diff --git a/inventories/default.nix b/inventories/default.nix
index 03a94b6..c1e4220 100644
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -2,12 +2,14 @@
   inputs,
   self,
   lib,
+  pkgs,
   ...
 }:
 {
   clan = {
     modules = {
       pocket-id = ../modules/clan/pocket-id;
+      nextcloud = ../modules/clan/nextcloud;
     };
     inventory = {
 
@@ -27,6 +29,14 @@
           };
           roles.default.machines.b4l = { };
         };
+        nextcloud = {
+          module = {
+            name = "nextcloud";
+            input = "self";
+          };
+          roles.default.machines.b4l = { };
+
+        };
       };
 
       services = {
diff --git a/modules/clan/nextcloud/default.nix b/modules/clan/nextcloud/default.nix
new file mode 100644
index 0000000..5d823ab
--- /dev/null
+++ b/modules/clan/nextcloud/default.nix
@@ -0,0 +1,83 @@
+{
+  _class = "clan.service";
+  manifest.name = "nextcloud";
+  manifest.description = "Nextcloud server, a safe home for all your data";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    interface =
+      { lib, pkgs, ... }:
+      {
+        options = {
+          domain = lib.mkOption {
+            type = lib.types.str;
+            default = "cloud";
+            description = "Sub domain for Nextcloud to run.";
+          };
+          package = lib.mkOption {
+            type = lib.types.package;
+            description = "Which package to use for the Nextcloud instance.";
+          };
+        };
+      };
+
+    perInstance =
+      {
+        settings,
+        ...
+      }:
+      {
+        nixosModule =
+          {
+            config,
+            pkgs,
+            ...
+          }:
+          let
+            domain = "${settings.domain}.${config.networking.fqdn}";
+            nextcloudUser = "nextcloud";
+          in
+          {
+            clan.core.vars.generators.nextcloud = {
+              files = {
+                adminpassFile = {
+                  owner = nextcloudUser;
+                  group = nextcloudUser;
+                  secret = true;
+                };
+              };
+              script = ''
+                xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassFile
+              '';
+              runtimeInputs = [
+                pkgs.xkcdpass
+              ];
+            };
+            services.nextcloud = {
+              enable = true;
+              hostName = domain;
+              package = pkgs.nextcloud31;
+              database.createLocally = true;
+              config = {
+                dbtype = "pgsql";
+                dbhost = "/run/postgresql";
+                dbuser = nextcloudUser;
+                dbname = nextcloudUser;
+                adminuser = "admin";
+                adminpassFile = config.clan.core.vars.generators.nextcloud.files.adminpassFile.path;
+              };
+
+              settings = {
+                overwriteprotocol = "https";
+                trusted_domains = [ ];
+                trusted_proxies = [ ];
+              };
+            };
+            services.nginx.virtualHosts."${domain}" = {
+              useACMEHost = "${config.networking.fqdn}";
+              forceSSL = true;
+            };
+          };
+      };
+  };
+}
diff --git a/vars/per-machine/b4l/nextcloud/adminpassFile/machines/b4l b/vars/per-machine/b4l/nextcloud/adminpassFile/machines/b4l
new file mode 120000
index 0000000..72e1b85
--- /dev/null
+++ b/vars/per-machine/b4l/nextcloud/adminpassFile/machines/b4l
@@ -0,0 +1 @@
+../../../../../../sops/machines/b4l
\ No newline at end of file
diff --git a/vars/per-machine/b4l/nextcloud/adminpassFile/secret b/vars/per-machine/b4l/nextcloud/adminpassFile/secret
new file mode 100644
index 0000000..902e743
--- /dev/null
+++ b/vars/per-machine/b4l/nextcloud/adminpassFile/secret
@@ -0,0 +1,19 @@
+{
+	"data": "ENC[AES256_GCM,data:OgzVf3R/puWxEQ49D+Ex5Ldqh+WBFu/8dGnTEA9GY7Qm,iv:X1DFwWVkf5vqYpH6XxLCpN0LSqriaw2f0s1VDoNAMu4=,tag:V4Aic2ttraDvOiZDu5RcCw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcmJlZFVvTHZDdGtCV3ZV\ndys5TXJVbkFhcnhDZS9ESDBRc0FPV2NIaDEwClhJbzRENWtEdUoyOW9xTE1KNExD\neUdUNTZFcFFvZXZWNjlVNnJQZ3ZaOUEKLS0tIHFhNXpydS9HVVpGUGxxZWxZRjhx\nUEpUYVhPZkFVMEIydUtnNS8zNlplQTAKyONTjik4yiJHjIz4XlLCL8Pn6zQCWJ+8\nH16EvR2IKvfWIbOVghJCgIdzR98ilvbBAmfO4b0d/7BRBdcRsX5d1A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV1FQeWhpVm9FZzNtc3dh\ncXhsZnVVT09jTXFYZEw3bWFlbVhhemRhV2xZCm9SaVplN3lKQ2NlM2RGVUNGeE1N\nV1ZYRkExUDUwY3NnS0J6VmVCNkVHMUUKLS0tIHM4U3RqdUNDYzBNditIUTZLMGR2\nUHFGTnJ5K0hKaEZiTjdJMlF1MVB3d1UK9GwDc1dVTUpowFoiQvYJqXigHMRLNURY\n2D7UKQX5wwwKfAwFwP6HQdxX4WWsNefaxUSzW53zqnbJn0kkqi1Mhg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-07-14T09:48:21Z",
+		"mac": "ENC[AES256_GCM,data:2B/KG/5PW5GTuE0mr9eMz2jGex8d4ResWQ3LDPB0Cs7jAs/gALrxu0xGqndrONsLieNKa/1q1BQWmrpw6/MBdt8DF6t+d6zA1bhiV8orOKCp0uWGzSqM5f+i0fl1NoyxP+MFdzLYBJrHkMgC1YcJh8nfeoVKGuFxhIigU6H2Cys=,iv:AcsTRzYDqUDeFiP/pGqDiiSoajlUz4Y4U1fZF9W5EhA=,tag:QeiuQ6X2FVcGf90qmuYk8w==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/vars/per-machine/b4l/nextcloud/adminpassFile/users/kurogeek b/vars/per-machine/b4l/nextcloud/adminpassFile/users/kurogeek
new file mode 120000
index 0000000..970aefa
--- /dev/null
+++ b/vars/per-machine/b4l/nextcloud/adminpassFile/users/kurogeek
@@ -0,0 +1 @@
+../../../../../../sops/users/kurogeek
\ No newline at end of file