After some tinkering, I finally have my Hetzner StorageBox mounted on my NixOS server-securely, declaratively, and ready for anything. The setup is not just robust, it's also pretty slick: all credentials are managed with sops-nix, so there's no plaintext password mess, and the mount is fully automated via systemd and NixOS config.

Why Hetzner StorageBox?

Cheap and scalable storage, up to 20TB if needed.

Accessible via multiple protocols (CIFS/SMB, SFTP, WebDAV).

Though I went with CIFS for native filesystem integration and best compatibility with Linux apps.

Data is protected with RAID, and snapshots are available for extra safety.

Mounting with NixOS + sops

My NixOS config uses cifs-utils for the mount and sops-nix for all secrets. The actual credentials are encrypted in a SOPS YAML file, and only decrypted at activation time. This means I can safely keep my config in git, and everything is reproducible and auditable.