diff --git a/.sops.yaml b/.sops.yaml
index ea00d48..5e44950 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,7 @@
 keys:
   - &emenel_eddie age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8
   - &root_services-nixos age1eg4u9d90r64a7gesg778cgx8pkcxkh4wjkddz299u6lelpc6yypsgza06c
+  - &emenel_services-nixos age1eg4u9d90r64a7gesg778cgx8pkcxkh4wjkddz299u6lelpc6yypsgza06c
 creation_rules:
   - path_regex: secrets.yaml$
     key_groups:
diff --git a/hosts/emenel-services/configuration.nix b/hosts/emenel-services/configuration.nix
index f67c403..ee3b1b2 100644
--- a/hosts/emenel-services/configuration.nix
+++ b/hosts/emenel-services/configuration.nix
@@ -36,8 +36,7 @@
   };
 
   sops = {
-    age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
-    age.generateKey = true;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     defaultSopsFile = ./secrets.yaml;
     secrets = {
       forgejo_emenel = {};