diff --git a/hosts/sakotop/configuration.nix b/hosts/sakotop/configuration.nix
index 05cf4bb9..1fbbc6c5 100644
--- a/hosts/sakotop/configuration.nix
+++ b/hosts/sakotop/configuration.nix
@@ -107,6 +107,7 @@
     };
     security = {
       age.enable = true;
+      sops.enable = true;
     };
   };
 
@@ -122,6 +123,12 @@
   };
 
   security.pki.certificateFiles = [./trust/homelab.pem];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+    };
+  };
+
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 
diff --git a/modules/security/default.nix b/modules/security/default.nix
index 6dd419fd..8468f669 100644
--- a/modules/security/default.nix
+++ b/modules/security/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
     ./age.nix
+    ./sops.nix
   ];
 }
diff --git a/modules/security/sops.nix b/modules/security/sops.nix
new file mode 100644
index 00000000..cfc5933b
--- /dev/null
+++ b/modules/security/sops.nix
@@ -0,0 +1,21 @@
+{
+  outputs,
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.modules.security.age;
+in {
+  options.modules.security.sops = {
+    enable = mkEnableOption false;
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      sops
+    ];
+  };
+}
diff --git a/modules/security/sops.nix~ b/modules/security/sops.nix~
new file mode 100644
index 00000000..e69de29b