diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix
index ac1d02b..97a6711 100644
--- a/configurations/nixos/defiant/services.nix
+++ b/configurations/nixos/defiant/services.nix
@@ -6,7 +6,6 @@
   ...
 }: let
   jellyfinPort = 8096;
-  nfsPort = 2049;
   dnsPort = 53;
   httpPort = 80;
   httpsPort = 443;
@@ -264,16 +263,6 @@ in {
       # DNS stub needs to be disabled so pi hole can bind
       # resolved.extraConfig = "DNSStubListener=no";
 
-      nfs.server = {
-        enable = true;
-        exports = ''
-          /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-          /home/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-          /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-          /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-        '';
-      };
-
       postgresql = {
         enable = true;
         ensureUsers = [
@@ -432,7 +421,6 @@ in {
         httpPort
         httpsPort
         dnsPort
-        nfsPort
       ]
       ++ (lib.optional isDebug [
         jellyfinPort
diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix
index 5ed217e..5881310 100644
--- a/modules/nixos-modules/server/network_storage/nfs.nix
+++ b/modules/nixos-modules/server/network_storage/nfs.nix
@@ -6,6 +6,11 @@
   options = {
     host.network_storage.nfs = {
       enable = lib.mkEnableOption "is this server going to export network storage as nfs shares";
+      port = lib.mkOption {
+        type = lib.types.int;
+        default = 2049;
+        description = "port that nfs will run on";
+      };
       directories = lib.mkOption {
         type = lib.types.listOf (
           lib.types.enum (
@@ -44,6 +49,9 @@
             )
           );
         };
+        networking.firewall.allowedTCPPorts = [
+          config.host.network_storage.nfs.port
+        ];
       }
     )
   ];