diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..1f12d95
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &sv1 age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
+creation_rules:
+  - path_regex: library/secrets/.*.yaml
+    key_groups:
+      - age:
+        - *sv1
diff --git a/library/default.nix b/library/default.nix
index cb0edbd..4974732 100644
--- a/library/default.nix
+++ b/library/default.nix
@@ -3,4 +3,5 @@
 
   nixosSystems = lib.callFragment ./nixosSystems.nix {};
   sshKeys = lib.callFragment ./sshKeys.nix {};
+  secrets = lib.callFragment ./secrets.nix {};
 }
diff --git a/library/secrets/default.nix b/library/secrets/default.nix
new file mode 100644
index 0000000..fc449b3
--- /dev/null
+++ b/library/secrets/default.nix
@@ -0,0 +1,3 @@
+{
+  sb1 = ./sb1.yaml;
+}
diff --git a/library/secrets/sb1.yaml b/library/secrets/sb1.yaml
new file mode 100644
index 0000000..52ba84f
--- /dev/null
+++ b/library/secrets/sb1.yaml
@@ -0,0 +1,22 @@
+sb1-username: ENC[AES256_GCM,data:c5Myt2AdnA==,iv:q36larVwGrBiCHBaUu54QdJggeL22QzOwkfiJfQjsVE=,tag:qsVj/akHjHZwjvnvaJRBEw==,type:str]
+sb1-password: ENC[AES256_GCM,data:766xhD3hcwFM9pyu53uYMg==,iv:HYtfnUvl46N/z5UUTIz337rq/kAHJcvgAcMbVnluik0=,tag:1oSSB1UqQIWmh7PJGO+YfQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1zr5m64rzl8r5pk5cnwcfycc8ze09lx4xqa6s0cpkf24gwwxxpy2sltfsug
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdlpSYXhOdndtS0Y0QTRz
+            N2pxczhIQVBWSnV1dnY3WDVVRlErYnh4OWdnClRUSjVXeWMrTmxWVEVGT0V6YUMr
+            V2ovSVhpcmRIN3ljWUx0cmJnSnBzMzAKLS0tIHBNalN3emcrbjZZcytoVFgyQTh2
+            elREcXRxeGdVTW1TZGtKelVURkdlWW8KSWpXIAL0Vb1a3un8WIcjMNbIbR41VcK2
+            604AZYjooB6OzX2sOkGOOAIvB17S2nesL/nQUobWkM8bQSuH/TgR5g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-01T22:35:24Z"
+    mac: ENC[AES256_GCM,data:PH0lfE79d1ZuE0YyMZuWhpZNu1OHh+9JMNbr66RJoRRPpLa134Y6mQE+PzZXOZ0PR2mT+VOrkNhNRhzEhr79oScM0d3ahBfKVY8VcNpvP34Llb9PQWPAZpQ5moa9o6g850bLrXl3XolLPEMpZg4BVa5EzFjo9BXNbuSY/zoW2x0=,iv:my+mb+qbjDs3iHdmaEptylgHbNu7a6zwHx2NEhlwi1Q=,tag:YfEYhl4QOulNbKALLB8ylg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/modules/sv1.nix b/modules/sv1.nix
index 0415c72..11cbad0 100644
--- a/modules/sv1.nix
+++ b/modules/sv1.nix
@@ -6,6 +6,7 @@
   imports = with lib.nixosModules; [
     disko
     impermanence
+    sops
   ];
 
   disko.devices.disk.NixOS = {
@@ -98,6 +99,31 @@
   fileSystems = {
     "/persist".neededForBoot = true;
     "/var/log".neededForBoot = true;
+    "/mnt/sb1" = {
+      device = "//u424050.your-storagebox.de/backup";
+      fsType = "cifs";
+      options = [
+        "noauto"
+        "x-systemd.automount"
+        "credentials=${config.sops.templates.sb1-credentials.path}"
+      ];
+    };
+  };
+
+  sops = {
+    gnupg.sshKeyPaths = [];
+    age = {
+      sshKeyPaths = [];
+      keyFile = "/persist/sops.age";
+    };
+    secrets = {
+      sb1-username.sopsFile = lib.secrets.sb1;
+      sb1-password.sopsFile = lib.secrets.sb1;
+    };
+    templates.sb1-credentials.content = ''
+      username="${config.sops.placeholder.sb1-username}"
+      password="${config.sops.placeholder.sb1-password}"
+    '';
   };
 
   boot = {