diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 0d73d2c..7bbbc02 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -1,7 +1,7 @@
 { pkgs, config, ... }:
 let variable = import ../../variables.nix;
 in {
-  imports = [ ./hardware-configuration.nix ./openssh.nix ./nextcloud.nix ];
+  imports = [ ./hardware-configuration.nix ./openssh.nix ./nextcloud.nix ./firewall.nix ./nginx.nix ];
 
   boot = {
     loader.efi.canTouchEfiVariables = true;
diff --git a/hosts/server/firewall.nix b/hosts/server/firewall.nix
new file mode 100644
index 0000000..f30c08b
--- /dev/null
+++ b/hosts/server/firewall.nix
@@ -0,0 +1,7 @@
+{
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 ];
+  };
+}
diff --git a/hosts/server/nextcloud.nix b/hosts/server/nextcloud.nix
index cc23e8b..a308f91 100644
--- a/hosts/server/nextcloud.nix
+++ b/hosts/server/nextcloud.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, config, ... }: {
 
   environment.systemPackages = with pkgs; [ nextcloud29 ];
 
@@ -7,27 +7,12 @@
     package = pkgs.nextcloud29;
     hostName = "localhost";
     config.adminpassFile = "/etc/nextcloudpwd";
-    nginx.enable = true;
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-  services.nginx = {
-    enable = true;
-
-    # Use recommended settings
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    # Only allow PFS-enabled ciphers with AES256
-    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
-    # Setup Nextcloud virtual host to listen on ports
-    virtualHosts = {
-
-      "localhost" = { };
-    };
-  };
+  services.nginx.virtualHosts."localhost".listen = [{
+    addr = "127.0.0.1";
+    port = 8080;
+  }];
 }
diff --git a/hosts/server/nginx.nix b/hosts/server/nginx.nix
new file mode 100644
index 0000000..86a7164
--- /dev/null
+++ b/hosts/server/nginx.nix
@@ -0,0 +1,11 @@
+{
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  networking.firewall = { allowedTCPPorts = [ 80 443 ]; };
+}