diff --git a/.gitignore b/.gitignore
index dc423c0..36cb5c0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-./secrets
+./secrets/*
 
diff --git a/configuration.nix b/configuration.nix
index f718406..7d64cdc 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,6 +6,7 @@
     # Add further modules here later, e.g.:
     ./programs.nix
     ./services/forgejo.nix
+    ./mount.nix
     # ./modules/nextcloud.nix
     # ./modules/wireguard.nix
     # ./modules/docker.nix
diff --git a/mount.nix b/mount.nix
new file mode 100644
index 0000000..e1de835
--- /dev/null
+++ b/mount.nix
@@ -0,0 +1,68 @@
+# /etc/nixos/mount.nix
+{ config, pkgs, ... }:
+
+{
+  # ============================================================
+  # Storage mounts
+  # All mounts point to subaccounts of the Hetzner Storage Box.
+  # Each subaccount is dedicated to a specific project.
+  # Credentials files are located in /etc/nixos/secrets/ (.gitignored)
+  #
+  # Credentials file format:
+  #   username=u547668-subX
+  #   password=YOUR_PASSWORD
+  # ============================================================
+
+  fileSystems = {
+
+    # ------------------------------------------------------------
+    # Nextcloud – CIFS/SMB only (subaccount: u547668-sub7)
+    # Samba must be enabled in the Hetzner Robot Panel!
+    # Credentials: /etc/nixos/secrets/storagebox-nextcloud-credentials
+    # ------------------------------------------------------------
+    "/mnt/storagebox-nextcloud" = {
+      device = "//u547668-sub7.your-storagebox.de/u547668-sub7";
+      fsType = "cifs";
+      options = [
+        "credentials=/etc/nixos/secrets/storagebox-nextcloud-credentials"
+        "uid=nextcloud"
+        "gid=nextcloud"
+        "file_mode=0770"
+        "dir_mode=0770"
+        "vers=3.0"
+        "x-systemd.automount"
+        "x-systemd.requires=network-online.target"
+        "_netdev"
+        "nofail"
+      ];
+    };
+
+    # ------------------------------------------------------------
+    # Add further subaccount mounts here, e.g.:
+    #
+    # "/mnt/storagebox-PROJECTNAME" = {
+    #   device = "//u547668-subX.your-storagebox.de/u547668-subX";
+    #   fsType = "cifs";  # or "fuse.sshfs" if SSH access is enabled
+    #   options = [
+    #     "credentials=/etc/nixos/secrets/storagebox-PROJECTNAME-credentials"
+    #     "uid=USER"
+    #     "gid=GROUP"
+    #     "file_mode=0770"
+    #     "dir_mode=0770"
+    #     "vers=3.0"
+    #     "x-systemd.automount"
+    #     "x-systemd.requires=network-online.target"
+    #     "_netdev"
+    #     "nofail"
+    #   ];
+    # };
+    # ------------------------------------------------------------
+
+  };
+
+  # Required for CIFS/SMB mounts
+  environment.systemPackages = with pkgs; [
+    cifs-utils
+    sshfs
+  ];
+}
diff --git a/secrets/storagebox-nextcloud-credentials b/secrets/storagebox-nextcloud-credentials
new file mode 100644
index 0000000..fbc39c9
--- /dev/null
+++ b/secrets/storagebox-nextcloud-credentials
@@ -0,0 +1,2 @@
+username=u547668-sub7
+password=EwaZs*j*2Xb6PHuHAVqz