diff --git a/fs0.nix b/fs0.nix
index 60f4fb8..a07bbc1 100644
--- a/fs0.nix
+++ b/fs0.nix
@@ -1,49 +1,48 @@
 with import <nixpkgs> {};
 let
   pki = pkgs.callPackage ./lib/pki.nix {};
-  certs = {
-    ca = pki.ca;
-    fs0 = pki.trust "fs0" ''
-        "fs0-0",
-        "fs0-1",
-        "fs0-2",
-        "10.253.18.106",
-        "10.1.2.164",
-        "10.253.18.100",
-        "127.0.0.1"
-      '';
-  };
   clusterHosts = ''
-    10.253.18.106 fs0-0
-    10.1.2.164    fs0-1
-    10.253.18.100 fs0-2
+    10.253.18.106 fs0-0 fs0-0.local
+    10.1.2.164    fs0-1 fs0-1.local
+    10.253.18.100 fs0-2 fs0-2.local
   '';
 
-  nixosConfig = node: {
-    imports = [ (./hardware-configuration + "/${node}.nix") ./nixos/configuration.nix ];
+  nixosConfig = node: ip:
+  let
+    cert = pki.trust node ''"${node}", "${ip}", "127.0.0.1"'';
+  in
+  {
+    imports = [
+      (./nixos/hardware-configuration + "/${node}.nix")
+      ./nixos/configuration.nix
+    ];
+    boot.kernelModules = [
+      "dm_snapshot"
+      "dm_mirror"
+      "dm_thin_pool"
+    ];
     networking = {
       hostName = node;
       extraHosts = clusterHosts;
+      firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
+      firewall.allowedTCPPorts = [ 111 ];
+      firewall.allowedUDPPorts = [ 111 24007 24008 ];
     };
     services.glusterfs = {
       enable = true;
       tlsSettings = {
-        caCert = certs.ca.cert;
-        tlsKeyPath = certs.fs0.key;
-        tlsPem = certs.fs0.cert;
+        caCert = pki.ca.cert;
+        tlsKeyPath = cert.key;
+        tlsPem = cert.cert;
       };
     };
-    networking.firewall.extraCommands = ''
-        iptables -I INPUT -p all -s 10.253.18.100 -j ACCEPT
-        iptables -I INPUT -p all -s 10.253.18.106 -j ACCEPT
-        iptables -I INPUT -p all -s 10.1.2.164 -j ACCEPT
-    '';
+    environment.systemPackages = [ pkgs.lvm2 ];
   };
 in
 {
   fs0-0 = { ... }:
     let
-      base = nixosConfig "fs0-0";
+      base = nixosConfig "fs0-0" "10.253.18.106";
     in
     {
       deployment.targetHost = "10.253.18.106";
@@ -51,7 +50,7 @@ in
       services.nfs.server = {
         enable=true;
         exports= ''
-          /data/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
+          /vol/brick0/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash)
         '';
       };
       networking.firewall.allowedTCPPorts = [ 111 2049 ];
@@ -59,7 +58,7 @@ in
     };
   fs0-1 = { ... }:
     let
-      base = nixosConfig "fs0-1";
+      base = nixosConfig "fs0-1" "10.1.2.164";
     in
     {
       deployment.targetHost = "10.1.2.164";
diff --git a/nixos/hardware-configuration/fs0-0.nix b/nixos/hardware-configuration/fs0-0.nix
index 655171f..563ac99 100644
--- a/nixos/hardware-configuration/fs0-0.nix
+++ b/nixos/hardware-configuration/fs0-0.nix
@@ -18,8 +18,8 @@
     { device = "/dev/disk/by-uuid/c1e78683-4fde-4029-a9f3-7631df649b2f";
       fsType = "ext4";
     };
-  fileSystems."/data" =
-    { device = "/dev/sdb1";
+  fileSystems."/vol/brick0" =
+    { device = "/dev/gfs_vg/brick0";
       fsType = "ext4";
     };
 
diff --git a/nixos/hardware-configuration/fs0-1.nix b/nixos/hardware-configuration/fs0-1.nix
index e7cc1f4..8904117 100644
--- a/nixos/hardware-configuration/fs0-1.nix
+++ b/nixos/hardware-configuration/fs0-1.nix
@@ -18,6 +18,10 @@
     { device = "/dev/disk/by-uuid/c130b88c-0699-4836-b967-47bdee0a5453";
       fsType = "ext4";
     };
+  fileSystems."/vol/brick0" =
+    { device = "/dev/gfs_vg/brick0";
+      fsType = "ext4";
+    };
 
   swapDevices = [ ];