diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix
index 9f0c2504..0e2428c5 100644
--- a/hosts/tower/boot/default.nix
+++ b/hosts/tower/boot/default.nix
@@ -4,7 +4,6 @@ let
     # VM/GPU passthrough
     "amd_iommu=on"
     "iommu=pt"
-    "nested=1"
 
     # Isolate devices into IOMMU groups
     "pcie_acs_override=downstream,multifunction"
diff --git a/modules/system/services/server/nfs/default.nix b/modules/system/services/server/nfs/default.nix
index 82dc43ba..e241400f 100644
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@@ -4,8 +4,8 @@
 
   config = lib.mkIf config.services.nfs.server.enable {
     services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter}, ${midas}, ${kitty}, ${prophet} } tcp dport 2049 accept
+    networking.firewall.extraInputRules = with lib; ''
+      ip6 saddr { ${concatStringsSep ", " (attrValues config.services.mycelium.ips)} } tcp dport 2049 accept
     '';
   };
 }