diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix
index 1a32e38..f14365b 100644
--- a/hosts/alyssum/samba.nix
+++ b/hosts/alyssum/samba.nix
@@ -1,88 +1,83 @@
-{ config, pkgs, ... }: {
-  networking.firewall.allowPing = true;
+{ config, lib, pkgs, ... }:
+let
+  configOn = user: let
+    passwd_fname = "passwd_smb${user}";
+  in {
+    age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
+    me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
 
-  age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age;
-  age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age;
+    users.users.${user} = {
+      hashedPasswordFile = config.age.secrets.passwd.path;
+      isNormalUser = true;
+    };
 
-  users.users.cilly = {
-    hashedPasswordFile = config.age.secrets.passwd.path;
-    isNormalUser = true;
-  };
-  users.users.kujira = {
-    hashedPasswordFile = config.age.secrets.passwd.path;
-    isNormalUser = true;
-  };
-  system.activationScripts = {
-    init_smbpasswd.text = let
-      smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
-    in ''
-      printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly
-
-      printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira
-    '';
-  };
-
-  services.samba = {
-    enable = true;
-    package = pkgs.samba4Full;
-    openFirewall = true;
-    settings = {
-      global = {
-        "server smb encrypt" = "required";
-        "workgroup" = "WORKGROUP";
-        "server string" = "smbnix";
-        "netbios name" = "smbnix";
-        "security" = "user";
-        "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
-        "hosts deny" = "0.0.0.0/0";
-        "guest account" = "nobody";
-        "map to guest" = "bad user";
-      };
-      "public" = {
-        "path" = "/flower/smb/public";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "hana";
-        "force group" = "users";
-      };
-      "cilly" = {
-        "path" = "/flower/smb/cilly";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "no";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "cilly";
-        "force group" = "users";
-        "valid users" = "cilly";
-      };
-      "kujira" = {
-        "path" = "/flower/smb/kujira";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "no";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "kujira";
-        "force group" = "users";
-        "valid users" = "kujira";
-      };
+    system.activationScripts = {
+      init_smbpasswd.text = let
+        smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
+      in ''
+        printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
+      '';
+    };
+    services.samba.settings."${user}" = {
+      "path" = "/flower/smb/${user}";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = user;
+      "force group" = "users";
+      "valid users" = user;
     };
   };
+in lib.mkMerge [
+  (configOn "cilly")
+  (configOn "kujira")
+  {
+    me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
 
-  services.samba-wsdd = {
-    enable = true;
-    openFirewall = true;
-  };
+    networking.firewall.allowPing = true;
 
-  services.avahi = {
-    enable = true;
-    openFirewall = true;
-    nssmdns4 = true;
-    publish.enable = true;
-    publish.userServices = true;
-  };
-}
+    services.samba = {
+      enable = true;
+      package = pkgs.samba4Full;
+      openFirewall = true;
+      settings = {
+        global = {
+          "server smb encrypt" = "required";
+          "workgroup" = "WORKGROUP";
+          "server string" = "smbnix";
+          "netbios name" = "smbnix";
+          "security" = "user";
+          "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
+          "hosts deny" = "0.0.0.0/0";
+          "guest account" = "nobody";
+          "map to guest" = "bad user";
+        };
+        "public" = {
+          "path" = "/flower/smb/public";
+          "browseable" = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "hana";
+          "force group" = "users";
+        };
+      };
+    };
+
+    services.samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    services.avahi = {
+      enable = true;
+      openFirewall = true;
+      nssmdns4 = true;
+      publish.enable = true;
+      publish.userServices = true;
+    };
+  }
+]
diff --git a/modules/binds.nix b/modules/binds.nix
index 9c7d4ad..c9ffe18 100644
--- a/modules/binds.nix
+++ b/modules/binds.nix
@@ -1,8 +1,12 @@
 { config, lib, ...}: {
   imports = [ ./options.nix ];
-  fileSystems = lib.mapAttrs (dest: key: {
+  fileSystems = lib.mapAttrs (dest: key: let
+    target = if (lib.strings.hasPrefix "/" key)
+      then key
+      else "/persist/binds/${key}";
+  in {
     depends = [ "/persist" ];
-    device = "/persist/binds/${key}";
+    device = target;
     fsType = "none";
     options = [ "bind" ];
   }) config.me.binds;