diff --git a/flake.lock b/flake.lock
index 6029120..ec3508d 100755
--- a/flake.lock
+++ b/flake.lock
@@ -412,11 +412,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1753192971,
-        "narHash": "sha256-+Gg9j2Un6wEtut8uXtfiya+QeL+EMWzR+/xWXDR8fVg=",
+        "lastModified": 1755613196,
+        "narHash": "sha256-nHR8//I5cMjWbDvlBk4HNE3wb0l+M4y5Xx8cwehJlE0=",
         "ref": "main",
-        "rev": "3caaec2bd7cd7d1feb244e00ca4664dabb8a0495",
-        "revCount": 4,
+        "rev": "026300d70aff95c9b3514e9922979ae0340b6d6a",
+        "revCount": 5,
         "type": "git",
         "url": "ssh://git@docker.local:222/fern/secrets"
       },
diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix
index f89abb3..4aaa702 100644
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@@ -4,47 +4,54 @@
   secrets,
   ...
 }: {
-  # # Import secrets.
-  # sops = {
-  #   age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-  #   defaultSopsFile = "${secrets}/sops.yaml";
-  #   secrets."nextcloud/admin_pass" = {};
-  # };
-  #
-  # # Enable Nextcloud.
-  # services.nextcloud = {
-  #   enable = true;
-  #   package = pkgs.nextcloud31;
-  #   hostName = "localhost";
-  #   database.createLocally = true;
-  #   appstoreEnable = false;
-  #   autoUpdateApps.enable = true;
-  #
-  #   extraApps = with config.services.nextcloud.package.packages.apps; {
-  #     inherit bookmarks calendar contacts dav_push gpoddersync user_oidc;
-  #   };
-  #
-  #   settings = {
-  #     trusted_domains = ["cloud.ferngarden.net"];
-  #     trusted_proxies = ["10.0.1.102"];
-  #     log_type = "file";
-  #     default_phone_region = "AU";
-  #   };
-  #
-  #   config = {
-  #     dbtype = "pgsql";
-  #     adminuser = "fern";
-  #     adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
-  #   };
-  #
-  #   notify_push = {
-  #     enable = true;
-  #   };
-  # };
-  #
-  # # Open required ports for Nextcloud.
-  # networking.firewall.allowedTCPPorts = [
-  #   80
-  #   443
-  # ];
+  # Import secrets.
+  sops = {
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+    defaultSopsFile = "${secrets}/sops.yaml";
+    secrets."nextcloud/admin_pass" = {};
+  };
+
+  # Enable Nextcloud.
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud31;
+    hostName = "localhost";
+    database.createLocally = true;
+    appstoreEnable = false;
+    autoUpdateApps.enable = true;
+
+    extraApps = with config.services.nextcloud.package.packages.apps; {
+      inherit calendar contacts dav_push gpoddersync notify_push user_oidc;
+    };
+
+    settings = {
+      trusted_domains = ["cloud.ferngarden.net" "10.0.1.107"];
+      trusted_proxies = [
+        "::1"
+        "127.0.0.1"
+        "10.0.1.102" # reverse proxy
+      ];
+      log_type = "file";
+      default_phone_region = "AU";
+      maintenance_window_start = 1;
+    };
+
+    config = {
+      dbtype = "pgsql";
+      adminuser = "fern";
+      adminpassFile = config.sops.secrets."nextcloud/admin_pass".path;
+    };
+
+    phpOptions."opcache.interned_strings_buffer" = "64";
+
+    notify_push = {
+      enable = true;
+    };
+  };
+
+  # Open required ports for Nextcloud.
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 }