diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix
index ca9ac87..51869e0 100644
--- a/hosts/nachtigall/apps/nextcloud.nix
+++ b/hosts/nachtigall/apps/nextcloud.nix
@@ -1,9 +1,20 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  flake,
+  ...
+}:
 {
   age.secrets."nextcloud-secrets" = {
     file = "${flake.self}/secrets/nextcloud-secrets.age";
     mode = "400";
-    owner = config.services.mastodon.user;
+    owner = "nextcloud";
+  };
+
+  age.secrets."nextcloud-admin-pass" = {
+    file = "${flake.self}/secrets/nextcloud-admin-pass.age";
+    mode = "400";
+    owner = "nextcloud";
   };
 
   services.nginx.virtualHosts."cloud.pub.solar" = {
@@ -18,7 +29,7 @@
     enable = true;
     https = true;
     secretFile = config.age.secrets."nextcloud-secrets".path; # secret
-    phpPackage = pkgs.php82;
+    maxUploadSize = "1G";
 
     configureRedis = true;
 
@@ -28,6 +39,7 @@
 
     config = {
       adminuser = "admin";
+      adminpassFile = config.age.secrets."nextcloud-admin-pass".path;
       dbuser = "nextcloud";
       dbtype = "pgsql";
       dbname = "nextcloud";
diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age
new file mode 100644
index 0000000..30d1629
--- /dev/null
+++ b/secrets/nextcloud-admin-pass.age
@@ -0,0 +1,27 @@
+age-encryption.org/v1
+-> ssh-ed25519 iDKjwg 1a8hvqTn2un3yxJkdltenSSfEhKMHxXAKlfSnD9vCWo
+xOzDWr87QMnE9UgnNimz/C+5aKhspG38RQDhhRqg/EE
+-> ssh-ed25519 uYcDNw Grc5lFL8+r+Evi3bDl5sCidZMZzLU1K8qiZ+Mhqc8gc
+mu0L16Ar7H6ZGsSMGw9W9AwS+JusygM8fM6LMtMsCo4
+-> ssh-rsa kFDS0A
+nJnBVo6ArUYVRYUDRAPfBdxPPjCaOqM8fi+7LNLtThnyDzRm31Fgq/07Xy7ual2O
+0k10QbXZv3nnhjW+qimfOK9qDpnub0bULBAMKxAGrapb8KdTqpMgMhK7tuySHH+P
+L8VTLt5woBz+hkla6P0o1s7pcPCmmQ6vITpGDUEGwFS/orYZdGbAe7+sPanagBx7
+3xh8JRh1VszNa7pRhkRLM9wwLtDCGETT1+5iwdxR18IijvJRbVKkONX6UYkCzy0t
+8UmVlfO7m7FN7sdvX+59+70nxhxeECuwZh52TZHaio2NyNvIioFquFZ3SfiLzdd8
+hpUGH1/fPTHvlCTtvI95lXbB370Ta6vpR4uOvAiHz1Oc6aAhbl6QPcZuUr6pFHK0
+5zxlOgc0+3nN9Iv41KbNfoyJYrEVVuMCizdbeyFGTJe+kKjdKbBblJSla0hUGINB
+ZsKhzLG5jmCXDo/WC3vVImBN2R+0AWvqoL2jME+jrOmbAcqYToJrv886cEkxdaxs
+O3DeXLO2hIGpVMVsrsMyHrF7cBPQ0lahM1tlIzdlzbMeDjM6HO/WYa2fz8XGwXu8
+puBTtRyg0DL/06s9Hr9WqzE1WiEPVl2jhze8jsIzshcN1yCoV/dKnmOVBPj6rBxd
+dl5XfpO1d6AOtHx1RquWa2BQWp3nkWvYMgTRaPbpK44
+-> ssh-ed25519 YFSOsg eqXDfDhoOgy4g7nb1X1mfT20kfPkixWs9QqpaaDwCyg
++4aFNWh+b1BeKUqPGU79R9EkbFDp/YMSBYMMunV2YrI
+-> ssh-ed25519 iHV63A F0kH/Uq+wX9F+RDZwTQW4MF8hSo+nwOSTH4vOQF53nA
+d20TVZfePKn9y5PWZ0XWV2Xr7N2Ma6V3eSroOiZcgXM
+-> ssh-ed25519 BVsyTA VvabFmOpUc+TCAFKQYFmlPokmFyqYiD0W9hELvOXv24
+QJ3LX0bqOgujAB/2T//oCctA/fv1Jc8WugVu6iM9gxE
+-> x\:P|P,}-grease @YO [b'lw5 *.WKU
+hfTYY2Pu
+--- vCfB3aNBGwwBSvtdjzAUKCzCt/z7YvufcAf/VhaZfcg
+•Àâa9™r†ûÏ_GMSs˜˜Œ#ˆ(¾»;´›a±·(Ãyƒ&¤ï|!wá„i–GÈÁ!¾e4¥Ùxc
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5b060b5..2b0bdc9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -37,4 +37,5 @@ in {
   "matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ baseKeys;
 
   "nextcloud-secrets.age".publicKeys = nachtigallKeys ++ baseKeys;
+  "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
 }