diff --git a/configuration.nix b/configuration.nix
index add8df4..7d0747a 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -64,8 +64,38 @@
     };
   };
 
+  services.nextcloud = {
+    enable = true;
+    hostName = "nextcloud." + config.networking.hostName;
+    nginx.enable = true;
+    config = {
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql";
+      dbname = "nextcloud";
+      adminpassFile = "/var/lib/nextcloud/config/adminpass";
+      adminuser = "root";
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+      { name = "nextcloud";
+        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  # ensure that postgres is running *before* running the nextcloud setup
+  systemd.services."nextcloud-setup" = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };
+
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 22 80 ];
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;