diff --git a/README.md b/README.md
index 9b55fb0..4592cd3 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ rbw get sops > /mnt/var/lib/sops-nix/key.txt
 sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
 sudo mkdir -p /mnt/persist/var/lib/sops-nix
 sudo cp -r /mnt/var/lib/nixos/* /mnt/persist/var/lib/nixos/
-sudo cp -r /mnt/etc/ssh/* /mnt/persist/etc/ssh/
+sudo cp -r /mnt/etc/ssh/ssh_host* /mnt/persist/etc/ssh/
 sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt
 sudo cp {/mnt,/mnt/persist}/etc/machine-id
 ```
diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix
index 1bb97a5..87bd88b 100644
--- a/modules/home/sops/default.nix
+++ b/modules/home/sops/default.nix
@@ -3,7 +3,7 @@ let cfg = config.mods;
 in with lib; {
   imports = [ inputs.sops-nix.homeManagerModules.sops ];
   sops = {
-    age.keyFile = "/var/lib/sops-nix/key.txt";
+    age.keyFile = "/persist/var/lib/sops-nix/key.txt";
     defaultSopsFile = ./secrets.yaml;
     secrets.zipline-auth = { };
   };
diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix
index c38c876..e021207 100644
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -3,7 +3,7 @@ let cfg = config.mods;
 in with lib; {
   imports = [ inputs.sops-nix.nixosModules.sops ];
   sops = {
-    age.keyFile = "/var/lib/sops-nix/key.txt";
+    age.keyFile = "/persist/var/lib/sops-nix/key.txt";
     defaultSopsFile = ./secrets.yaml;
     secrets.muon-password.neededForUsers = true;
     secrets.zipline-secret = mkIf cfg.server.share.enable {