diff --git a/modules/home/programs/librewolf/default.nix b/modules/home/programs/librewolf/default.nix
index c318969..7caecc7 100644
--- a/modules/home/programs/librewolf/default.nix
+++ b/modules/home/programs/librewolf/default.nix
@@ -96,6 +96,11 @@ in {
               install_url = "https://addons.mozilla.org/firefox/downloads/latest/aliasvault/latest.xpi";
               installation_mode = "force_installed";
             };
+            #floccus (nextcloud bookmarks)
+            "floccus@handmadeideas.org" = {
+              install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
+              installation_mode = "force_installed";
+            };
             # global speed
             "{f4961478-ac79-4a18-87e9-d2fb8c0442c4}" = {
               install_url = "https://addons.mozilla.org/firefox/downloads/latest/global-speed/latest.xpi";
diff --git a/systems/x86_64-linux/stargate/services/nextcloud.nix b/systems/x86_64-linux/stargate/services/nextcloud.nix
index d91bd6f..7e0fff4 100644
--- a/systems/x86_64-linux/stargate/services/nextcloud.nix
+++ b/systems/x86_64-linux/stargate/services/nextcloud.nix
@@ -23,8 +23,16 @@ with lib.custom; {
       dbtype = "pgsql";
       adminpassFile = config.sops.secrets."services/nextcloud/dbPassword".path;
     };
+    phpOptions = {
+      "opcache.interned_strings_buffer" = "64";
+      "opcache.memory_consumption" = "256";
+    };
     settings = {
       "maintenance_window_start" = 1;
+      log_type = "syslog";
+      default_locale = "ru_RU";
+      default_phone_region = "DE";
+      allow_user_to_change_display_name = true;
     };
     hostName = "nextcloud.kylekrein.com";
     https = true;
@@ -80,7 +88,7 @@ with lib.custom; {
         post_allow.host = ["::1"];
       };
 
-      # Restrict loading documents from WOPI Host nextcloud.example.com
+      # Restrict loading documents from WOPI Host nextcloud.kylekrein.com
       storage.wopi = {
         "@allow" = true;
         host = ["nextcloud.kylekrein.com"];
@@ -97,7 +105,6 @@ with lib.custom; {
     wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
     public_wopi_url = "https://collabora.kylekrein.com";
     wopi_allowlist = lib.concatStringsSep "," [
-      "192.168.178.129"
       "127.0.0.1"
       "::1"
     ];
@@ -115,4 +122,9 @@ with lib.custom; {
       Type = "oneshot";
     };
   };
+
+  networking.hosts = {
+    "127.0.0.1" = ["nextcloud.kylekrein.com" "collabora.kylekrein.com"];
+    "::1" = ["nextcloud.kylekrein.com" "collabora.kylekrein.com"];
+  };
 }
diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix
index a27f027..bc38324 100644
--- a/systems/x86_64-linux/stargate/services/nginx.nix
+++ b/systems/x86_64-linux/stargate/services/nginx.nix
@@ -94,13 +94,39 @@ in {
           proxyWebsockets = true;
         };
       };
-
+      # https://github.com/NixOS/nixpkgs/issues/218878#issuecomment-2471223335
       "collabora.kylekrein.com" = {
         enableACME = true;
         forceSSL = true;
-        locations."/" = {
+        locations = let
           proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
-          proxyWebsockets = true;
+        in {
+          # static files
+          "^~ /browser".proxyPass = proxyPass;
+
+          # WOPI discovery URL
+          "^~ /hosting/discovery".proxyPass = proxyPass;
+
+          # Capabilities
+          "^~ /hosting/capabilities".proxyPass = proxyPass;
+
+          # main websocket
+          "~ ^/cool/(.*)/ws$" = {
+            proxyPass = proxyPass;
+            proxyWebsockets = true;
+          };
+
+          # download, presentation and image upload
+          "~ ^/(c|l)ool" = {
+            proxyPass = proxyPass;
+            priority = 1001;
+          };
+
+          # Admin Console websocket
+          "^~ /cool/adminws" = {
+            proxyPass = proxyPass;
+            proxyWebsockets = true;
+          };
         };
       };