diff --git a/configs/workhorse/nextcloud.nix b/configs/workhorse/nextcloud.nix
index 00674f2..306b5cd 100644
--- a/configs/workhorse/nextcloud.nix
+++ b/configs/workhorse/nextcloud.nix
@@ -1,16 +1,63 @@
 { pkgs, ... }: {
-  services.nextcloud = {
-    enable = true;
-    autoUpdateApps.enable = true;
-    config.adminpassFile = toString <secrets/nextcloud/rootpassword>;
-    #home = "/home/nextcloud";
-    nginx.enable = true;
-    hostName = "nextcloud.workhorse.private";
-    logLevel = 0;
-    config.extraTrustedDomains =
-      [ "nextcloud.ingolf-wagner.de" "nextcloud.gaykraft.com" ];
+
+  # setup nextcloud in a container
+  containers.nextcloud = {
+    bindMounts = {
+      password = {
+        hostPath = toString <secrets/nextcloud/rootpassword>;
+        mountPoint = toString <secrets/nextcloud/rootpassword>;
+        isReadOnly = true;
+      };
+      home = {
+        hostPath = toString "/home/nextcloud";
+        mountPoint = "/var/lib/nextcloud";
+        isReadOnly = false;
+      };
+    };
+
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+
+    autoStart = true;
+
+    config = { config, pkgs, ... }: {
+
+      networking.firewall.allowedTCPPorts = [ 80 ];
+      networking.firewall.allowedUDPPorts = [ 80 ];
+
+      services.nextcloud = {
+        enable = true;
+        autoUpdateApps.enable = true;
+        config.adminpassFile = toString <secrets/nextcloud/rootpassword>;
+        nginx.enable = true;
+        hostName = "nextcloud.workhorse.private";
+        logLevel = 0;
+        config.extraTrustedDomains = [
+          "nextcloud.ingolf-wagner.de"
+          "nextcloud.gaykraft.com"
+          "192.168.100.11"
+        ];
+      };
+
+      environment.systemPackages = [ pkgs.smbclient ];
+    };
   };
 
-  environment.systemPackages = [ pkgs.smbclient ];
+  # host nginx setup
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "nextcloud.workhorse.private" = {
+        locations."/" = {
+          proxyPass = "http://192.168.100.11";
+          extraConfig = ''
+            sub_filter "192.168.100.11" "nextcloud.workhorse.private";
+            client_max_body_size 0;
+          '';
+        };
+      };
+    };
+  };
 
 }
diff --git a/configs/workhorse/syncthing.nix b/configs/workhorse/syncthing.nix
index bce88b8..222e177 100644
--- a/configs/workhorse/syncthing.nix
+++ b/configs/workhorse/syncthing.nix
@@ -5,6 +5,7 @@
     folders = {
       movies = config.test.services.syncthing.declarative.folders.movies.path;
       series = config.test.services.syncthing.declarative.folders.series.path;
+      samples = config.test.services.syncthing.declarative.folders.samples.path;
       music =
         config.test.services.syncthing.declarative.folders.music-library.path;
     };