diff --git a/provision/additional-setup.md b/provision/additional-setup.md
index 5f71fc13..3368570d 100644
--- a/provision/additional-setup.md
+++ b/provision/additional-setup.md
@@ -15,7 +15,10 @@ settings.
 
 Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated
 things to much. The key for github SSH must be transferred manually from Bitwarden
-or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+or:
+
+- `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+- `/run/secrets/radicale/users` to `~/.config/radicale/users`.
 
 ### Sops-nix 
 
diff --git a/provision/hosts/torus/configuration.nix b/provision/hosts/torus/configuration.nix
index 4f481d22..36391edd 100644
--- a/provision/hosts/torus/configuration.nix
+++ b/provision/hosts/torus/configuration.nix
@@ -5,10 +5,10 @@
     ./wireguard-server.nix
     ./samba-server.nix
     ./syncthing.nix
-    ./share.nix
     ./rss.nix
     ./home-assistant
     ./gitea.nix
+    ./nextcloud.nix
   ];
 
   nix = {
@@ -126,13 +126,6 @@
       "plot.tstarr.us" = (SSL // {
         locations."/".proxyPass = "http://localhost:8988/"; 
       });
-      "share.tstarr.us" = (SSL // {
-        locations."/".proxyPass = "http://localhost:5001/"; 
-        extraConfig = ''
-          auth_pam  "Password Required";
-          auth_pam_service_name "nginx";        
-        '';
-      });
     };
   };
 
diff --git a/provision/hosts/torus/nextcloud.nix b/provision/hosts/torus/nextcloud.nix
new file mode 100644
index 00000000..0894d765
--- /dev/null
+++ b/provision/hosts/torus/nextcloud.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, user, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    cron
+  ];
+  
+  services = {
+    nginx.virtualHosts = {
+      "cloud.tstarr.us" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+
+    nextcloud = {
+      enable = true;
+      hostName = "cloud.tstarr.us";
+
+       # Need to manually increment with every major upgrade.
+      package = pkgs.nextcloud29;
+
+      # Let NixOS install and configure the database automatically.
+      database.createLocally = true;
+
+      # Let NixOS install and configure Redis caching automatically.
+      configureRedis = true;
+
+      # Increase the maximum file upload size to avoid problems uploading videos.
+      maxUploadSize = "16G";
+      https = true;
+      autoUpdateApps.enable = true;
+      settings = {
+        overwriteprotocol = "https";
+        default_phone_region = "US";
+      };
+
+      config = {
+        dbtype = "mysql";
+        adminuser = "admin";
+        adminpassFile = "/run/secrets/nextcloud/password";
+      };
+    };
+  };
+}
diff --git a/provision/hosts/torus/share.nix b/provision/hosts/torus/share.nix
deleted file mode 100644
index 006638e0..00000000
--- a/provision/hosts/torus/share.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, pkgs, user, ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 5001 ];
-  networking.firewall.allowedUDPPorts = [ 5001 ];
-
-  environment.systemPackages = with pkgs; [ 
-    dufs # Distinctive utility file server
-  ];
-
-  systemd.services.share = {
-    description = "Start dufs for quick sharing of files";
-    wantedBy = [ "default.target" ];
-    
-    restartIfChanged = true;
-    
-    serviceConfig = {
-      Type = "simple";
-      Restart = "always";
-      ExecStart = "${pkgs.dufs}/bin/dufs -p 5001 -A /engi/apps/dufs/share";
-    };
-  };
-}
diff --git a/provision/modules/desktop/browser.nix b/provision/modules/desktop/browser.nix
index d1773492..7e7cf4a0 100644
--- a/provision/modules/desktop/browser.nix
+++ b/provision/modules/desktop/browser.nix
@@ -52,10 +52,10 @@ in {
           { "toplevel_name" = "Bookmarks"; }
           { "name" = "Daily"; "children" = [
             { "url" = "https://rss.tstarr.us"; name = "Miniflux"; }
+            { "url" = "https://cloud.tstarr.us"; name = "Nextcloud"; }
             { "url" = "https://git.tstarr.us"; name = "Gitea"; }
             { "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; }
             { "url" = "https://home.tstarr.us"; name = "Home Assistant"; }
-            { "url" = "https://share.tstarr.us"; name = "Share (dufs)"; }
             { "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; }
             { "url" = "https://gmail.com/"; name = "Mail"; }
             { "url" = "https://github.com/"; name = "GitHub"; }
diff --git a/provision/modules/system/secrets.nix b/provision/modules/system/secrets.nix
index e76c7ada..4648b3ce 100644
--- a/provision/modules/system/secrets.nix
+++ b/provision/modules/system/secrets.nix
@@ -13,6 +13,9 @@ in {
       # Keys
       secrets."keys/github_personal" = { owner = "${user}"; };
 
+      # Nextcloud password
+      secrets."nextcloud/password" = { owner = "nextcloud"; };
+
       # Wireguard secrets
       secrets."wireguard/kestrel" = { owner = "${user}"; };
       secrets."wireguard/bulwark" = { owner = "${user}"; };
diff --git a/provision/secrets/secrets.yaml b/provision/secrets/secrets.yaml
index 1a1f50fc..27fb8ea7 100644
--- a/provision/secrets/secrets.yaml
+++ b/provision/secrets/secrets.yaml
@@ -1,5 +1,5 @@
-tokens:
-    gitea-runner: ENC[AES256_GCM,data:aIv9cKFkRd3EX9DQenDlL8RbxlrQm52YoQhl4lpfRJVSp+TFFaMjKOw=,iv:r/1wb+bz9JqyF3FsOOq7gvD2+LP7VazfZq2FPuBltzs=,tag:AQQvyutaDoYp1MhnVkmOzA==,type:str]
+nextcloud:
+    password: ENC[AES256_GCM,data:qI3PV8ybqKQ=,iv:aXQyTUQ9twlmMx3j01cfk6gy/1fAfUxjYXs5QXPUTjU=,tag:kY+lM1qGm+8OCKgDnXZwSw==,type:str]
 keys:
     github_personal: ENC[AES256_GCM,data:JQ0l0VNKjgf2yq7nZSED+6gf27ILfkvkdJkcsBLcX0K5isogtlF8Y8zI28dqLsSmriHf7L52fy3LjXDVkxXl8XupyPxJF3roeAxtj2rwXhVxMkAAEcWCaFUpa1UI5I2LIV2Ne32Ug6I5CKLlEzWXs7AImYJmmw0B6cn1hPyHJKc0I0My5A2b6LJq5J7mrJJ+PnybDNPW7QvZ0hIcqjNIXv1gcf9XMo6RU0dYnnRJaf6w/D5Nvrj15OG6oCe2C7e7O+JjgjQahUOOTlp1/5bbTW5ZDWEUxIn4llCsrkjjdKkYrCmYhQ45NLk+ZpWgXJZLgbfgc25nUOiLOoGbxO7kXienrY1y+t7/UA5AqKHj6575Iy5wN+P/XqzQ6ARkBh5Jy5gvrGFBtxcHml5J/j8ROJ9CoHmiT0jNycEll2yFcnIqAIbPqPuuu341sErFT33SMRzxKmlmyCCjaJrZB423NHqLiTA8oQ+mmkvOaE3cmuEU5oCT7OhL+RELbMNWjNOz7weNNgbt+fyy/U+VmtobLCllhRFDo0I/OFuFZ/UUqqEAAjv/NPk5V+7yCtBb9CmFROD9cG9xxx0mdkt8GHXYML7mIrCe/8ILKm3oWSVEA5w=,iv:0my7Q3Uog/nu3A3IprXuRAMTYmSv9YV1bo3BSAk2wlk=,tag:u41VgXeMBb2righhXUrPUA==,type:str]
 wireguard:
@@ -22,8 +22,8 @@ sops:
             ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
             3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-27T05:14:56Z"
-    mac: ENC[AES256_GCM,data:vfGJ/brE7HFBvxu4HFI532Bm9QP/7xI+Doroq56JAjgT7hd9KNuhMMS+rHuHl+baGZJbPsi9QcTNGSk1dF/vgfunF8ChyCipi5sLrLze7T2xJ/IQ3o5e23gR4X3w45EcOgYRJxiuKvnI5ZzKlbGr/BadE1WjiSCynudQzqP7AeY=,iv:5P2O9VrYPA+Yczk2jpislNGEh5l68lKWJhn2ddL0BPM=,tag:sAmcc/ejokN5xoRKiVWAAw==,type:str]
+    lastmodified: "2024-05-22T04:53:58Z"
+    mac: ENC[AES256_GCM,data:kFwTfaMijQWWfNMSkDjeVlPXhfrhxfgCgLZDTS4h2ENuNLhQkkUYfHyRaRFAzl+A74XydmAuHTdvl57yuehSkoXSE1NgmkbNVBbBxKB8p/HtFBV3hK0tuTE6E6ZzryI/9C7yPdKmuRIqIftUmdSaGPIU7CduBM+t1v1rhi8aWNg=,iv:HaQ+YUSRgqQSsyzvHGpDuC/Rw2jHJb4KtpvESzTBc8g=,tag:HVr6X67mIRPq038k/MnNkw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1