diff --git a/monitoring/nodeexporter.tf b/monitoring/nodeexporter.tf
index a8365c4..b0a3842 100644
--- a/monitoring/nodeexporter.tf
+++ b/monitoring/nodeexporter.tf
@@ -18,6 +18,12 @@ resource "docker_container" "nodeexporter" {
     read_only      = true
   }
 
+  volumes {
+    host_path      = "/mnt/xwing"
+    container_path = "/host/mnt"
+    read_only      = true
+  }
+
   command = [
     "--path.procfs=/host/proc",
     "--path.sysfs=/host/sys",
diff --git a/nextcloud.tf b/nextcloud.tf
new file mode 100644
index 0000000..0a3f186
--- /dev/null
+++ b/nextcloud.tf
@@ -0,0 +1,60 @@
+module "nextcloud-db" {
+  source   = "modules/postgres"
+  name     = "nextcloud"
+  password = "${var.nextcloud-db-password}"
+}
+
+module "nextcloud-container" {
+  source = "modules/container"
+  name   = "nextcloud"
+  image  = "nextcloud:15-apache"
+
+  volumes = [{
+    container_path = "/var/www/html"
+    host_path      = "/mnt/xwing/data/nextcloud"
+  }]
+
+  env = [
+    "POSTGRES_DB=nextcloud",
+    "POSTGRES_USER=nextcloud",
+    "POSTGRES_PASSWORD=${var.nextcloud-db-password}",
+    "POSTGRES_HOST=postgres",
+    "NEXTCLOUD_TRUSTED_DOMAINS=c.${var.root-domain},nextcloud.${var.root-domain}",
+    "NEXTCLOUD_UPDATE=0",
+    "REDIS_HOST=nextcloud-redis",
+  ]
+
+  resource {
+    memory      = 1024
+    memory_swap = 1024
+  }
+
+  web {
+    expose = true
+    port   = 80
+    host   = "c.${var.root-domain}"
+  }
+
+  # module.docker.traefik-network-id,
+  networks = "${list(
+    data.docker_network.bridge.id,
+    module.db.postgres-network-id
+  )}"
+}
+
+module "nextcloud-redis" {
+  name     = "nextcloud-redis"
+  source   = "modules/container"
+  image    = "redis:alpine"
+  networks = ["${data.docker_network.bridge.id}"]
+
+  # ThisSucks
+  web {
+    expose = "false"
+  }
+
+  resource {
+    memory      = 256
+    memory_swap = 256
+  }
+}
diff --git a/providers.tf b/providers.tf
index b112836..ef20287 100644
--- a/providers.tf
+++ b/providers.tf
@@ -1,5 +1,5 @@
 provider "docker" {
-  host      = "tcp://docker.vpn.bb8.fun:2376"
+  host      = "tcp://docker.in.bb8.fun:2376"
   cert_path = "./secrets/tatooine"
   version   = "~> 2.0.0"
 }
diff --git a/variables.tf b/variables.tf
index 16d8053..798fba3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -96,3 +96,4 @@ variable "outline_slack_verification_token" {}
 
 variable "syncserver_secret" {}
 variable "pihole_password" {}
+variable "nextcloud-db-password" {}