diff --git a/secrets/coder-env.age b/secrets/coder-env.age
new file mode 100644
index 0000000..37fdf79
Binary files /dev/null and b/secrets/coder-env.age differ
diff --git a/secrets/default.nix b/secrets/default.nix
index eb03533..a81b87c 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -44,7 +44,11 @@ in {
     };
     nextcloud-admin-pass = mkIf server {
       file = ./nextcloud-admin-pass.age;
-      owner = "nextcloud";
+      owner = "nextcloud"; #NOTE: not a clear 'nextcloud.service' or 'services.nextcloud.user'.
+    };
+    coder-env = mkIf server {
+      file = ./coder-env.age;
+      owner = abstrServiceUser "coder";
     };
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 72393aa..5b33f48 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -23,4 +23,5 @@ in {
   "forgejo-mailpass.age".publicKeys = keys;
   "immich-oidc.age".publicKeys = keys;
   "nextcloud-admin-pass.age".publicKeys = keys;
+  "coder-env.age".publicKeys = keys;
 }
diff --git a/system/server/coder.nix b/system/server/coder.nix
new file mode 100644
index 0000000..46535b0
--- /dev/null
+++ b/system/server/coder.nix
@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (config.niksos) server;
+  port = 9005;
+  host = "coder.jsw.tf";
+  httpsHost = "https://" + host;
+in {
+  config = lib.mkIf server {
+    services = {
+      caddy.virtualHosts."${host}".extraConfig = ''
+        reverse_proxy :${port}
+      '';
+      coder = {
+        enable = true;
+        listenAddress = "127.0.0.1:${port}";
+        wildcardAccessUrl = "*.${host}";
+        accessUrl = httpsHost;
+        environment = {
+          file = ./file.file; # See format below.
+          /*
+          CODER_OIDC_CLIENT_ID=""
+          CODER_OIDC_CLIENT_SECRET=""
+          */
+          extra = {
+            CODER_OIDC_ISSUER_URL = "https://z.jsw.tf";
+            # CODER_OIDC_EMAIL_DOMAIN="your-domain-1,your-domain-2";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/system/server/default.nix b/system/server/default.nix
index 7319695..8063a22 100644
--- a/system/server/default.nix
+++ b/system/server/default.nix
@@ -1,16 +1,17 @@
 {lib, ...}: {
   imports = [
+    # ./matrix.nix
     ./bot.nix
     ./caddy.nix
+    ./coder.nix
     ./derekBot.nix
     ./forgejo.nix
     ./immich.nix
     ./index
     ./mail.nix
-    ./matrix.nix
+    ./nextcloud.nix
     ./temp.nix
     ./zitadel.nix
-    ./nextcloud.nix
   ];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }
diff --git a/system/server/nextcloud.nix b/system/server/nextcloud.nix
index 775f368..8b2876d 100644
--- a/system/server/nextcloud.nix
+++ b/system/server/nextcloud.nix
@@ -8,7 +8,7 @@
   host = "cloud.jsw.tf";
   nginxRoot = config.services.nginx.virtualHosts.${host}.root;
   fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
-  imaginaryPort = 9005;
+  imaginaryPort = 9004;
 in {
   config = lib.mkIf server {
     users.groups.nextcloud.members = ["nextcloud" "caddy"];