diff --git a/host/montalin/applications/cloud.nix b/host/montalin/applications/cloud.nix
index 832441b..d32c988 100644
--- a/host/montalin/applications/cloud.nix
+++ b/host/montalin/applications/cloud.nix
@@ -1,4 +1,6 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }: let
+  host = "chur.fh2.ch";
+in {
 
   imports = [
 
@@ -6,7 +8,13 @@
   ];
 
   services.nextcloud = {
-    hostName = "cloud.qo.is";
+    #hostName = "cloud.qo.is";
+    hostName = host;
     package = pkgs.nextcloud19;
   };
+  services.nginx.virtualHosts."${host}" = {
+    forceSSL = true;
+    enableACME = true;
+  };
+  
 }
diff --git a/host/montalin/database.nix b/host/montalin/database.nix
index 4dc2545..4a91188 100644
--- a/host/montalin/database.nix
+++ b/host/montalin/database.nix
@@ -2,10 +2,15 @@
 
 {
 
+  imports = [
+    ../../role/database
+  ];
   services.postgresql = {
-    #enable = true; # Required? Better in role?
-    package = pkgs.postgresql_12;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+     { name = "nextcloud";
+       ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+     }
+    ];
   };
-
-  services.postgresqlBackup.enable = true; # TODO: Role?
 }
diff --git a/host/montalin/networking.nix b/host/montalin/networking.nix
index 780dce4..95efa8a 100644
--- a/host/montalin/networking.nix
+++ b/host/montalin/networking.nix
@@ -18,4 +18,6 @@
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
diff --git a/role/base/default.nix b/role/base/default.nix
index 0aa0710..cd68079 100644
--- a/role/base/default.nix
+++ b/role/base/default.nix
@@ -8,12 +8,13 @@
   boot.loader.timeout = 2;
   boot.tmpOnTmpfs = true;
 
-  i18n = {
-    consoleFont = "Lat2-Terminus16";
-    consoleKeyMap = "sg-latin1";
-    defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "sg-latin1";
   };
 
+  i18n.defaultLocale = "en_US.UTF-8";
+
   environment.systemPackages = with pkgs; [
     wget
     curl
@@ -89,4 +90,10 @@
     gitconfig.source = ./etc/gitconfig;
     vimrc.source = ./etc/vimrc;
   };
+
+  security.acme = {
+    acceptTerms = true;
+    email = "sysadmin@qo.is";
+  };
+
 }
diff --git a/role/database/default.nix b/role/database/default.nix
new file mode 100644
index 0000000..0aab494
--- /dev/null
+++ b/role/database/default.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_12;
+  };
+
+  services.postgresqlBackup.enable = true;
+}
diff --git a/role/nextcloud/default.nix b/role/nextcloud/default.nix
index e830b5b..1aea244 100644
--- a/role/nextcloud/default.nix
+++ b/role/nextcloud/default.nix
@@ -2,15 +2,23 @@
 { config, lib, pkgs, ... }:
 
 {
-  services.nextcloud.config = {
-    adminpassFile = "/secrets/nextcloud-admin"; # TODO
-    adminuser = "root";
-    dbtype = "pgsql";
-    dbhost = "/run/postgresql";
+  services.nextcloud = {
     enable = true;
     https = true;
-    maxUploadSize = "1G";
-    nginx.enable = true;
     webfinger = true;
+    nginx.enable = true;
+    maxUploadSize = "1G";
+
+    config = {
+      adminpassFile = "/secrets/nextcloud-admin"; # TODO
+      adminuser = "root";
+      dbtype = "pgsql";
+      dbhost = "/run/postgresql";
+    };
+  };
+
+  systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
   };
 }