diff --git a/home/secrets.nix b/home/secrets.nix
index 55167c6..aec337e 100644
--- a/home/secrets.nix
+++ b/home/secrets.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 {
   sops = {
@@ -14,6 +14,18 @@
     };
   };
 
+  # Generate age key from ed25519 SSH key for sops CLI
+  home.activation.sopsAgeKey = config.lib.dag.entryAfter [ "writeBoundary" ] ''
+    KEY_DIR="${config.home.homeDirectory}/.config/sops/age"
+    KEY_FILE="$KEY_DIR/keys.txt"
+    SSH_KEY="${config.home.homeDirectory}/.ssh/id_ed25519"
+    if [ -f "$SSH_KEY" ] && [ ! -f "$KEY_FILE" ]; then
+      mkdir -p "$KEY_DIR"
+      ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i "$SSH_KEY" > "$KEY_FILE"
+      chmod 600 "$KEY_FILE"
+    fi
+  '';
+
   programs.fish.interactiveShellInit = ''
     # sops-nix secrets → env vars
     for pair in \
diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix
index eedd0d7..a607bd0 100644
--- a/hosts/wsl/default.nix
+++ b/hosts/wsl/default.nix
@@ -7,5 +7,8 @@
     defaultUser = username;
   };
 
+  # ── nix-ld (VSCode Remote, etc.) ────────────────────
+  programs.nix-ld.enable = true;
+
   system.stateVersion = "24.11";
 }