diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix
index 90d610cd..dfa4b851 100644
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@@ -17,6 +17,7 @@
     stateVersion = "20.09";
     docker.enable = true;
     nginx.enable = true;
+    nextcloud.enable = true;
     ovh.enable = true;
     smartd.enable = true;
     sshd.enable = true;
diff --git a/machines/lasting-integrity/secret.nix b/machines/lasting-integrity/secret.nix
index c95ad9c5..e38f5a8d 100644
Binary files a/machines/lasting-integrity/secret.nix and b/machines/lasting-integrity/secret.nix differ
diff --git a/modules/default.nix b/modules/default.nix
index cf59e55a..42942292 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -11,6 +11,7 @@
     ./git.nix
     ./global-mailer.nix
     ./minecraft.nix
+    ./nextcloud.nix
     ./nix.nix
     ./nginx.nix
     ./ovh.nix
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
new file mode 100644
index 00000000..ff755bb9
--- /dev/null
+++ b/modules/nextcloud.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ...}:
+
+{
+  options.chvp.nextcloud.enable = lib.mkOption {
+    default = false;
+    example = true;
+  };
+  config = lib.mkIf config.chvp.nextcloud.enable {
+    services = {
+      nextcloud = {
+        home = "${config.chvp.dataPrefix}/var/lib/nextcloud";
+        https = true;
+        hostName = "nextcloud.vanpetegem.me";
+        enable = true;
+        autoUpdateApps.enable = true;
+        package = pkgs.nextcloud21;
+        config = {
+          dbuser = "nextcloud";
+          dbname = "nextcloud";
+          dbtype = "pgsql";
+          dbhost = "/run/postgresql";
+          adminuser = "admin";
+          adminpassFile = "${config.chvp.dataPrefix}/var/secrets/nextcloud-admin-password";
+        };
+      };
+      nginx.virtualHosts."nextcloud.vanpetegem.me" = {
+        forceSSL = true;
+        useACMEHost = "vanpetegem.me";
+      };
+      postgresql = {
+        enable = true;
+        dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+        ensureDatabases = [ "nextcloud" ];
+        ensureUsers = [{
+          name = "nextcloud";
+          ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; };
+        }];
+      };
+    };
+  };
+}