diff --git a/machine-confs/nextcloud.nix b/machine-confs/nextcloud.nix
index 39c3fcc..a974cd9 100644
--- a/machine-confs/nextcloud.nix
+++ b/machine-confs/nextcloud.nix
@@ -1,6 +1,7 @@
 { ... }:
 {
   networking.hostName = "nextcloud";
+  custom.nextcloud_domain = "nextcloud.vsinerva.fi";
 
   imports = [
     ../base.nix
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 7d409bf..2213ae4 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -1,39 +1,53 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
   imports = [ ./cert-store-client.nix ];
 
-  networking.firewall.allowedTCPPorts = [ 443 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
+  options.custom.nextcloud_domain = lib.mkOption {
+    type = lib.types.str;
+    description = "Domain used by Nextcloud";
+  };
 
-  services = {
-    nextcloud = {
-      package = pkgs.nextcloud31;
-      enable = true;
-      hostName = "nextcloud.vsinerva.fi";
-      autoUpdateApps.enable = true;
-      https = true;
-      maxUploadSize = "10G";
-      config = {
-        adminpassFile = "/var/lib/nextcloud/adminpass";
+  config = {
+    networking.firewall.allowedTCPPorts = [ 443 ];
+
+    services = {
+      nextcloud = {
+        package = pkgs.nextcloud31;
+        enable = true;
+        hostName = config.custom.nextcloud_domain;
+        autoUpdateApps.enable = true;
+        https = true;
+        maxUploadSize = "512M"; # Default
+        config = {
+          adminpassFile = "/var/lib/nextcloud/adminpass";
+        };
+        settings = {
+          overwriteprotocol = "https";
+          default_phone_region = "FI";
+          maintenance_window_start = 1;
+        };
+        phpOptions = {
+          "opcache.interned_strings_buffer" = 32;
+        };
       };
-      settings = {
-        overwriteprotocol = "https";
-        maintenancce_window_start = 1;
-        opcache.interned_strings_buffer = 32;
-      };
-    };
 
-    nginx = {
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
-      recommendedProxySettings = true;
+      nginx = {
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedTlsSettings = true;
+        recommendedProxySettings = true;
 
-      virtualHosts.${config.services.nextcloud.hostName} = {
-        forceSSL = true;
-        kTLS = true;
-        sslCertificate = "/mnt/acme/fullchain.pem";
-        sslCertificateKey = "/mnt/acme/key.pem";
+        virtualHosts.${config.services.nextcloud.hostName} = {
+          forceSSL = true;
+          kTLS = true;
+          sslCertificate = "/mnt/acme/fullchain.pem";
+          sslCertificateKey = "/mnt/acme/key.pem";
+        };
       };
     };
   };