diff --git a/system/elysia-clarki.nix b/system/elysia-clarki.nix
index a100df5..3788699 100644
--- a/system/elysia-clarki.nix
+++ b/system/elysia-clarki.nix
@@ -2,7 +2,7 @@
 
 let
   cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
-  unlockLuksService = label: keyfile: {
+  unlockLuksService = label: keyfile: overwrites: lib.attrsets.recursiveUpdate {
     description = "Unlock luks encrypted device '${label}'";
     bindsTo = [ "dev-${label}.device" ];
     after = [ "dev-${label}.device" ];
@@ -16,12 +16,12 @@ let
         ${cryptsetup} luksClose ${label}opened
       '';
     };
-  };
+  } overwrites;
 
   disks = {
     FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
     BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
-    #sdc = "DB9876543214E";
+    HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
     LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
   };
 
@@ -47,9 +47,15 @@ in {
       '') disks);
   }];
 
-  systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra";
-  systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber";
-  systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej";
+  # Unlock all luks devices and import the zfs pools if necessary
+  systemd.services."luks-open-FRA" = unlockLuksService "FRA" "/root/keys/fra" {};
+  systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
+    serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
+  };
+  systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
+    serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
+  };
+  systemd.services."luks-open-LEJ" = unlockLuksService "LEJ" "/root/keys/lej" {};
 
   systemd.mounts = [
     { what = "/dev/mapper/FRAopened";
@@ -59,13 +65,6 @@ in {
       requires = [ "luks-open-FRA.service" ];
       after = [ "luks-open-FRA.service" ];
     }
-    { what = "/dev/mapper/BERopened";
-      where = "/srv/ber";
-      type = "ext4";
-      wantedBy = [ "default.target" ];
-      requires = [ "luks-open-BER.service" ];
-      after = [ "luks-open-BER.service" ];
-    }
     { what = "/dev/mapper/vg_lej-lv_lej";
       where = "/srv/lej";
       type = "ext4";
@@ -75,15 +74,17 @@ in {
     }
   ];
 
-  # services.restic.server = {
-  #   enable = true;
-  #   dataDir = "/srv/fra/restic";
-  #   listenAddress = "0.0.0.0:8000";
-  #   extraFlags = [ "--no-auth" ];
-  # };
+  services.restic.server = {
+    enable = true;
+    dataDir = "/srv/hnd/restic";
+    listenAddress = "0.0.0.0:8000";
+    extraFlags = [ "--no-auth" ];
+  };
   networking.firewall.allowedTCPPorts = [ 8000 ];
-
-  # systemd.services.restic-rest-server.unitConfig."RequiresMountsFor" = "/srv/fra/restic";
+  systemd.services.restic-rest-server.unitConfig = {
+    Requires = lib.mkForce [ "network.target" "luks-open-HND.service"];
+    After = lib.mkForce [ "network.target" "luks-open-HND.service"];
+  };
 
   services.ddclient = {
     enable = true;
@@ -92,7 +93,10 @@ in {
     username = "none";
     password = "jgBk7uJGnx6Evisz3118pJy4xMFw6y";
     zone = "home.dyn.tammena.rocks";
-    domains = [ "elysia-clarki.home.dyn.tammena.rocks" ];
+    domains = [
+      "elysia-clarki.home.dyn.tammena.rocks"
+      "bak.home.dyn.tammena.rocks"
+    ];
     extraConfig = "usev6=on";
   };