diff --git a/README.md b/README.md
index 0e8ff07..6b3441d 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 - figure out steam vr things?
 - Open GL?
 - rotate sops encryption keys periodically (and somehow sync between devices?)
-- zfs email after scrubbing
+- zfs email after scrubbing # TODO: test this
 - wake on LAN for updates
 - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
 - Immich
diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 19b8f65..c8edcba 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -9,6 +9,9 @@
     "wireguard-keys/tailscale-authkey/defiant" = {
       sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
     };
+    "services/zfs_smtp_token" = {
+      sopsFile = "${inputs.secrets}/defiant-services.yaml";
+    };
   };
 
   host = {
@@ -23,6 +26,14 @@
     storage = {
       enable = true;
       encryption = true;
+      notifications = {
+        enable = true;
+        host = "smtp.protonmail.ch";
+        port = 587;
+        to = "leyla@jan-leila.com";
+        user = "leyla@jan-leila.com";
+        tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
+      };
       pool = {
         drives = [
           "ata-ST18000NE000-3G6101_ZVTCXVEB"
diff --git a/flake.lock b/flake.lock
index ffdbb04..56057f2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -234,11 +234,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1740328351,
-        "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=",
+        "lastModified": 1740340309,
+        "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=",
         "ref": "refs/heads/main",
-        "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b",
-        "revCount": 11,
+        "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6",
+        "revCount": 12,
         "type": "git",
         "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
       },
diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix
index b2685af..28afab1 100644
--- a/modules/nixos-modules/disko.nix
+++ b/modules/nixos-modules/disko.nix
@@ -1,5 +1,6 @@
 {
   lib,
+  pkgs,
   config,
   inputs,
   ...
@@ -23,6 +24,26 @@ in {
   options.host.storage = {
     enable = lib.mkEnableOption "are we going create zfs disks with disko on this device";
     encryption = lib.mkEnableOption "is the vdev going to be encrypted";
+    notifications = {
+      enable = lib.mkEnableOption "are notifications enabled";
+      host = lib.mkOption {
+        type = lib.types.str;
+        description = "what is the host that we are going to send the email to";
+      };
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = "what port is the host using to receive mail on";
+      };
+      to = lib.mkOption {
+        type = lib.types.str;
+        description = "what account is the email going to be sent to";
+      };
+      user = lib.mkOption {
+        type = lib.types.str;
+        description = "what user is the email going to be set from";
+      };
+      tokenFile = lib.mkOption {}; # TODO: make this a secrets file
+    };
     pool = {
       vdevs = lib.mkOption {
         type = lib.types.listOf (lib.types.listOf lib.types.str);
@@ -50,9 +71,48 @@ in {
   };
 
   config = lib.mkIf config.host.storage.enable {
+    programs.msmtp = lib.mkIf config.host.storage.notifications.enable {
+      enable = true;
+      setSendmail = true;
+      defaults = {
+        aliases = "/etc/aliases";
+        port = config.host.storage.notifications.port;
+        tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
+        tls = "on";
+        auth = "login";
+        tls_starttls = "off";
+      };
+      accounts = {
+        zfs_notifications = {
+          host = config.host.storage.notifications.host;
+          passwordeval = "cat ${config.host.storage.notifications.tokenFile}";
+          user = config.host.storage.notifications.user;
+          from = config.host.storage.notifications.user;
+        };
+      };
+    };
+
     services.zfs = {
       autoScrub.enable = true;
       autoSnapshot.enable = true;
+
+      zed = lib.mkIf config.host.storage.notifications.enable {
+        # this option is broken we are just going to disable it
+        enableMail = false;
+
+        settings = {
+          ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+          ZED_EMAIL_ADDR = [config.host.storage.notifications.to];
+          ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+          ZED_EMAIL_OPTS = "@ADDRESS@";
+
+          ZED_NOTIFY_INTERVAL_SECS = 3600;
+          ZED_NOTIFY_VERBOSE = true;
+
+          ZED_USE_ENCLOSURE_LEDS = true;
+          ZED_SCRUB_AFTER_RESILVER = true;
+        };
+      };
     };
 
     disko.devices = {