diff --git a/systems/x86_64-linux/stargate/services/nextcloud.nix b/systems/x86_64-linux/stargate/services/nextcloud.nix
index ca7d0a0..9d03d63 100644
--- a/systems/x86_64-linux/stargate/services/nextcloud.nix
+++ b/systems/x86_64-linux/stargate/services/nextcloud.nix
@@ -35,14 +35,17 @@ with lib.custom; {
         whiteboard
         #twofactor_totp
         spreed
-        maps
         integration_paperless
         deck
+        notes
+        bookmarks
+        richdocuments
         ;
     };
     autoUpdateApps.enable = true;
     extraAppsEnable = true;
     configureRedis = true;
+    appstoreEnable = true;
   };
   services.nextcloud-whiteboard-server = {
     enable = true;
@@ -53,4 +56,56 @@ with lib.custom; {
       config.sops.secrets."services/nextcloud/whiteboard".path
     ];
   };
+  # https://diogotc.com/blog/collabora-nextcloud-nixos/
+  services.collabora-online = {
+    enable = true;
+    port = 9980;
+    settings = {
+      # Rely on reverse proxy for SSL
+      ssl = {
+        enable = false;
+        termination = true;
+      };
+
+      # Listen on loopback interface only, and accept requests from ::1
+      net = {
+        listen = "loopback";
+        post_allow.host = ["::1"];
+      };
+
+      # Restrict loading documents from WOPI Host nextcloud.example.com
+      storage.wopi = {
+        "@allow" = true;
+        host = ["nextcloud.kylekrein.com"];
+      };
+
+      # Set FQDN of server
+      server_name = "collabora.kylekrein.com";
+    };
+  };
+
+  systemd.services.nextcloud-config-collabora = let
+    inherit (config.services.nextcloud) occ;
+
+    wopi_url = "http://[::1]:${toString config.services.collabora-online.port}";
+    public_wopi_url = "https://collabora.kylekrein.com";
+    wopi_allowlist = lib.concatStringsSep "," [
+      "192.168.178.129"
+      "127.0.0.1"
+      "::1"
+    ];
+  in {
+    wantedBy = ["multi-user.target"];
+    after = ["nextcloud-setup.service" "coolwsd.service"];
+    requires = ["coolwsd.service"];
+    script = ''
+      ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+      ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+      ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+      ${occ}/bin/nextcloud-occ richdocuments:setup
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+    };
+  };
 }
diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix
index 6e1622b..a27f027 100644
--- a/systems/x86_64-linux/stargate/services/nginx.nix
+++ b/systems/x86_64-linux/stargate/services/nginx.nix
@@ -95,6 +95,15 @@ in {
         };
       };
 
+      "collabora.kylekrein.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
+          proxyWebsockets = true;
+        };
+      };
+
       "ntfy.kylekrein.com" = {
         enableACME = true;
         forceSSL = true;