diff --git a/hosts/VEGAS/services/nextcloud/default.nix b/hosts/VEGAS/services/nextcloud/default.nix
new file mode 100644
index 0000000..a7042df
--- /dev/null
+++ b/hosts/VEGAS/services/nextcloud/default.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, tools, ... }:
+{
+  age.secrets = {
+    nextcloud-adminpass = {
+      file = ../../../../secrets/nextcloud-adminpass.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "0400";
+    };
+    nextcloud-dbpass = {
+      file = ../../../../secrets/nextcloud-dbpass.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "0400";
+    };
+  };
+  services.nextcloud = {
+    package = pkgs.nextcloud22;
+    enable = true;
+    https = true;
+    hostName = "storage.${tools.meta.domain}";
+    home = "/srv/storage/www-app/nextcloud";
+    maxUploadSize = "4G";
+    enableImagemagick = true;
+    caching = with lib; flip genAttrs (_: true) [
+      "apcu" "redis"
+    ];
+
+    autoUpdateApps = {
+      enable = true;
+      startAt = "02:00";
+    };
+
+    config = {
+      dbhost = "/run/postgresql";
+      dbtype = "pgsql";
+      dbname = "storage";
+      dbuser = "storage";
+      dbpassFile = config.age.secrets.nextcloud-adminpass.path;
+
+      overwriteProtocol = "https";
+
+      adminuser = "sa";
+      adminpassFile = config.age.secrets.nextcloud-dbpass.path;
+    };
+  };
+  services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
+    addSSL = true;
+    enableACME = true;
+  };
+  systemd.services.phpfpm-nextcloud.aliases = [ "nextcloud.service" ];
+}
diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix
index d17f4fd..8ae6a0e 100644
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@@ -25,6 +25,7 @@
       ./services/git
       ./services/ipfs
       ./services/jokes
+      ./services/nextcloud
       ./services/nfs
       ./services/mail
       ./services/matrix
diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age
new file mode 100644
index 0000000..c9a80c6
Binary files /dev/null and b/secrets/nextcloud-adminpass.age differ
diff --git a/secrets/nextcloud-dbpass.age b/secrets/nextcloud-dbpass.age
new file mode 100644
index 0000000..ec5dd01
--- /dev/null
+++ b/secrets/nextcloud-dbpass.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A v+XDGMPzeE5olvFXKz7d74zzfk8pa5+LlfpZy/7Ga2g
+cA09Rc8f1zlc8qOIgIal8B3JOssjMZBZHIwrctMbkow
+-> ssh-ed25519 5/zT0w x8a+XLDGWkxpYu7HdgzDZADL66yBA3RIIxOmPlH281Y
+vbJOrd60jkjLc/UqWvlSB73atv4VleiO9PiymQJttEs
+-> ssh-ed25519 d3WGuA MZql6UkhVKdhO/f9CSFg43uKMxomP3UoE48mPUdEfyY
+s41KGPz7oEFZxmNfAGnZF40ap9oXPEp6BigSEhQhAuc
+-> TeXZ-grease % 5Y]W
+ci+D1OFwU36Tj40
+--- iSVW+fBmiuXLeI6KJblKNHe7ePF0jsKba+GShRotMaY
+н/›Мь/†§p'А±БLp•Дv&хЕЉХh›!ЁFҐЯ=¬”
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6ce6a0c..a42f01c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,6 +11,8 @@ in with hosts;
   "hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ styx ];
   "hydra-s3.age".publicKeys = max ++ map systemKeys [ styx ];
   "matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
+  "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];