diff --git a/dev_system.nix b/dev_system.nix
index fd08c31..1f9c4d1 100644
--- a/dev_system.nix
+++ b/dev_system.nix
@@ -23,23 +23,23 @@ in
     ./shared/ssh.nix
   ];
 
-  # sops = {
-  #   defaultSopsFile = "./secrets/example.yaml";
-  #   age = {
-  #     sshKeyPaths = [ "/etc/ssh/ssh_host_ed25510_key" ];
-  #     keyFile = "/root/.config/sops/age/keys.txt";
-  #     generateKey = true;
-  #   };
-  # };
+  sops = {
+    defaultSopsFile = "./secrets/example.yaml";
+    age = {
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25510_key" ];
+      keyFile = "/root/.config/sops/age/keys.txt";
+      generateKey = true;
+    };
+  };
 
-  # users.users = {
-  #   # connection only via ssh key
-  #   pipeline = {
-  #     isNormalUser = true;
-  #     home = "/home/pipeline";
-  #     description = "User used by forgejo runners to connect to this system";
-  #     extraGroups = [ "docker" ];
-  #     openssh.authorizedKeys.keyFiles = [ config.sops.secrets."foo".path ];
-  #   };
-  # };
+  users.users = {
+    # connection only via ssh key
+    pipeline = {
+      isNormalUser = true;
+      home = "/home/pipeline";
+      description = "User used by forgejo runners to connect to this system";
+      extraGroups = [ "docker" ];
+      openssh.authorizedKeys.keyFiles = [ config.sops.secrets."foo".path ];
+    };
+  };
 }
diff --git a/flake.nix b/flake.nix
index ac10690..90708c1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,7 @@
           };
           imports = [
             inputs.disko.nixosModules.disko
+            inputs.sops-nix.nixosModules.sops
 
             ./dev_system.nix