diff --git a/2configs/default.nix b/2configs/default.nix
index 3e04c3c..c2c7c64 100644
--- a/2configs/default.nix
+++ b/2configs/default.nix
@@ -7,7 +7,7 @@ with lib;
     ./editor/vim.nix
     ./binary-cache/nixos.nix
     ./minimal.nix
-    ./secrets
+    ./secrets/ssh_server.nix
     # ./security/hotfix.nix
   ];
 
diff --git a/2configs/secrets/ssh_server.nix b/2configs/secrets/ssh_server.nix
new file mode 100644
index 0000000..c3f5633
--- /dev/null
+++ b/2configs/secrets/ssh_server.nix
@@ -0,0 +1,8 @@
+{
+
+  sops.secrets."ssh_host_rsa_key" = {};
+  sops.secrets."ssh_host_ed25519_key" = {};
+  services.openssh.hostKeys = lib.mkForce [
+    { bits = 4096; path = (config.sops.secrets."ssh_host_rsa_key".path); type = "rsa"; }
+    { path = config.sops.secrets."ssh_host_ed25519_key".path; type = "ed25519"; } ];
+}