaml b/.sops.yaml
index 10f769d..ffbdd28 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -17,6 +17,10 @@ creation_rules:
     key_groups:
     - age:
       - *host_jokum
+      - *host_ildkule
+      - *host_bekkalokk
+      - *host_bicep
+
       - *user_danio
       - *user_felixalb
       - *user_eirikwit
diff --git a/base.nix b/base.nix
index 1c41ba0..a47e021 100644
--- a/base.nix
+++ b/base.nix
@@ -84,6 +84,12 @@
     settings.PermitRootLogin = "yes";
   };
 
+  sops.age = {
+    sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    keyFile = "/var/lib/sops-nix/key.txt";
+    generateKey = true;
+  };
+
   # nginx return 444 for all nonexistent virtualhosts
 
   systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
diff --git a/secrets/common.yaml b/secrets/common.yaml
new file mode 100644
index 0000000..e69de29