diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index 6afc522..8f9eae5 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -70,6 +70,14 @@ let
           Sops file the secret is loaded from.
         '';
       };
+      sopsFileHash = mkOption {
+        type = types.str;
+        readOnly = true;
+        default = if cfg.validateSopsFiles then "${builtins.hashFile "sha256" config.sopsFile}" else "";
+        description = ''
+          Hash of the sops file, useful in systemd.services.<name>.restartTriggers.
+        '';
+      };
     };
   });
   manifest = pkgs.writeText "manifest.json" (builtins.toJSON {