diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix
index c9c4f3d..a0a2cfd 100644
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@@ -13,6 +13,7 @@ let
 
   # List of services to enable
   enabledServices = [
+    "nextcloud"
   ];
 in
 
diff --git a/machines/compute01/nextcloud.nix b/machines/compute01/nextcloud.nix
new file mode 100644
index 0000000..a9f478c
--- /dev/null
+++ b/machines/compute01/nextcloud.nix
@@ -0,0 +1,59 @@
+{ config, lib, pkgs, dgn-lib, ... }:
+
+let
+  inherit (dgn-lib) setDefault;
+
+  host = "cloud.dgnum.eu";
+in {
+  services.nextcloud = {
+    enable = true;
+    hostName = host;
+
+    package = pkgs.nextcloud27;
+
+    https = true;
+
+    config = {
+      overwriteProtocol = "https";
+
+      dbtype = "pgsql";
+
+      adminpassFile = config.age.secrets."nextcloud-adminpass_file".path;
+      adminuser = "thubrecht";
+
+      defaultPhoneRegion = "FR";
+
+      trustedProxies = [ "::1" ];
+    };
+
+    notify_push = { enable = true; };
+
+    database.createLocally = true;
+    configureRedis = true;
+
+    autoUpdateApps.enable = true;
+
+    enableBrokenCiphersForSSE = false;
+
+    extraOptions = {
+      overwritehost = host;
+      "overwrite.cli.url" = "https://${host}";
+      updatechecker = false;
+
+      allow_local_remote_servers = true;
+      "opcache.interned_strings_buffer" = 16;
+    };
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  dgn-secrets.options = [
+    (setDefault { owner = "nextcloud"; }
+      (builtins.filter (lib.hasPrefix "nextcloud") config.dgn-secrets.names))
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/machines/compute01/secrets/nextcloud-adminpass_file b/machines/compute01/secrets/nextcloud-adminpass_file
new file mode 100644
index 0000000..dc11369
--- /dev/null
+++ b/machines/compute01/secrets/nextcloud-adminpass_file
@@ -0,0 +1,23 @@
+age-encryption.org/v1
+-> ssh-ed25519 tDqJRg evx+Y82HrlSYjiNcAOi/c2wy2nAWLbC65tolSOMfBS4
+UeUruJRtQOaUShCjJ9OVEGJyMZBVzzAEi6tvwQKM0d0
+-> ssh-ed25519 jIXfPA oZkfWCbiR/OjidO/cPShgXHJlqF9Kpubiy7ztol4DlQ
+tU6IbBtALUC/5KF8uLMGAWAZoAqIgr+epypd/WVfebc
+-> ssh-ed25519 QlRB9Q ZFyh2k8NYrMU3cVdg0vVv+UYrHMrhSIsrIkSKSOY5Uw
+L2yfOmxNYyboK/uxc2PqXEpiHkPmm3aSgCdJtgWFVjw
+-> ssh-rsa krWCLQ
+ERww+4XKYoT8glUVJQv9cC/BrxWwry1opqtoWu71VYJyOFfASnTEnkO4Uljf1bg2
+nTB7oPly9eVKeMul/esYoAS/ygSXtxbTdcRizEQo9Yv8KmNO/h2Gyn3oSXQIdrxI
+nHH+F26iuzuGFxrFpX29sqlMMDczzPCEryi7WKnZCBTeZAcMqkBSIJzmiFUhzLL0
+/rXBhys2xp3ylqpJ64UAJyT4qdBJw/JqssnW1dXlsmY6/COpf7Y9DgseGx5jB/z/
+CIavbJMZzyAJykiBdbTRqL11Hlp3LXwE+NTxSClKPaUJXRFtNgJrRIvy+hSsRp9z
+0pGm1b1pKzOOyAjJu1poRQ
+-> ssh-ed25519 /vwQcQ C0R57jIfKWTXY17Rsyb7dI5YaeIg3lx4Wtj1xA+U7Dc
+Pjzq+q2qRPbqwKBuRkxw7B//fszkw+ygkMWg9S7BCfk
+-> ssh-ed25519 0R97PA X/EIa3dWMIoC2ed7cB47wbRYHttZHPDl+ENcHgQ1gXA
+mCcMfpVfQ9GeNsydWgYzTTzVrRk6CL7JNmNKPNjl2PY
+-> /<D7dkq-grease
+NlcAXDJTBe9PsJIhA6VKDDPk2prFTPmrqZyNNfvqxf27jZzl3fVh9nrGOcrPB9Gx
+d5rU37M6Wtds2LYl/do
+--- E0og3FzpIVJqpV5HYxIRs/I6Hjs4BY/Jqjxwv90yswM
+9÷µªÁÁžs^¹2Ö±ˆïŒa‰q:¾­–PnWM)í¯yV¥ºÏä;ÉÍÎJ
\ No newline at end of file
diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix
index b7de844..b50b7d3 100644
--- a/machines/compute01/secrets/secrets.nix
+++ b/machines/compute01/secrets/secrets.nix
@@ -1,7 +1,8 @@
 let
   lib = import ../../../lib { };
-  publicKeys = lib.getNodeKeys "web01";
+  publicKeys = lib.getNodeKeys "compute01";
 in
 
 lib.setDefault { inherit publicKeys; } [
+  "nextcloud-adminpass_file"
 ]