diff --git a/modules/mount-sisko/default.nix b/modules/mount-sisko/default.nix
index 5ae34a0..61671a5 100644
--- a/modules/mount-sisko/default.nix
+++ b/modules/mount-sisko/default.nix
@@ -4,18 +4,24 @@
   ...
 }:
 {
-  fileSystems."/home/${config.ccr.username}/torrent" = {
-    device = "//sisko.fleet/torrent";
-    fsType = "cifs";
-    options =
-      let
-        credentials = pkgs.writeText "credentials" ''
-          username=guest
-          password=
-        '';
-      in
-      [
-        "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=1000,gid=1000"
-      ];
+  environment.systemPackages = with pkgs; [ nfs-utils ];
+  boot.supportedFilesystems = [ "nfs" ];
+  services.rpcbind.enable = true;
+
+  security.wrappers."mount.nfs" = {
+    setuid = true;
+    owner = "root";
+    group = "root";
+    source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
+  };
+
+  fileSystems."/home/${config.ccr.username}/nas" = {
+    device = "sisko.fleet:/hd";
+    fsType = "nfs";
+    options = [
+      "x-systemd.automount"
+      "noauto"
+      "user"
+    ];
   };
 }
diff --git a/modules/sisko-nfs/default.nix b/modules/sisko-nfs/default.nix
new file mode 100644
index 0000000..7e9b82b
--- /dev/null
+++ b/modules/sisko-nfs/default.nix
@@ -0,0 +1,20 @@
+{
+  systemd.tmpfiles.rules = [
+    "d /export 770 nobody nogroup"
+  ];
+
+  fileSystems."/export/hd" = {
+    device = "/mnt/hd";
+    options = [ "bind" ];
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /export     10.100.0.1/24(rw,fsid=0,no_subtree_check)
+      /export/hd  10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+}