diff --git a/nixos/services/nextcloud.nix b/nixos/services/nextcloud.nix
index 4bae917..51fce65 100644
--- a/nixos/services/nextcloud.nix
+++ b/nixos/services/nextcloud.nix
@@ -29,12 +29,14 @@ in {
     https = true;
     hostName = "files.${config.networking.domain}";
     configureRedis = true;
+    database.createLocally = true;
     config = {
       adminpassFile = secrets."nextcloud/admin_password".path;
+      dbtype = "pgsql";
     };
     secretFile = sops.templates."nextcloud/secrets.json".path;
     settings = {
-      trusted_proxies = ["192.168.1.2"];
+      trusted_proxies = ["192.168.1.1" "127.0.0.1"];
       maintenance_window_start = 2;
       default_phone_region = "GB";
       # https://github.com/pulsejet/nextcloud-oidc-login
@@ -64,7 +66,9 @@ in {
       oidc_login_public_key_caching_time = 604800;
       oidc_login_min_time_between_jwks_requests = 10;
       oidc_login_well_known_caching_time = 86400;
+      datadirectory = "/mnt/storage/nextcloud";
     };
+    maxUploadSize = "5G";
   };
   services.nginx.virtualHosts.${nextcloud.hostName} = {
     forceSSL = true;
diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix
index 6e9d678..23c10f1 100644
--- a/nixos/services/prometheus.nix
+++ b/nixos/services/prometheus.nix
@@ -17,6 +17,20 @@ in {
           }
         ];
       }
+      {
+        job_name = "prometheus";
+        static_configs = [
+          {
+            targets = ["localhost:${toString config.services.prometheus.exporters.postgres.port}"];
+          }
+        ];
+      }
     ];
+    exporters = {
+      postgres = {
+        enable = true;
+        runAsLocalSuperUser = true;
+      };
+    };
   };
 }