diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..e4e58db
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "docker/oxicloud/OxiCloud"]
+	path = docker/oxicloud/OxiCloud
+	url = git@github.com:DioCrafts/OxiCloud.git
diff --git a/docker/minecraft/docker-compose.yml b/docker/minecraft/docker-compose.yml
index 176cac0..7d65b94 100644
--- a/docker/minecraft/docker-compose.yml
+++ b/docker/minecraft/docker-compose.yml
@@ -2,6 +2,7 @@
 services:
   mc:
     image: itzg/minecraft-server:java23-graalvm
+    restart: unless-stopped
     tty: true
     stdin_open: true
     ports:
diff --git a/docker/oxicloud/OxiCloud b/docker/oxicloud/OxiCloud
new file mode 160000
index 0000000..cf9fe82
--- /dev/null
+++ b/docker/oxicloud/OxiCloud
@@ -0,0 +1 @@
+Subproject commit cf9fe82b5f72f173d140321448ded789c604989a
diff --git a/docker/oxicloud/docker-compose.yml b/docker/oxicloud/docker-compose.yml
new file mode 100644
index 0000000..f89895f
--- /dev/null
+++ b/docker/oxicloud/docker-compose.yml
@@ -0,0 +1,22 @@
+---
+services:
+  oxicloud:
+    image: git.roboces.dev/catalin/fukuops:oxicloud-0.5.2
+    restart: always
+    ports:
+      - "8086:8086"
+    environment:
+      OXICLOUD_DB_CONNECTION_STRING: ${OXICLOUD_DB_CONNECTION_STRING:-postgres://postgres:postgres@postgres/oxicloud}
+      OXICLOUD_OIDC_ENABLED: ${OXICLOUD_OIDC_ENABLED:-true}
+      OXICLOUD_OIDC_ISSUER_URL: ${OXICLOUD_OIDC_ISSUER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/}
+      OXICLOUD_OIDC_CLIENT_ID: ${OXICLOUD_OIDC_CLIENT_ID}
+      OXICLOUD_OIDC_CLIENT_SECRET: ${OXICLOUD_OIDC_CLIENT_SECRET}
+      OXICLOUD_OIDC_REDIRECT_URI: ${OXICLOUD_OIDC_REDIRECT_URI:-https://cloud.roboces.dev/api/auth/oidc/callback}
+      OXICLOUD_OIDC_FRONTEND_URL: ${OXICLOUD_OIDC_FRONTEND_URL:-https://cloud.roboces.dev}
+      OXICLOUD_OIDC_ADMIN_GROUPS: ${OXICLOUD_OIDC_ADMIN_GROUPS:-""}
+      OXICLOUD_OIDC_SCOPES: ${OXICLOUD_OIDC_SCOPES:-offline_access openid profile email}
+      OXICLOUD_OIDC_PROVIDER_NAME: ${OXICLOUD_OIDC_PROVIDER_NAME:-Authentik}
+      OXICLOUD_OIDC_AUTO_PROVISION: ${OXICLOUD_OIDC_AUTO_PROVISION:-true}
+      RUST_LOG: debug
+    volumes:
+      - ${OXICLOUD_DATA_VOLUME:-/mnt/zeruel/nas1/shared/storage/data}:/app/storage
diff --git a/docker/oxicloud/sample.env b/docker/oxicloud/sample.env
new file mode 100644
index 0000000..032e2f8
--- /dev/null
+++ b/docker/oxicloud/sample.env
@@ -0,0 +1,10 @@
+OXICLOUD_DB_CONNECTION_STRING=
+OXICLOUD_OIDC_ENABLED=
+OXICLOUD_OIDC_ISSUER_URL=
+OXICLOUD_OIDC_CLIENT_ID=
+OXICLOUD_OIDC_CLIENT_SECRET=
+OXICLOUD_OIDC_REDIRECT_URI=
+OXICLOUD_OIDC_FRONTEND_URL=
+OXICLOUD_OIDC_ADMIN_GROUPS=""
+OXICLOUD_OIDC_PROVIDER_NAME=
+OXICLOUD_OIDC_SCOPES=offline_access openid profile email
diff --git a/docker/rustical/docker-compose.yml b/docker/rustical/docker-compose.yml
index 47a847b..9bb09f3 100644
--- a/docker/rustical/docker-compose.yml
+++ b/docker/rustical/docker-compose.yml
@@ -2,6 +2,7 @@
 services:
   rustical:
     image: ghcr.io/lennart-k/rustical:0.12.9
+    restart: unless-stopped
     ports:
       - '4000:4000'
     volumes:
diff --git a/k8s/argo-apps/authentik.yaml b/k8s/argo-apps/authentik.yaml
index fc44e71..1c9e424 100644
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@@ -26,7 +26,7 @@ spec:
               timeout: 30
               from: auth@fukurokuju.dev
             postgresql:
-              host: psql15-postgres.apps-fuku.svc.cluster.local
+              host: 192.168.1.3
               port: 5432
               name: auth
               user: file:///authentik-creds/pg_username
diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf
index 4ff4a0c..a941542 100644
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@@ -37,22 +37,6 @@ resource "authentik_group" "arrs" {
   is_superuser = false
 }
 
-resource "authentik_group" "vpn" {
-  name         = "vpn"
-  is_superuser = false
-}
-
-resource "authentik_group" "ftp" {
-  name         = "ftp"
-  is_superuser = false
-}
-
-resource "authentik_group" "mediamanager" {
-  name         = "mediamanager"
-  is_superuser = false
-}
-
-
 module "gitea" {
   source              = "../modules/authentik-oidc"
   app_name            = "Gitea"
@@ -181,30 +165,6 @@ module "prowlarr" {
   internal_host_ssl_validation = false
 }
 
-module "sftpgo" {
-  source              = "../modules/authentik-oidc"
-  app_name            = "SFTPGo"
-  app_slug            = "SFTPGo"
-  client_id           = var.sftpgo_client_id
-  client_secret       = var.sftpgo_client_secret
-  client_type         = "confidential"
-  app_access_group_id = authentik_group.ftp.id
-  redirect_uris = [
-    {
-      matching_mode = "regex",
-      url           = "https://ftp.fukurokuju.dev/.*"
-    }
-  ]
-  extra_property_mappings = [
-
-  ]
-  app_icon              = "https://ftp.fukurokuju.dev/static/img/logo.png"
-  access_token_validity = "days=10"
-  app_url               = "https://ftp.fukurokuju.dev"
-  app_description       = "SFTPGo"
-  sub_mode              = "user_username"
-}
-
 module "rustical" {
   source              = "../modules/authentik-oidc"
   app_name            = "rustical"
@@ -272,3 +232,17 @@ module "pulse" {
   redirect_uris       = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
   app_access_group_id = authentik_group.admins.id
 }
+
+module "cloud" {
+  source        = "../modules/authentik-oidc"
+  app_name      = "Cloud"
+  app_slug      = "cloud"
+  app_url       = "https://cloud.roboces.dev"
+  client_id     = var.oxicloud_client_id
+  client_secret = var.oxicloud_client_secret
+  app_icon      = "https://cloud.roboces.dev/themes/opencloud/assets/favicon.svg"
+  redirect_uris = [{
+    matching_mode = "strict", url = "https://cloud.roboces.dev/api/auth/oidc/callback"
+  }]
+  app_access_group_id = ""
+}
diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env
index 31a7461..7230d1f 100644
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@@ -18,3 +18,5 @@ TF_VAR_ganymede_client_id=
 TF_VAR_ganymede_client_secret=
 TF_VAR_pulse_client_id=
 TF_VAR_pulse_client_secret=
+TF_VAR_oxicloud_client_id=aef61f77326b813cf8d8ba71d1ac994b5642685ca37e4710ab0079e91d87702d55fd9775d473b05aff45603bf08e78dba26850af3a815f3c3ac171d163368aa0
+TF_VAR_oxicloud_client_secret=a4038df17c9fd06f86372aeaaae8f3fd1374d8978983af7b398d948ef15d1efe522a1faa2fc7652bc410c516d96cd2e4211dad4e05ba6297bdd8d9090460d5fc
diff --git a/tofu/authentik/vars.tf b/tofu/authentik/vars.tf
index f0e5dc2..920d995 100644
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@@ -88,3 +88,13 @@ variable "pulse_client_secret" {
   description = "Pulse client secret"
   type        = string
 }
+
+variable "oxicloud_client_id" {
+  description = "Oxicloud client ID"
+  type        = string
+}
+
+variable "oxicloud_client_secret" {
+  description = "Oxicloud client secret"
+  type        = string
+}