diff --git a/configuration.nix b/configuration.nix
index 26f18e0..32c6fe3 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -42,31 +42,83 @@
   services.nginx = {
     enable = true;
     virtualHosts."www.beffara.org" = {
+      default = true;
       forceSSL = true;
       root = "/data/web/root";
       sslCertificate = "/data/web/cert/beffara.org.crt";
       sslCertificateKey = "/data/web/cert/beffara.org.key";
-      locations."~ \.php$".extraConfig = ''
-        fastcgi_pass  unix:${config.services.phpfpm.pools.web.socket};
-        fastcgi_index index.php;
+
+      locations."/owncloud/" = {
+        alias = "/data/web/nextcloud/site/";
+        extraConfig = ''
+          rewrite ^/owncloud/((cal|card|web)dav.*)$ /owncloud/remote.php/$1 redirect;
+        '';
+      };
+
+      locations."~ ^/owncloud/.+\.php(/|$)" = {
+        alias = "/data/web/nextcloud/site/";
+        extraConfig = ''
+          fastcgi_pass  unix:${config.services.phpfpm.pools.nextcloud.socket};
+          fastcgi_index index.php;
+          include ${config.services.nginx.package}/conf/fastcgi.conf;
+          fastcgi_split_path_info ^/owncloud/(.+\.php)(|/.*)$;
+          fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name;
+        '';
+      };
+
+      extraConfig = ''
+        index index.php index.html;
+        add_header Strict-Transport-Security "max-age=15768000;";
+        rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last;
+        rewrite ^/.well-known/(cal|card)dav /owncloud/remote.php/$1dav/ redirect;
       '';
     };
   };
 
   # FastCGI server for PHP
-  services.phpfpm.pools.web = {
-    user = "nobody";
-    settings = {
-      "listen.owner" = config.services.nginx.user;
-      "pm" = "dynamic";
-      "pm.max_children" = 5;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 1;
-      "pm.max_spare_servers" = 3;
-      "pm.max_requests" = 500;
+  services.phpfpm = {
+    phpOptions = ''
+      memory_limit = 512M
+      extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+      extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
+    '';
+
+    pools.nextcloud = {
+      user = "nextcloud";
+      settings = {
+        "listen.owner" = config.services.nginx.user;
+        "pm" = "dynamic";
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "pm.max_requests" = 500;
+      };
     };
   };
 
+  # MySQL database
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+      {
+        name = "nextcloud";
+        ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; };
+      }
+    ];
+  };
+
+  # System user accounts
+  users.users.nextcloud = {
+    isSystemUser = true;
+    home = "/data/web/nextcloud";
+    group = "nextcloud";
+  };
+  users.groups.nextcloud = { };
+
   # Initial user account
   users.users.manu = {
     isNormalUser = true;