diff --git a/home/dot_config/borgmatic.d/torus_bulk.yaml b/home/dot_config/borgmatic.d/torus_bulk.yaml
index 983446e6..af700602 100644
--- a/home/dot_config/borgmatic.d/torus_bulk.yaml
+++ b/home/dot_config/borgmatic.d/torus_bulk.yaml
@@ -1,10 +1,16 @@
 source_directories:
     - /engi/backup # Static files and service dumps
-    #- /home/tstarr/Sync # Syncthing files
+    - /var/lib/nextcloud # nextcloud files (besides sql dump)
     
 before_backup:
   - "tree /engi > /engi/backup/tree.txt"
-  - sudo -u gitea backup-dump-gitea
+  - sudo -u gitea dump-gitea
+  - sudo -u nextcloud dump-nextcloud
+  - nextcloud-occ maintenance:mode --on
+
+after_backup:
+  - restore-docker-containers
+  - nextcloud-occ maintenance:mode --off
 
 archive_name_format: 'torus_bulk.borg-{now}'
 
diff --git a/provision/hosts/torus/gitea.nix b/provision/hosts/torus/gitea.nix
index 91b854c3..d6ace446 100644
--- a/provision/hosts/torus/gitea.nix
+++ b/provision/hosts/torus/gitea.nix
@@ -11,7 +11,7 @@ in {
   ];
 
   environment.systemPackages = [
-    (pkgs.writeScriptBin "backup-dump-gitea" ''
+    (pkgs.writeScriptBin "dump-gitea" ''
       #!/bin/sh
       cd ${dumpFolder}
       [ -e gitea-dump.zip ] && rm gitea-dump.zip
diff --git a/provision/hosts/torus/nextcloud.nix b/provision/hosts/torus/nextcloud.nix
index 1d0c55a4..74e7d2b4 100644
--- a/provision/hosts/torus/nextcloud.nix
+++ b/provision/hosts/torus/nextcloud.nix
@@ -1,7 +1,24 @@
 { config, lib, pkgs, user, ... }:
-{
+let
+  dumpFolder = "/engi/backup/dumps/nextcloud";
+  domain = "cloud.tstarr.us";
+in {
   environment.systemPackages = with pkgs; [
     cron
+    zip
+    rsync
+    (pkgs.writeScriptBin "dump-nextcloud" ''
+      #!/bin/sh
+      cd ${dumpFolder}
+      [ -e nextcloud-sql ] && rm nextcloud-sql 
+      nextcloud-occ maintenance:mode --on
+      mysqldump --single-transaction nextcloud > ${dumpFolder}/nextcloud-sql
+      nextcloud-occ maintenance:mode --off
+    '')
+  ];
+
+  systemd.tmpfiles.rules = [
+    "d ${dumpFolder} 0775 nextcloud nextcloud -"
   ];
   
   # nextcloud secrets
@@ -13,7 +30,7 @@
 
   services = {
     nginx.virtualHosts = {
-      "cloud.tstarr.us" = {
+      "${domain}" = {
         forceSSL = true;
         enableACME = true;
       };
@@ -21,7 +38,7 @@
 
     nextcloud = {
       enable = true;
-      hostName = "cloud.tstarr.us";
+      hostName = "${domain}";
 
        # Need to manually increment with every major upgrade.
       package = pkgs.nextcloud29;