diff --git a/nixos/hosts/gandalf/config/samba-config.nix b/nixos/hosts/gandalf/config/samba-config.nix
new file mode 100644
index 0000000..14d14bc
--- /dev/null
+++ b/nixos/hosts/gandalf/config/samba-config.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+''
+  workgroup = WORKGROUP
+  server string = gandalf
+  netbios name = gandalf
+  security = user 
+  # note: localhost is the ipv6 localhost ::1
+  hosts allow = 0.0.0.0/0
+  guest account = nobody
+  map to guest = bad user
+''
diff --git a/nixos/hosts/gandalf/config/samba-shares.nix b/nixos/hosts/gandalf/config/samba-shares.nix
new file mode 100644
index 0000000..cd7204e
--- /dev/null
+++ b/nixos/hosts/gandalf/config/samba-shares.nix
@@ -0,0 +1,44 @@
+{ ... }: {
+  xen = {
+    path = "/eru/xen-backups";
+    browseable = "yes";
+    "read only" = "no";
+    "guest ok" = "no";
+    "create mask" = "0644";
+    "directory mask" = "0755";
+    "force user" = "apps";
+    "force group" = "apps";
+  };
+  hansonhive = {
+    path = "/eru/hansonhive";
+    browseable = "yes";
+    "read only" = "no";
+    "guest ok" = "no";
+    "create mask" = "0644";
+    "directory mask" = "0755";
+    "force user" = "www-data";
+    "force group" = "www-data";
+  };
+  tm_joe = {
+    path = "/eru/tm_joe";
+    "valid users" = "jahanson";
+    public = "no";
+    writeable = "yes";
+    "guest ok" = "no";
+    "force user" = "jahanson";
+    "fruit:aapl" = "yes";
+    "fruit:time machine" = "yes";
+    "vfs objects" = "catia fruit streams_xattr";
+  };
+  tm_elisia = {
+    path = "/eru/tm_elisia";
+    "valid users" = "emhanson";
+    public = "no";
+    writeable = "yes";
+    "guest ok" = "no";
+    "force user" = "emhanson";
+    "fruit:aapl" = "yes";
+    "fruit:time machine" = "yes";
+    "vfs objects" = "catia fruit streams_xattr";
+  };
+}
diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix
index 2fcf52d..8e3951c 100644
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@@ -10,16 +10,20 @@
     ];
 
   boot = {
-    initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
-    initrd.kernelModules = [ ];
+    initrd = {
+      availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ "nfs" ];
+      supportedFilesystems = [ "nfs" ];
+    };
+
     kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
     extraModulePackages = [ ];
-    kernelParams = [ "iommu=pt" "intel_iommu=on" ];
+    kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
   };
-  
+
   # Network settings
   networking = {
-    hostName = "gandalf"; 
+    hostName = "gandalf";
     hostId = "e2fc95cd";
     useDHCP = false; # needed for bridge
     networkmanager.enable = true;
@@ -65,6 +69,17 @@
   # System settings and services.
   mySystem = {
     purpose = "Production";
-    system.motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
+    system = {
+      motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
+      # ZFS
+      zfs.enable = true;
+      zfs.mountPoolsAtBoot = [ "eru" ];
+      # NFS
+      nfs.enable = true;
+      # Samba
+      samba.enable = true;
+      samba.shares = import ./config/samba-shares.nix { };
+      samba.extraConfig = import ./config/samba-config.nix { };
+    };
   };
 }