diff --git a/moduler/services/nextcloud/default.nix b/moduler/services/nextcloud/default.nix
new file mode 100644
index 0000000..62a56c9
--- /dev/null
+++ b/moduler/services/nextcloud/default.nix
@@ -0,0 +1,102 @@
+{
+  lib,
+  pkgs,
+  config,
+  myhost,
+  ...
+}:
+let
+  cfg = config.services.nextcloud;
+  srv = cfg.settings.server;
+in
+with lib;
+{
+  options = {
+    nextcloud = {
+      enable = mkEnableOption "enables nextcloud";
+      port = lib.mkOption {
+        type = lib.types.int;
+        default = 8003;
+        description = "The port that Nextcloud is served on.";
+      };
+      domain = lib.mkOption {
+        type = lib.types.str;
+        default = "files.wastring.com";
+        description = "The hostname that Nextcloud is served on.";
+      };
+    };
+  };
+  config = mkMerge [
+    (mkIf config.nextloud.enable {
+      services.nginx = {
+        virtualHosts.${config.nextcloud.domain} = {
+          forceSSL = true;
+          enableACME = true;
+        };
+      };
+
+      sops.secrets.nextcloud-admin-password = { };
+      sops.secrets.nextcloud-fw-password = { };
+      sops.secrets.nextcloud-disa-password = { };
+
+      services.nextcloud = {
+        enable = true;
+        package = pkgs.nextcloud31;
+        hostName = config.nextcloud.domain;
+        https = true;
+        configureRedis = true;
+        config.adminpassFile = config.sops.secrets.nextcloud-admin-password.path;
+        config.dbtype = "sqlite";
+        ensureUsers = {
+          fw = {
+            email = "fredrik@wastring.com";
+            passwordFile = config.sops.secrets.nextcloud-fw-password.path;
+          };
+          disa = {
+            email = "disahorner@hotmail.com";
+            passwordFile = config.sops.secrets.nextcloud-disa-password.path;
+          };
+        };
+        extraApps = {
+          inherit (config.services.nextcloud.package.packages.apps)
+            contacts
+            calendar
+            onlyoffice
+            ;
+        };
+        extraAppsEnable = true;
+        settings.enabledPreviewProviders = [
+          "OC\\Preview\\BMP"
+          "OC\\Preview\\GIF"
+          "OC\\Preview\\JPEG"
+          "OC\\Preview\\Krita"
+          "OC\\Preview\\MarkDown"
+          "OC\\Preview\\MP3"
+          "OC\\Preview\\OpenDocument"
+          "OC\\Preview\\PNG"
+          "OC\\Preview\\TXT"
+          "OC\\Preview\\XBitmap"
+          "OC\\Preview\\HEIC"
+        ];
+      };
+
+      services.fail2ban = {
+        enable = true;
+        jails = {
+          nextcloud.settings = {
+            backend = "systemd";
+            journalmatch = "SYSLOG_IDENTIFIER=Nextcloud";
+            enabled = true;
+            port = 443;
+            protocol = "tcp";
+            filter = "nextcloud";
+            maxretry = 3;
+            bantime = 86400;
+            findtime = 43200;
+          };
+        };
+      };
+    })
+  ];
+
+}