diff --git a/main.tf b/main.tf
index 5f463516..800987d2 100644
--- a/main.tf
+++ b/main.tf
@@ -72,6 +72,7 @@ variable "frigate_valchedrym_camera_credentials" { default = "" }
 variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
+variable "nextcloud_db_password" {}
 
 variable "ansible_prefix" {
   default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@@ -358,6 +359,8 @@ module "kubernetes_cluster" {
 
   diun_nfty_token = var.diun_nfty_token
   docker_config   = var.docker_config
+
+  nextcloud_db_password = var.nextcloud_db_password
 }
 
 
diff --git a/modules/kubernetes/immich/chart_values.tpl b/modules/kubernetes/immich/chart_values.tpl
index 9606f6e8..701f0294 100644
--- a/modules/kubernetes/immich/chart_values.tpl
+++ b/modules/kubernetes/immich/chart_values.tpl
@@ -28,7 +28,7 @@ env:
   IMMICH_MACHINE_LEARNING_URL: "http://immich-machine-learning.immich.svc.cluster.local:3003"
 
 image:
-  tag: v1.115.0
+  tag: v1.116.2
 
 immich:
   persistence:
diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf
index 2e8398a4..726d8798 100644
--- a/modules/kubernetes/immich/main.tf
+++ b/modules/kubernetes/immich/main.tf
@@ -109,17 +109,18 @@ resource "kubernetes_ingress_v1" "immich" {
       # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
 
       # WARNING: When changing any of the below settings, ensure that large file uploads continue working
-      "nginx.ingress.kubernetes.io/proxy-read-timeout" : "600s",
-      "nginx.ingress.kubernetes.io/proxy-send-timeout" : "600s",
-      "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600s"
+      "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000",
+      "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000",
+      "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000"
       "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
-      "nginx.ingress.kubernetes.io/proxy-body-size" : "10G",
-      "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
-      "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m"
-      "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off"
-      "nginx.ingress.kubernetes.io/client-body-buffer-size" : "2G"
-      "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
-      "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
+      # "nginx.ingress.kubernetes.io/proxy-body-size" : "5G",
+      "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
+      # "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
+      # "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m"
+      # "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off"
+      # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G"
+      # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
+      # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
 
 
       # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m"
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 4dddb2a1..2be5e436 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -59,6 +59,7 @@ variable "frigate_valchedrym_camera_credentials" { default = "" }
 variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
+variable "nextcloud_db_password" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
@@ -484,7 +485,8 @@ module "meshcentral" {
 #   tls_secret_name = var.tls_secret_name
 # }
 
-# module "nextcloud" {
-#   source          = "./nextcloud"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "nextcloud" {
+  source          = "./nextcloud"
+  tls_secret_name = var.tls_secret_name
+  db_password     = var.nextcloud_db_password
+}
diff --git a/modules/kubernetes/nextcloud/chart_values.yaml b/modules/kubernetes/nextcloud/chart_values.yaml
index 7918cea7..f225cdc1 100644
--- a/modules/kubernetes/nextcloud/chart_values.yaml
+++ b/modules/kubernetes/nextcloud/chart_values.yaml
@@ -1,47 +1,47 @@
-# ingress:
-#   enabled: true
-#   annotations:
-#     "kubernetes.io/ingress.class": "nginx"
-#   nginx.ingress.kubernetes.io/proxy-body-size: 4G
-#   #  kubernetes.io/tls-acme: "true"
-#   #  cert-manager.io/cluster-issuer: letsencrypt-prod
-#   #  # Keep this in sync with the README.md:
-#   #  nginx.ingress.kubernetes.io/server-snippet: |-
-#   #    server_tokens off;
-#   #    proxy_hide_header X-Powered-By;
-#   #    rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
-#   #    rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
-#   #    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-#   #    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
-#   #    location = /.well-known/carddav {
-#   #      return 301 $scheme://$host/remote.php/dav;
-#   #    }
-#   #    location = /.well-known/caldav {
-#   #      return 301 $scheme://$host/remote.php/dav;
-#   #    }
-#   #    location = /robots.txt {
-#   #      allow all;
-#   #      log_not_found off;
-#   #      access_log off;
-#   #    }
-#   #    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
-#   #      deny all;
-#   #    }
-#   #    location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
-#   #      deny all;
-#   #    }
-#   tls:
-#     - secretName: "${tls_secret_name}"
-#       hosts:
-#         - nextcloud.viktorbarzin.me
-#   labels: {}
-#   path: /
-#   pathType: Prefix
-
 nextcloud:
-  host: nextcloud.viktorbarin.me
+  host: nextcloud.viktorbarzin.me
   trustedDomains:
-    - nextcloud.viktorbarin.me
+    - nextcloud.viktorbarzin.me
+  # mail:
+  #   enabled: true
+  #   # the user we send email as
+  #   fromAddress: nextcloud@viktorbarzin.me
+  #   # the domain we send email from
+  #   domain: viktorbarzin.me
+  #   smtp:
+  #     host: mail.viktorbarzin.me
+  #     secure: starttls
+  #     port: 587
+  #     authtype: LOGIN
+  #     name: nextcloud@viktorbarzin.me
+  #     password:
   extraEnv:
     - name: TRUSTED_PROXIES
-      value: "127.0.0.1,10.0.0.0/8"
+      value: "10.0.0.0/8"
+    # - name: mail_smtpdebug
+    #   value: "true"
+    # - name: loglevel
+    #   value: "0"
+
+externalDatabase:
+  enabled: true
+  type: mysql
+  host: mysql.dbaas
+  user: nextcloud
+  password: ${db_password}
+  databse: nextcloud
+
+persistence:
+  enabled: true
+  existingClaim: nextcloud-data-pvc
+
+  accessMode: ReadWriteOnce
+  size: 100Gi
+
+startupProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf
index 0789f19e..83e94307 100644
--- a/modules/kubernetes/nextcloud/main.tf
+++ b/modules/kubernetes/nextcloud/main.tf
@@ -1,4 +1,5 @@
 variable "tls_secret_name" {}
+variable "db_password" {}
 
 module "tls_secret" {
   source          = "../setup_tls_secret"
@@ -24,7 +25,8 @@ resource "helm_release" "nextcloud" {
   atomic     = true
   #   version    = "0.7.0"
 
-  values = [templatefile("${path.module}/chart_values.yaml", { tls_secret_name = var.tls_secret_name })]
+  values  = [templatefile("${path.module}/chart_values.yaml", { tls_secret_name = var.tls_secret_name, db_password = var.db_password })]
+  timeout = 6000
 }
 
 # resource "kubernetes_config_map" "config" {
@@ -114,14 +116,48 @@ resource "helm_release" "nextcloud" {
 #   }
 # }
 
+resource "kubernetes_persistent_volume" "nextcloud-data-pv" {
+  metadata {
+    name = "nextcloud-data-pv"
+  }
+  spec {
+    capacity = {
+      "storage" = "100Gi"
+    }
+    access_modes = ["ReadWriteOnce"]
+    persistent_volume_source {
+      nfs {
+        path   = "/mnt/main/nextcloud"
+        server = "10.0.10.15"
+      }
+    }
+  }
+}
+
+resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" {
+  metadata {
+    name      = "nextcloud-data-pvc"
+    namespace = "nextcloud"
+  }
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        "storage" = "100Gi"
+      }
+    }
+    volume_name = "nextcloud-data-pv"
+  }
+}
+
 resource "kubernetes_ingress_v1" "nextcloud" {
   metadata {
     name      = "nextcloud-ingress"
     namespace = "nextcloud"
     annotations = {
       "kubernetes.io/ingress.class" = "nginx"
-      "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
-      "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+      # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
     }
   }
 
diff --git a/terraform.tfstate b/terraform.tfstate
index b8ed9f0b..6300dab9 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ
diff --git a/terraform.tfvars b/terraform.tfvars
index 31c172aa..50b14601 100644
Binary files a/terraform.tfvars and b/terraform.tfvars differ