diff --git a/hosts/prophet/services/default.nix b/hosts/prophet/services/default.nix
index 7de2570c..1c8b896a 100644
--- a/hosts/prophet/services/default.nix
+++ b/hosts/prophet/services/default.nix
@@ -4,6 +4,7 @@
     cloudflare-dyndns.enable = true;
     mailserver.enable = true;
     mysql.enable = true;
+    nfs.server.enable = true;
     nginx.enable = true;
   };
 }
diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix
index 32d9076a..cfa330ff 100644
--- a/hosts/tower/filesystems/default.nix
+++ b/hosts/tower/filesystems/default.nix
@@ -41,5 +41,10 @@
       fsType = "nfs4";
       options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
     };
+    "/home/${config.sysusers.main}/Network/Prophet" = {
+      device = "mx.nixfox.ca:/storage";
+      fsType = "nfs4";
+      options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
+    };
   };
 }
diff --git a/modules/system/services/server/nfs/default.nix b/modules/system/services/server/nfs/default.nix
index eab19619..43165cbd 100644
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@@ -4,6 +4,6 @@
 
   config = lib.mkIf config.services.nfs.server.enable {
     services.nfs.server.exports = "/storage *(rw,sync,no_subtree_check)";
-    networking.firewall.extraInputRules = "ip saddr 11.0.0.0/8 tcp dport 2049 accept";
+    networking.firewall.extraInputRules = "ip saddr { 11.0.0.0/8, ${config.secrets.ips.bun} } tcp dport 2049 accept";
   };
 }