diff --git a/nix/nixos-modules/default.nix b/nix/nixos-modules/default.nix
index 5df53ec..c7b028e 100644
--- a/nix/nixos-modules/default.nix
+++ b/nix/nixos-modules/default.nix
@@ -39,6 +39,7 @@ in
     ./secrix.nix
     ./useable.nix
     ./vmCommon.nix
+    ./zfsServer.nix
   ];
 
   # this one defines common options for my systems to my modules
diff --git a/nix/nixos-modules/zfsServer.nix b/nix/nixos-modules/zfsServer.nix
new file mode 100644
index 0000000..886000c
--- /dev/null
+++ b/nix/nixos-modules/zfsServer.nix
@@ -0,0 +1,74 @@
+{
+  config,
+  lib,
+  options,
+  pkgs,
+  ...
+}:
+let
+  # library
+  inherit (lib.lists) singleton;
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+  # config
+  cfg = config.x-banananetwork.zfsServer;
+  servOpts = options.services.zfs;
+  zfsPkg = config.boot.zfs.package;
+
+  # custom ZFS pool management scripts
+  mgmtScripts = [
+    (pkgs.writeShellApplication {
+      name = "zpool-create-enc";
+      runtimeInputs = singleton zfsPkg;
+      text = ''
+        keydir="/root/zfs-keys";
+        if [[ $# -lt 2 ]]; then
+          echo "Usage: $0 <pool-name> <opts|layout>" >&2
+          exit 1
+        fi
+        pool="$1"
+        shift 1
+        keyfile="$keydir/$pool"
+        if [[ ! -r "$keyfile" ]]; then
+          echo "Expected keyfile $keyfile to be prepared (readable file)" >&2
+          exit 2
+        fi
+        set -x
+        zpool create -O encryption=on -O keylocation="file://$keyfile" -O keyformat=hex "$pool" "$@"
+      '';
+    })
+  ];
+
+in
+{
+
+  options.x-banananetwork.zfsServer = {
+    enable = mkEnableOption "banananet.work ZFS server config (including scrub & trim requiring timing)";
+    warnOnDefaultTimings = mkEnableOption "warnings for default timings for ZFS scrub & trim" // {
+      default = true;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.supportedFilesystems.zfs = true;
+    environment.systemPackages =
+      mgmtScripts
+      ++ (with pkgs; [
+        jdupes
+      ]);
+    services.zfs = {
+      autoScrub.enable = true;
+      trim.enable = true;
+      # TODO zed.settings to send via ntfy script
+    };
+    warnings = mkIf cfg.warnOnDefaultTimings [
+      (mkIf (
+        servOpts.autoScrub.interval.highestPrio >= 1500
+      ) "[zfsServer] services.zfs.autoScrub.interval still uses default value")
+      (mkIf (
+        servOpts.trim.interval.highestPrio >= 1500
+      ) "[zfsServer] services.zfs.trim.interval still uses default value")
+    ];
+  };
+
+}