diff --git a/hosts/cyper-controller/smb.nix b/hosts/cyper-controller/smb.nix
index 107a77e..b802aee 100644
--- a/hosts/cyper-controller/smb.nix
+++ b/hosts/cyper-controller/smb.nix
@@ -1,5 +1,4 @@
 {
-  config,
   pkgs,
   primaryUser,
   ...
@@ -66,16 +65,24 @@
     description = "Set Samba password for ${primaryUser}";
     wantedBy = [ "multi-user.target" ];
     after = [
-      "smbd.service"
-      "sops-nix.service"
+      "samba-smbd.service"
+      "sops-install-secrets.service"
     ];
-    requires = [ "smbd.service" ];
+    requires = [ "samba-smbd.service" ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
       ExecStart = pkgs.writeShellScript "samba-set-password" ''
-        PASSWORD=$(cat /run/secrets/smb-password-phil)
-        echo -e "$PASSWORD\n$PASSWORD" | ${pkgs.samba}/bin/smbpasswd -a -s ${primaryUser}
+        # Wait for smbd to initialize its passdb
+        for i in $(seq 1 10); do
+          [ -f /var/lib/samba/private/passdb.tdb ] && break
+          echo "Waiting for passdb.tdb... attempt $i"
+          sleep 1
+        done
+
+        PASSWORD=$(cat /run/secrets/smb_passwd)
+        (echo "$PASSWORD"; echo "$PASSWORD") | ${pkgs.samba}/bin/smbpasswd -a -s ${primaryUser} || \
+        (echo "$PASSWORD"; echo "$PASSWORD") | ${pkgs.samba}/bin/smbpasswd -s ${primaryUser}
       '';
     };
   };
diff --git a/hosts/cyper-desktop/hardware-configuration.nix b/hosts/cyper-desktop/hardware-configuration.nix
index ada95d2..2ff5aa2 100644
--- a/hosts/cyper-desktop/hardware-configuration.nix
+++ b/hosts/cyper-desktop/hardware-configuration.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   modulesPath,
+  primaryUser,
   ...
 }:
 
@@ -32,6 +33,17 @@
     '';
   };
 
+  sops = {
+    secrets.smb_passwd = { };
+
+    templates.smb_credentials = {
+      content = ''
+        username=${primaryUser}
+        password=${config.sops.placeholder.smb_passwd}
+      '';
+    };
+  };
+
   fileSystems = {
     "/" = {
       device = "/dev/disk/by-label/NIXROOT";
@@ -51,7 +63,32 @@
       device = "/dev/disk/by-label/STORAGE";
       fsType = "ext4";
     };
-  };
+  }
+  // builtins.listToAttrs (
+    map
+      (share: {
+        name = "/shares/${share}";
+        value = {
+          device = "//127.0.0.1/${share}";
+          fsType = "cifs";
+          options = [
+            "credentials=${config.sops.templates.smb_credentials.path}"
+            "iocharset=utf8"
+            "_netdev"
+            "auto"
+            "x-systemd.requires=samba-smbd.service"
+            "x-systemd.after=samba-smbd.service"
+            "x-systemd.requires=sops-install-secrets.service"
+            "x-systemd.after=sops-install-secrets.service"
+          ];
+        };
+      })
+      [
+        "internal"
+        "fast"
+        "backup"
+      ]
+  );
 
   swapDevices = [ ];