diff --git a/modules/security/sys/sopsnix.nix b/modules/security/sys/sopsnix.nix
index c03f6a2..9f97111 100644
--- a/modules/security/sys/sopsnix.nix
+++ b/modules/security/sys/sopsnix.nix
@@ -3,5 +3,8 @@
     imports = [ inputs.sops-nix.nixosModules.sops ];
     environment.systemPackages = [ pkgs.age pkgs.sops ];
     sops.defaultSopsFile = ../secrets/secrets.yaml;
+    systemd.tmpfiles.rules = [
+      "d /var/lib/sops/root-keys 0700 root root -"
+     ];
   };
 }