diff --git a/devices/cluster/modules/caddy.nix b/devices/cluster/modules/caddy.nix
index bd9c3734..e191a661 100644
--- a/devices/cluster/modules/caddy.nix
+++ b/devices/cluster/modules/caddy.nix
@@ -10,6 +10,8 @@
   caddy = caddy-plugins.packages.${pkgs.system}.default;
 in {
   imports = [caddy-plugins.nixosModules.default];
+
+  # User stuff
   environment.systemPackages = [caddy];
   users.users.${mainUser}.extraGroups = ["caddy"];
 
diff --git a/devices/cluster/modules/pacemaker/default.nix b/devices/cluster/modules/pacemaker/default.nix
index 7d530a1f..444ca1bc 100644
--- a/devices/cluster/modules/pacemaker/default.nix
+++ b/devices/cluster/modules/pacemaker/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+{pkgs, ...}: {
   imports = [
     ./options.nix
     ../corosync.nix
@@ -7,20 +7,38 @@
   ];
 
   # TODO: update script
-  services.pacemaker = {
-    enable = true;
+  services = {
+    pacemaker = {
+      enable = true;
 
-    resources = {
-      "caddy" = {
-        enable = true;
-        virtualIps = [
-          {
-            id = "main";
-            interface = "eno1";
-            ip = "10.0.0.130";
-          }
-        ];
+      resources = {
+        "caddy" = {
+          enable = true;
+          virtualIps = [
+            {
+              id = "main";
+              interface = "eno1";
+              ip = "10.0.0.130";
+            }
+          ];
+        };
       };
     };
+
+    rpcbind.enable = true; # needed for NFS
   };
+
+  environment.systemPackages = with pkgs; [nfs-utils];
+
+  systemd.mounts = [
+    {
+      type = "nfs";
+      mountConfig = {
+        Options = "noatime";
+      };
+      what = "servivi:/caddy";
+      where = "/var/lib/caddy";
+      requiredBy = ["caddy.service"];
+    }
+  ];
 }
diff --git a/devices/cluster/modules/pacemaker/options.nix b/devices/cluster/modules/pacemaker/options.nix
index 934346d8..af45b1ba 100644
--- a/devices/cluster/modules/pacemaker/options.nix
+++ b/devices/cluster/modules/pacemaker/options.nix
@@ -204,6 +204,7 @@ in {
 
           script = ''
             # The config needs to be installed from one node only
+            # TODO: add assertion, corosync must be enabled with at least one node
             if [ "$(uname -n)" = ${host1} ]; then
                 # TODO: setup stonith / fencing
                 crm_attribute --type crm_config --name stonith-enabled --update false