Thanks for the comments. I will check out sops.nix and play with the environment.systemPackages and see what i reallty need.
I recommend starting by creating the secret yourself, beginning with plain Nix is easier 
1 Like
For me having the data for mysql and nextcloud on a secure, redunant storage is a more secure approach than having this data to backup manually
fwiw I’ve always been too lazy to move my Nextcloud installation to another prefix, so when I changed the storage below, I just did a bind-mount into /var/lib/nextcloud/data.