diff --git a/README.md b/README.md
index 5852a3d..80effd8 100644
--- a/README.md
+++ b/README.md
@@ -11,13 +11,14 @@ cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configur
 rbw config set email admin@muon.host
 rbw config set base_url https://vault.muon.host
 rbw login
-sudo mkdir -p /mnt/home/muon/.config/sops/age
-sudo chown muon:users /mnt/home/muon/.config -R
-rbw get sops > /mnt/home/muon/.config/sops/age/keys.txt
+sudo mkdir -p /mnt/var/lib/sops-nix
+sudo chown muon:users /mnt/var/lib/sops-nix -R
+rbw get sops > /mnt/var/lib/sops-nix/key.txt
 sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
 sudo mkdir -p /mnt/persist/{etc,var/lib/systemd}
 sudo cp -r {/mnt,/mnt/persist}/etc/nixos
 sudo cp -r {/mnt,/mnt/persist}/var/lib/nixos
+sudo cp -r {/mnt,/mnt/persist}/var/lib/sops-nix
 sudo cp -r {/mnt,/mnt/persist}/var/lib/systemd/coredump
 sudo cp {/mnt,/mnt/persist}/etc/machine-id
 ```
diff --git a/hosts/murk/configuration.nix b/hosts/murk/configuration.nix
index 21925f1..c0748c1 100644
--- a/hosts/murk/configuration.nix
+++ b/hosts/murk/configuration.nix
@@ -5,7 +5,6 @@ in {
   # Hardware
   imports = [
     ./hardware-configuration.nix
-    inputs.impermanence.nixosModules.impermanence
     "${
       builtins.fetchTarball {
         url =
diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix
index 4bfb885..1bb97a5 100644
--- a/modules/home/sops/default.nix
+++ b/modules/home/sops/default.nix
@@ -3,7 +3,7 @@ let cfg = config.mods;
 in with lib; {
   imports = [ inputs.sops-nix.homeManagerModules.sops ];
   sops = {
-    age.keyFile = "/home/muon/.config/sops/age/keys.txt";
+    age.keyFile = "/var/lib/sops-nix/key.txt";
     defaultSopsFile = ./secrets.yaml;
     secrets.zipline-auth = { };
   };
diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix
index b8a3711..72e62bc 100644
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -4,8 +4,12 @@ with lib; {
 
   config = mkIf config.mods.impermanence.enable {
     environment.persistence."/persist" = {
-      directories =
-        [ "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/nixos" ];
+      directories = [
+        "/var/lib/nixos"
+        "/var/lib/systemd/coredump"
+        "/var/lib/sops-nix"
+        "/etc/nixos"
+      ];
       files = [ "/etc/machine-id" ];
     };
 
diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix
index 01891a7..c38c876 100644
--- a/modules/nixos/sops/default.nix
+++ b/modules/nixos/sops/default.nix
@@ -3,9 +3,9 @@ let cfg = config.mods;
 in with lib; {
   imports = [ inputs.sops-nix.nixosModules.sops ];
   sops = {
-    age.keyFile = "/home/muon/.config/sops/age/keys.txt";
+    age.keyFile = "/var/lib/sops-nix/key.txt";
     defaultSopsFile = ./secrets.yaml;
-    secrets.muon-password = { };
+    secrets.muon-password.neededForUsers = true;
     secrets.zipline-secret = mkIf cfg.server.share.enable {
       owner = "zipline";
       group = "zipline";
diff --git a/utils.nix b/utils.nix
index 672e982..fdb6c8b 100644
--- a/utils.nix
+++ b/utils.nix
@@ -8,6 +8,7 @@
         ./modules/nixos
         inputs.home-manager.nixosModules.default
         inputs.stylix.nixosModules.stylix
+        inputs.impermanence.nixosModules.impermanence
       ];
     };
 }