diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix
index 6014d04..5535eaa 100644
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@@ -13,6 +13,12 @@
       group = "nextcloud";
       mode = "770";
     };
+    nextcloud-secrets = {
+      file = ../../secrets/nextcloud-secrets.age;
+      owner = "nextcloud";
+      group = "nextcloud";
+      mode = "770";
+    };
   };
 
   my = {
@@ -24,6 +30,7 @@
     services.nextcloud = {
       enable = true;
       adminPasswordFile = config.age.secrets.nextcloud-admin-pwd.path;
+      secretFile = config.age.secrets.nextcloud-secrets.path;
       proxy.domain = "pasetto.me";
     };
 
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 5e25206..fcdfc7a 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -20,6 +20,14 @@ in
       '';
     };
 
+    secretFile = lib.mkOption {
+      default = "";
+      type = lib.types.str;
+      description = ''
+        Path to the file containing extra secrets for Nextcloud
+      '';
+    };
+
     proxy = {
       enable = lib.mkEnableOption "Set the proxy entry for this service";
 
@@ -70,12 +78,21 @@ in
           https = true;
           nginx.recommendedHttpHeaders = true;
 
+          secretFile = cfg.secretFile;
+
           settings = {
-            overwriteProtocol = "https";
-            defaultPhoneRegion = "IT";
+            overwriteprotocol = "https";
+            default_phone_region = "IT";
             trusted_proxies = [ "192.168.1.150" ];
             trusted_domains = [ "cloud.${cfg.proxy.domain}" ];
             maintenance_window_start = 1;
+            mail_smtpmode = "smtp";
+            mail_sendmailmode = "smtp";
+            mail_from_address = "cloud";
+            mail_domain = cfg.proxy.domain;
+            mail_smtphost = "smtp.tem.scaleway.com";
+            mail_smtpport = 465;
+            mail_smtpauth = "true";
             enabledPreviewProviders = [
               "OC\\Preview\\BMP"
               "OC\\Preview\\GIF"
diff --git a/secrets.nix b/secrets.nix
index e0a1813..97bc7c1 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -15,6 +15,7 @@ let
     grafana-admin-pwd = [ machines.metrics ];
     grafana-secret-auth = [ machines.metrics ];
     nextcloud-admin-pwd = [ machines.nextcloud ];
+    nextcloud-secrets = [ machines.nextcloud ];
     vaultwarden-admin-pwd = [ machines.vaultwarden ];
     searx-secret = [ machines.caddy ];
     searx-prometheus-secret = [
diff --git a/secrets/nextcloud-secrets.age b/secrets/nextcloud-secrets.age
new file mode 100644
index 0000000..c689f6b
Binary files /dev/null and b/secrets/nextcloud-secrets.age differ