diff --git a/.sops.yaml b/.sops.yaml
deleted file mode 100644
index 50bce44..0000000
--- a/.sops.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-keys:
-  - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
-creation_rules:
-  - path_regex: hosts/laptop/secrets/secrets.yaml$
-    key_groups:
-      - age:
-        - *primary
-  - path_regex: hosts/server/secrets/secrets.yaml$
-    key_groups:
-      - age:
-        - *primary
diff --git a/.sops.yaml b/.sops.yaml
new file mode 120000
index 0000000..f8e36e6
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1 @@
+/nix/store/5a86f59f5kryqma59kkvvzgal5ahdjqp-home-manager-files/.config/nixos/.sops.yaml
\ No newline at end of file
diff --git a/hosts/laptop/secrets/default.nix b/hosts/laptop/secrets/default.nix
index 0447de7..c73e9c6 100644
--- a/hosts/laptop/secrets/default.nix
+++ b/hosts/laptop/secrets/default.nix
@@ -15,6 +15,20 @@
     };
   };
 
+  home.file.".config/nixos/.sops.yaml".text = ''
+    keys:
+      - &primary age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
+    creation_rules:
+      - path_regex: hosts/laptop/secrets/secrets.yaml$
+        key_groups:
+          - age:
+            - *primary
+      - path_regex: hosts/server/secrets/secrets.yaml$
+        key_groups:
+          - age:
+            - *primary
+  '';
+
   systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
   home.packages = with pkgs; [ sops age ];