diff --git a/secrets/default.nix b/secrets/default.nix
index b2ffdcc..eb03533 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -42,5 +42,9 @@ in {
       file = ./immich-oidc.age;
       owner = abstrServiceUser "immich";
     };
+    nextcloud-admin-pass = mkIf server {
+      file = ./nextcloud-admin-pass.age;
+      owner = "nextcloud";
+    };
   };
 }
diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age
new file mode 100644
index 0000000..23c404a
--- /dev/null
+++ b/secrets/nextcloud-admin-pass.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 GQzYWA Njcl+VZAFcfupb9luHQjSAzzPar8k0G0WVU8EtS37EY
+8IPsa1mz7qpxOmzXRNCwcp2KsBH45nM6M4D5vm1BgE8
+-> ssh-ed25519 MfR7VA WjSU/1VNHqylcPlaB+5FIyY879kQy/c+AyfdHrt6Xyo
+KIDdbbNcy+DQ9q+Eo8dzxDMlq8vR8XeKvRps+/ghe+E
+-> ssh-ed25519 +cvRTg eEExK1tU/S//HUL4x0SsJw8taRdOgLnOntUlpqVvMwk
+7pB4ROtshkMGw/D4mkVdi7a3vYGoIyCodSCsKcplTws
+-> ssh-ed25519 WCPLrA dNpd63ZB4ZlsgMlvdPeiW8VguhPkgRjCBor66cTAq1Q
+IFSbLiZs8QBAqruyV3Zuoe6iE5ctW4Aw+8ipQ/5rUGM
+-> ssh-ed25519 7/ziYw asgAI0TYuK4irNyoq/WFVCBrWC7NIJU5S4HQEfqEWTA
+YoCVz1GzZ+swKb/qT+hhnTy3/mcBDFkaHAomzyApY6I
+-> ssh-ed25519 VQy60Q 3XY6OcWrf3ZmXJNMo0tPrXofyjNtvt9VQaewkDZymTs
++JLpflAACxg6Esvq43FedOs56BuGa/6usymtfZl96nI
+--- 4dcH0MunNPsvsrUmFGYIgSMsgS2BNluJOa9ZmgZro6k
+�d+	
+T��
+5�B}�G�kK�9���q�$(q`�u$�������H��gC!�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index df90563..72393aa 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,4 +22,5 @@ in {
   "zitadel-key.age".publicKeys = keys;
   "forgejo-mailpass.age".publicKeys = keys;
   "immich-oidc.age".publicKeys = keys;
+  "nextcloud-admin-pass.age".publicKeys = keys;
 }
diff --git a/system/server/default.nix b/system/server/default.nix
index c6ac1c8..7319695 100644
--- a/system/server/default.nix
+++ b/system/server/default.nix
@@ -10,6 +10,7 @@
     ./matrix.nix
     ./temp.nix
     ./zitadel.nix
+    ./nextcloud.nix
   ];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }
diff --git a/system/server/index/index.html b/system/server/index/index.html
index 5e12672..6c24648 100644
--- a/system/server/index/index.html
+++ b/system/server/index/index.html
@@ -76,7 +76,8 @@
     <p>Hello! I'm <b>jsw</b>, a frontend web developer with experience in <b>Svelte + TS</b>, <b>Nix(OS)</b> and currently learning <b>Rust</b>. This site is still under development, so please bear with me. In the meantime, feel free to reach out via email or explore my projects on GitHub.</p>
     <div class="contact">
         <p class="emoji">📧 <a href="mailto:info@jsw.tf">info@jsw.tf</a></p>
-        <p class="emoji">🐙 <a href="https://github.com/jsw08" target="_blank">GitHub</a></p>
+        <p class="emoji">🔨 <a href="https://git.jsw.tf/jsw" target="_blank">Personal git</a></p>
+        <p class="emoji">🐙 <a href="https://github.com/jsw08" target="_blank">GitHub (legacy)</a></p>
     </div>
 
     <footer>
diff --git a/system/server/nextcloud.nix b/system/server/nextcloud.nix
new file mode 100644
index 0000000..775f368
--- /dev/null
+++ b/system/server/nextcloud.nix
@@ -0,0 +1,148 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (config.niksos) server;
+  host = "cloud.jsw.tf";
+  nginxRoot = config.services.nginx.virtualHosts.${host}.root;
+  fpmSocket = config.services.phpfpm.pools.nextcloud.socket;
+  imaginaryPort = 9005;
+in {
+  config = lib.mkIf server {
+    users.groups.nextcloud.members = ["nextcloud" "caddy"];
+    services = {
+      nextcloud = {
+        enable = true;
+        hostName = host;
+
+        # Need to manually increment with every major upgrade.
+        package = pkgs.nextcloud31;
+
+        database.createLocally = true;
+        configureRedis = true;
+
+        maxUploadSize = "16G";
+        https = true;
+
+        autoUpdateApps.enable = true;
+        extraAppsEnable = true;
+        extraApps = {
+          # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
+          inherit
+            (config.services.nextcloud.package.packages.apps)
+            calendar
+            contacts
+            mail
+            user_oidc
+            phonetrack
+            ;
+          external = pkgs.fetchNextcloudApp {
+            # https://github.com/helsinki-systems/nc4nix/blob/main/31.json #NOTE: 31.json is version.
+            hash = "sha256-xVrnahqgXIXjk9gukrFgpwZiT2poUIDl83xV8hXPisw=";
+            url = "https://github.com/nextcloud-releases/external/releases/download/v6.0.2/external-v6.0.2.tar.gz";
+            license = "agpl3Plus";
+          };
+        };
+
+        settings = {
+          "auth.webauthn.enabled" = false; #INFO: We use openid baby...
+          default_phone_region = "NL";
+          enabledPreviewProviders = [
+            "OC\\Preview\\BMP"
+            "OC\\Preview\\GIF"
+            "OC\\Preview\\JPEG"
+            "OC\\Preview\\Krita"
+            "OC\\Preview\\MarkDown"
+            "OC\\Preview\\MP3"
+            "OC\\Preview\\OpenDocument"
+            "OC\\Preview\\PNG"
+            "OC\\Preview\\TXT"
+            "OC\\Preview\\XBitmap"
+            "OC\\Preview\\HEIC"
+            "OC\Preview\Imaginary"
+          ];
+          preview_imaginary_url = "http://localhost:${builtins.toString imaginaryPort}";
+          preview_format = "webp";
+
+          trusted_proxies = ["127.0.0.1"];
+          maintenance_window_start = 1;
+          log_type = "file";
+        };
+        phpOptions."opcache.interned_strings_buffer" = 24;
+        config = {
+          adminuser = "jsw-admin";
+          adminpassFile = "${config.age.secrets.nextcloud-admin-pass.path}";
+          dbtype = "pgsql";
+        };
+      };
+      imaginary = {
+        enable = true;
+        port = imaginaryPort;
+        address = "localhost";
+        settings.returnSize = true;
+      };
+
+      nginx.enable = lib.mkForce false;
+      phpfpm.pools.nextcloud.settings = let
+        inherit (config.services.caddy) user group;
+      in {
+        "listen.owner" = user;
+        "listen.group" = group;
+      };
+      caddy.virtualHosts."${host}".extraConfig = ''
+        encode zstd gzip
+
+        root * ${nginxRoot}
+
+        redir /.well-known/carddav /remote.php/dav 301
+        redir /.well-known/caldav /remote.php/dav 301
+        redir /.well-known/* /index.php{uri} 301
+        redir /remote/* /remote.php{uri} 301
+
+        header {
+          Strict-Transport-Security max-age=31536000
+          Permissions-Policy interest-cohort=()
+          X-Content-Type-Options nosniff
+          X-Frame-Options SAMEORIGIN
+          Referrer-Policy no-referrer
+          X-XSS-Protection "1; mode=block"
+          X-Permitted-Cross-Domain-Policies none
+          X-Robots-Tag "noindex, nofollow"
+          -X-Powered-By
+        }
+
+        php_fastcgi unix/${fpmSocket} {
+          root ${nginxRoot}
+          env front_controller_active true
+          env modHeadersAvailable true
+        }
+
+        @forbidden {
+          path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/*
+          path /.* /autotest* /occ* /issue* /indie* /db_* /console*
+          not path /.well-known/*
+        }
+        error @forbidden 404
+
+        @immutable {
+          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
+          query v=*
+        }
+        header @immutable Cache-Control "max-age=15778463, immutable"
+
+        @static {
+          path *.css *.js *.mjs *.svg *.gif *.png *.jpg *.ico *.wasm *.tflite
+          not query v=*
+        }
+        header @static Cache-Control "max-age=15778463"
+
+        @woff2 path *.woff2
+        header @woff2 Cache-Control "max-age=604800"
+
+        file_server
+      '';
+    };
+  };
+}