diff --git a/2-nomad-config/1-data/postgres.tf b/2-nomad-config/1-data/postgres.tf
index d5f46c8..00de7d7 100644
--- a/2-nomad-config/1-data/postgres.tf
+++ b/2-nomad-config/1-data/postgres.tf
@@ -18,27 +18,9 @@ resource "nomad_variable" "postgres" {
   }
 }
 
-resource "nomad_csi_volume_registration" "unraid_database_dump" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_database_dump"
-  name      = "unraid_database_dump"
-
-  external_id = "unraid_database_dump"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/database-dump"
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_database_dump" {
+  source = "../modules/unraid_smb"
+  name   = "dump"
+  id     = "unraid_database_dump"
+  share  = "database-dump"
 }
diff --git a/2-nomad-config/2-ingress/traefik.tf b/2-nomad-config/2-ingress/traefik.tf
index 6c9d4cd..03ca59d 100644
--- a/2-nomad-config/2-ingress/traefik.tf
+++ b/2-nomad-config/2-ingress/traefik.tf
@@ -32,28 +32,8 @@ resource "nomad_job" "traefik" {
   })
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_traefik" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_traefik"
-  name      = "unraid_appdata_traefik"
-
-  external_id = "unraid_appdata_traefik"
-
-  capability {
-    access_mode     = "multi-node-multi-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "traefik" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_traefik" {
+  source      = "../modules/appdata"
+  name        = "traefik"
+  access_mode = "multi-node-multi-writer"
 }
diff --git a/2-nomad-config/deluge.tf b/2-nomad-config/deluge.tf
index 066115e..0974020 100644
--- a/2-nomad-config/deluge.tf
+++ b/2-nomad-config/deluge.tf
@@ -11,54 +11,14 @@ resource "nomad_variable" "deluge" {
   }
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_deluge" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_deluge"
-  name      = "unraid_appdata_deluge"
-
-  external_id = "unraid_appdata_deluge"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "deluge" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_deluge" {
+  source = "./modules/appdata"
+  name   = "deluge"
 }
 
-resource "nomad_csi_volume_registration" "unraid_media_deluge" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_media_deluge"
-  name      = "unraid_media_deluge"
-
-  external_id = "unraid_media_deluge"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media"
-    subDir = "downloads"
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_deluge_media" {
+  source = "./modules/unraid_smb"
+  name   = "deluge"
+  share  = "media"
+  subDir = "downloads"
 }
diff --git a/2-nomad-config/gitea.tf b/2-nomad-config/gitea.tf
index 8a76d7d..3af939f 100644
--- a/2-nomad-config/gitea.tf
+++ b/2-nomad-config/gitea.tf
@@ -33,28 +33,7 @@ resource "postgresql_database" "gitea" {
   owner = postgresql_role.gitea.name
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_gitea" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_gitea"
-  name      = "unraid_appdata_gitea"
-
-  external_id = "unraid_appdata_gitea"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "gitea" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_gitea" {
+  source = "./modules/appdata"
+  name   = "gitea"
 }
diff --git a/2-nomad-config/immich.tf b/2-nomad-config/immich.tf
index 96b9958..06c3e67 100644
--- a/2-nomad-config/immich.tf
+++ b/2-nomad-config/immich.tf
@@ -34,107 +34,29 @@ resource "nomad_variable" "immich" {
   }
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_immich" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_immich"
-  name      = "unraid_appdata_immich"
-
-  external_id = "unraid_appdata_immich"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "immich" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_immich" {
+  source = "./modules/appdata"
+  name   = "immich"
 }
 
-resource "nomad_csi_volume_registration" "unraid_media_photosvideos" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_media_photosvideos"
-  name      = "unraid_media_photosvideos"
-
-  external_id = "unraid_media_photosvideos"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media"
-    subDir = "Photos and Videos" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_immich_photosvideos" {
+  source = "./modules/unraid_smb"
+  name   = "photosvideos"
+  share  = "media"
+  subDir = "Photos and Videos"
 }
 
-resource "nomad_csi_volume_registration" "unraid_media_immich_encodedvideo" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_media_immich_encodedvideo"
-  name      = "unraid_media_immich_encodedvideo"
-
-  external_id = "unraid_media_immich_encodedvideo"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media"
-    subDir = "immich/encoded-video" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_immich_encodedvideo" {
+  source = "./modules/unraid_smb"
+  name   = "immich_encodedvideo"
+  share  = "media"
+  subDir = "immich/encoded-video"
 }
 
-resource "nomad_csi_volume_registration" "unraid_mediadump_photosvideos" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_mediadump_photosvideos"
-  name      = "unraid_mediadump_photosvideos"
-
-  external_id = "unraid_mediadump_photosvideos"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media-dump"
-    subDir = "Photos and Videos" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_immich_mediadump_photosvideos" {
+  source = "./modules/unraid_smb"
+  name   = "photosvideos"
+  id     = "unraid_mediadump_photosvideos"
+  share  = "media-dump"
+  subDir = "Photos and Videos"
 }
-
diff --git a/2-nomad-config/jellyfin.tf b/2-nomad-config/jellyfin.tf
index f3d0bfb..a7494e5 100644
--- a/2-nomad-config/jellyfin.tf
+++ b/2-nomad-config/jellyfin.tf
@@ -3,53 +3,13 @@ resource "nomad_job" "jellyfin" {
   jobspec = file("jellyfin.nomad.hcl")
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_jellyfin" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_jellyfin"
-  name      = "unraid_appdata_jellyfin"
-
-  external_id = "unraid_appdata_jellyfin"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "jellyfin" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_jellyfin" {
+  source = "./modules/appdata"
+  name   = "jellyfin"
 }
 
-resource "nomad_csi_volume_registration" "unraid_media_jellyfin" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_media_jellyfin"
-  name      = "unraid_media_jellyfin"
-
-  external_id = "unraid_media_jellyfin"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media"
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_jellyfin_media" {
+  source = "./modules/unraid_smb"
+  name   = "jellyfin"
+  share  = "media"
 }
diff --git a/2-nomad-config/modules/appdata/main.tf b/2-nomad-config/modules/appdata/main.tf
new file mode 100644
index 0000000..868b231
--- /dev/null
+++ b/2-nomad-config/modules/appdata/main.tf
@@ -0,0 +1,62 @@
+terraform {
+  required_providers {
+    sops = {
+      source  = "carlpett/sops"
+      version = "~> 0.5"
+    }
+  }
+}
+
+variable "name" {
+  description = "Name of the application, also used as subdir on the unraid appdata share"
+  type        = string
+}
+
+variable "id" {
+  description = "ID to use for the volume registration, defaults to name with - replaced by _"
+  type        = string
+  default     = null
+}
+
+variable "access_mode" {
+  description = "CSI volume access mode"
+  type        = string
+  default     = "single-node-writer"
+  validation {
+    condition     = contains(["single-node-writer", "multi-node-multi-writer"], var.access_mode)
+    error_message = "access_mode must be either 'single-node-writer' or 'multi-node-multi-writer'"
+  }
+}
+
+data "nomad_plugin" "smb" {
+  plugin_id        = "smb"
+  wait_for_healthy = true
+}
+
+data "sops_file" "secrets" {
+  source_file = "secrets/secrets.enc.json"
+}
+
+resource "nomad_csi_volume_registration" "this" {
+  depends_on = [data.nomad_plugin.smb]
+  plugin_id  = "smb"
+
+  volume_id   = var.id != null ? var.id : "unraid_appdata_${replace(var.name, "-", "_")}"
+  name        = var.id != null ? var.id : "unraid_appdata_${replace(var.name, "-", "_")}"
+  external_id = var.id != null ? var.id : "unraid_appdata_${replace(var.name, "-", "_")}"
+
+  capability {
+    access_mode     = var.access_mode
+    attachment_mode = "file-system"
+  }
+
+  context = {
+    source = "//betelgeuse-seven-unraid.lan/appdata"
+    subDir = var.name
+  }
+
+  secrets = {
+    "username" = "nomad"
+    "password" = data.sops_file.secrets.data["unraid.nomad"]
+  }
+}
diff --git a/2-nomad-config/modules/unraid_smb/main.tf b/2-nomad-config/modules/unraid_smb/main.tf
new file mode 100644
index 0000000..c966d64
--- /dev/null
+++ b/2-nomad-config/modules/unraid_smb/main.tf
@@ -0,0 +1,62 @@
+terraform {
+  required_providers {
+    sops = {
+      source  = "carlpett/sops"
+      version = "~> 0.5"
+    }
+  }
+}
+
+variable "name" {
+  description = "Name of the volume registration"
+  type        = string
+}
+
+variable "id" {
+  description = "ID to use for the volume registration, defaults to name with - replaced by _"
+  type        = string
+  default     = null
+}
+
+variable "share" {
+  description = "Name of the SMB share on the unraid server"
+  type        = string
+}
+
+variable "subDir" {
+  description = "Subdirectory within the SMB share"
+  type        = string
+  default     = null
+}
+
+data "nomad_plugin" "smb" {
+  plugin_id        = "smb"
+  wait_for_healthy = true
+}
+
+data "sops_file" "secrets" {
+  source_file = "secrets/secrets.enc.json"
+}
+
+resource "nomad_csi_volume_registration" "this" {
+  depends_on = [data.nomad_plugin.smb]
+  plugin_id  = "smb"
+
+  volume_id   = var.id != null ? var.id : "unraid_${var.share}_${replace(var.name, "-", "_")}"
+  name        = var.id != null ? var.id : "unraid_${var.share}_${replace(var.name, "-", "_")}"
+  external_id = var.id != null ? var.id : "unraid_${var.share}_${replace(var.name, "-", "_")}"
+
+  capability {
+    access_mode     = "single-node-writer"
+    attachment_mode = "file-system"
+  }
+
+  context = merge({
+    source = "//betelgeuse-seven-unraid.lan/${var.share}"
+  }, var.subDir == null ? {} : { "subDir" = var.subDir })
+
+  secrets = {
+    "username" = "nomad"
+    "password" = data.sops_file.secrets.data["unraid.nomad"]
+  }
+}
diff --git a/2-nomad-config/prowlarr.tf b/2-nomad-config/prowlarr.tf
index 6be5eb0..d15f8fb 100644
--- a/2-nomad-config/prowlarr.tf
+++ b/2-nomad-config/prowlarr.tf
@@ -26,28 +26,7 @@ resource "postgresql_database" "prowlarr_log" {
   owner = postgresql_role.prowlarr.name
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_prowlarr" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_prowlarr"
-  name      = "unraid_appdata_prowlarr"
-
-  external_id = "unraid_appdata_prowlarr"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "prowlarr" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_prowlarr" {
+  source = "./modules/appdata"
+  name   = "prowlarr"
 }
diff --git a/2-nomad-config/sonarr.tf b/2-nomad-config/sonarr.tf
index 9566f8b..9bfe7b7 100644
--- a/2-nomad-config/sonarr.tf
+++ b/2-nomad-config/sonarr.tf
@@ -26,53 +26,13 @@ resource "postgresql_database" "sonarr_log" {
   owner = postgresql_role.sonarr.name
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_sonarr" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_sonarr"
-  name      = "unraid_appdata_sonarr"
-
-  external_id = "unraid_appdata_sonarr"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "sonarr" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_sonarr" {
+  source = "./modules/appdata"
+  name   = "sonarr"
 }
 
-resource "nomad_csi_volume_registration" "unraid_media_sonarr" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_media_sonarr"
-  name      = "unraid_media_sonarr"
-
-  external_id = "unraid_media_sonarr"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/media"
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "unraid_smb_sonarr_media" {
+  source = "./modules/unraid_smb"
+  name   = "sonarr"
+  share  = "media"
 }
diff --git a/2-nomad-config/transfer.tf b/2-nomad-config/transfer.tf
index a503313..e450909 100644
--- a/2-nomad-config/transfer.tf
+++ b/2-nomad-config/transfer.tf
@@ -2,53 +2,14 @@ resource "nomad_job" "transfer" {
   jobspec = file("transfer.nomad.hcl")
 }
 
-resource "nomad_csi_volume_registration" "unraid_transfer" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_transfer"
-  name      = "unraid_transfer"
-
-  external_id = "unraid_transfer"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/transfer"
-  }
-
-  secrets = {
-    "username" = "anon"
-    "password" = ""
-  }
+module "unraid_smb_transfer" {
+  source = "./modules/unraid_smb"
+  name   = "transfer"
+  id     = "unraid_transfer"
+  share  = "transfer"
 }
 
-resource "nomad_csi_volume_registration" "unraid_appdata_transferfilebrowser" {
-  #Note: Before chaning the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_transferfilebrowser"
-  name      = "unraid_appdata_transferfilebrowser"
-
-  external_id = "unraid_appdata_transferfilebrowser"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "transferfilebrowser" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_transferfilebrowser" {
+  source = "./modules/appdata"
+  name   = "transferfilebrowser"
 }
diff --git a/2-nomad-config/unifi.tf b/2-nomad-config/unifi.tf
index 2d8e710..5dfa376 100644
--- a/2-nomad-config/unifi.tf
+++ b/2-nomad-config/unifi.tf
@@ -3,30 +3,7 @@ resource "nomad_job" "unifi_network" {
   jobspec = file("unifi.nomad.hcl")
 }
 
-
-resource "nomad_csi_volume_registration" "unraid_appdata_unifi_network" {
-  # Note: Before changing the definition of this volume you need to stop the jobs that are using it
-  depends_on = [data.nomad_plugin.smb]
-  plugin_id  = "smb"
-
-  volume_id = "unraid_appdata_unifi_network"
-  name      = "unraid_appdata_unifi_network"
-
-  external_id = "unraid_appdata_unifi_network"
-
-  capability {
-    access_mode     = "single-node-writer"
-    attachment_mode = "file-system"
-  }
-
-  context = {
-    source = "//betelgeuse-seven-unraid.lan/appdata"
-    subDir = "unifi-network" # Note: Needs to be manually created on the share
-  }
-
-  secrets = {
-    "username" = "nomad"
-    "password" = data.sops_file.secrets.data["unraid.nomad"]
-  }
+module "appdata_unifi_network" {
+  source = "./modules/appdata"
+  name   = "unifi-network"
 }
-