diff --git a/general_vars.yml.example b/general_vars.yml.example
index 9842a2a..6f5ba86 100644
--- a/general_vars.yml.example
+++ b/general_vars.yml.example
@@ -2,5 +2,6 @@
 uberspace_user: yourUberspaceUser
 domain: domainToService
 node_version: 12
+php_version: 7.4
 mysql_user: yourMysqlUser
 mysql_password: yourMysqlPassword
diff --git a/nextcloud.yml b/nextcloud.yml
new file mode 100644
index 0000000..f465e8a
--- /dev/null
+++ b/nextcloud.yml
@@ -0,0 +1,9 @@
+---
+- name: Set up Nextcloud
+  hosts: uberspace
+  vars_files:
+    - general_vars.yml
+    - nextcloud_vars.yml
+  remote_user: "{{ uberspace_user }}"
+  roles:
+    - nextcloud
diff --git a/nextcloud_vars.yml.example b/nextcloud_vars.yml.example
new file mode 100644
index 0000000..b4d8644
--- /dev/null
+++ b/nextcloud_vars.yml.example
@@ -0,0 +1,3 @@
+---
+nextcloud_admin_user: example
+nextcloud_admin_password: notASafePW
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index 767d444..e18bc4e 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -3,4 +3,5 @@
   command: supervisorctl reread
 - name: update supervisorctl 
   command: supervisorctl update
-
+- name: restart php
+  command: uberspace tools restart php
diff --git a/roles/common/tasks/tools.yml b/roles/common/tasks/tools.yml
index 6508d7a..c337ec0 100644
--- a/roles/common/tasks/tools.yml
+++ b/roles/common/tasks/tools.yml
@@ -8,3 +8,12 @@
     - name: update used version
       command: uberspace tools version use node {{ node_version }}
       when: used_node.stdout.find(node_version|string) == -1
+- name: use PHP
+  when: php_version is defined
+  block:  
+    - name: check used version
+      command: uberspace tools version show php
+      register: used_php
+    - name: update used version
+      command: uberspace tools version use php {{ php_version }}
+      when: used_php.stdout.find(php_version|string) == -1
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 0000000..0f6ef94
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+phone_region: DE
+use_sendmail: yes
diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml
new file mode 100644
index 0000000..ed236e4
--- /dev/null
+++ b/roles/nextcloud/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart notify_push
+  ansible.builtin.command: supervisorctl restart notify_push
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 0000000..11476a8
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: common
+  - role: redis
diff --git a/roles/nextcloud/tasks/apps.yml b/roles/nextcloud/tasks/apps.yml
new file mode 100644
index 0000000..01c8c4a
--- /dev/null
+++ b/roles/nextcloud/tasks/apps.yml
@@ -0,0 +1,41 @@
+---
+- name: install notify_push
+  block:
+    - name: install app
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ app:install notify_push
+    - name: set permissions
+      ansible.builtin.file:
+        path: ~/html/apps/notify_push/x86_64/notify_push
+        mode: 0744
+    - name: create symlink
+      ansible.builtin.file:
+        path: ~/bin/notify_push
+        src: ~/html/apps/notify_push/x86_64/notify_push
+        state: link
+    - name: create service
+      ansible.builtin.template:
+        src: notify_push_service.j2
+        dest: ~/etc/services.d/notify_push.ini
+        mode: 0644
+      notify:
+        - reload supervisorctl
+        - update supervisorctl 
+    - name: get backend list
+      ansible.builtin.command: uberspace web backend list
+      register: backends
+    - name: add backend
+      when: backend.stdout.find('http:7867') == -1
+      ansible.builtin.command: uberspace web backend set /push --http --port 7867
+    - name: get ip route
+      ansible.builtin.command: ip route
+      register: ip
+    - name: set trusted proxies
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set trusted_proxies 0 --value="{{ ip.stdout.split().8 }}"
+    - name: configure notify_push app with backend
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ notify_push:setup https://{{ domain }}/push
\ No newline at end of file
diff --git a/roles/nextcloud/tasks/config.yml b/roles/nextcloud/tasks/config.yml
new file mode 100644
index 0000000..acb7d4a
--- /dev/null
+++ b/roles/nextcloud/tasks/config.yml
@@ -0,0 +1,90 @@
+---
+- name: configure email
+  when: use_sendmail
+  block:
+    - name: mail_domain
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set mail_domain --value="uber.space"
+    - name: mail_from_address
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set mail_from_address --value="{{ uberspace_user }}"
+    - name: smtp_mode
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set mail_smtpmode --value="sendmail"
+    - name: sendmail_mode
+      ansible.builtin.command: 
+        chdir: ~/html
+        cmd: php occ config:system:set mail_sendmailmode --value="pipe"
+- name: initialize URL rewriting
+  block:
+    - name: rewrite base
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set htaccess.RewriteBase --value='/'
+    - name: update htaccess
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ maintenance:update:htaccess
+- name: initialize cronjob
+  block:
+    - name: update crontab
+      ansible.builtin.cron:
+        name: nextcloud-cron
+        state: present
+        job: php -f $HOME/html/cron.php > $HOME/logs/nextcloud-cron.log 2>&1
+        minute: */5
+    - name: use cronjob for background
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ background:cron
+- name: set up redis
+  block:
+    - name: set redis host
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set redis host --value="/home/{{ uberspace_user }}/.redis/sock"
+    - name: set redis port
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set redis port --value=0
+    - name: set redis timeout
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set redis port --value=1.5
+    - name: enable file locking
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set filelocking.enabled --value='true'
+    - name: use Redis for memcache.locking
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
+    - name: use Redis for memcache.distributed
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
+- name: set default phone region
+  ansible.builtin.command:
+    chdir: ~/html
+    cmd: php occ config:system:set default_phone_region --value='{{ phone_region }}'
+- name: perform database maintenance
+  block:
+    - name: add missing indices
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ db:add-missing-indices --no-interaction
+    - name: add missing columns
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ db:add-missing-columns --no-interaction
+    - name: add missing primary keys
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ db:add-missing-primary-keys --no-interaction
+    - name: convert filecache bigint
+      ansible.builtin.command:
+        chdir: ~/html
+        cmd: php occ db:convert-filecache-bigint --no-interaction
diff --git a/roles/nextcloud/tasks/download.yml b/roles/nextcloud/tasks/download.yml
new file mode 100644
index 0000000..640487d
--- /dev/null
+++ b/roles/nextcloud/tasks/download.yml
@@ -0,0 +1,17 @@
+---
+- name: download Nextcloud and extract archive
+  ansible.builtin.unarchive:
+    src: https://download.nextcloud.com/server/releases/latest.tar.bz2
+    dest: ~/
+    remote_src: yes
+    creates: ~/nextcloud
+  register: nextcloud_archive
+- name: copy files to web root
+  ansible.builtin.copy:
+    src: ~/nextcloud/
+    dest: ~/html
+    remote_src: yes
+- name: remove nocontent.html
+  ansible.builtin.file:
+    path: ~/html/nocontent.html
+    state: absent
\ No newline at end of file
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..2a5ff91
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- include: php.yml
+- include: download.yml
+- include: mysql.yml
+- include: setup.yml
+- include: config.yml
+- include: apps.yml
+- include: prepare_updates.yml
\ No newline at end of file
diff --git a/roles/nextcloud/tasks/mysql.yml b/roles/nextcloud/tasks/mysql.yml
new file mode 100644
index 0000000..266f16c
--- /dev/null
+++ b/roles/nextcloud/tasks/mysql.yml
@@ -0,0 +1,4 @@
+---
+- name: create MySQL database
+  community.mysql.mysql_db:
+    name: {{ uberspace_user }}_nextcloud
diff --git a/roles/nextcloud/tasks/php.yml b/roles/nextcloud/tasks/php.yml
new file mode 100644
index 0000000..6883db8
--- /dev/null
+++ b/roles/nextcloud/tasks/php.yml
@@ -0,0 +1,29 @@
+---
+- name: enable PHP opcache
+  ansible.builtin.template: 
+    src: opcache.j2
+    dest: ~/etc/php.d/opcache.ini
+    mode: 0644
+  notify:
+    - restart php
+- name: enable PHP APCu
+  ansible.builtin.template:
+    src: apcu.j2
+    dest: ~/etc/php.d/apcu.ini
+    mode: 0644
+  notify:
+    - restart php
+- name: set PHP memory limit to 512 MB
+  ansible.builtin.template:
+    src: memory_limit.j2
+    dest: ~/etc/php.d/memory_limit.ini
+    mode: 0644
+  notify:
+    - restart php
+- name: disable PHP output buffering
+  ansible.builtin.template:
+    src: output_buffering.j2
+    dest: ~/etc/php.d/output_buffering.ini
+    mode: 0644
+  notify:
+    - restart php
diff --git a/roles/nextcloud/tasks/prepare_updates.yml b/roles/nextcloud/tasks/prepare_updates.yml
new file mode 100644
index 0000000..439aedc
--- /dev/null
+++ b/roles/nextcloud/tasks/prepare_updates.yml
@@ -0,0 +1,12 @@
+---
+- name: create update script
+  ansible.builtin.template:
+    src: update.j2
+    dest: ~/bin/nextcloud-update
+    mode: 0744
+- name: create cronjob for updates
+  ansible.builtin.cron:
+    name: nextcloud-update
+    state: present
+    job: $HOME/bin/nextcloud-update > $HOME/logs/nextcloud-update.log 2>&1
+    special_time: daily
diff --git a/roles/nextcloud/tasks/setup.yml b/roles/nextcloud/tasks/setup.yml
new file mode 100644
index 0000000..76d51d9
--- /dev/null
+++ b/roles/nextcloud/tasks/setup.yml
@@ -0,0 +1,26 @@
+---
+- name: run installation script
+  ansible.builtin.command:
+    chdir: ~/html
+    cmd: php occ maintenance:install --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_password }}" --database 'mysql' --database-name "{{ uberspace_user }}_nextcloud"  --database-user "{{ uberspace_user }}" --database-pass "{{ mysql_password }}" --data-dir "/home/{{ uberspace_user }}/nextcloud_data"
+    creates: ~/nextcloud_data
+- name: set domain as trusted
+  ansible.builtin.command:
+    chdir: ~/html
+    cmd: php occ config:system:set trusted_domains 0 --value="{{ domain }}"
+- name: set domain as overwrite cli url
+  ansible.builtin.command:
+    chdir: ~/html
+    cmd: php occ config:system:set overwrite.cli.url --value="https://{{ domain }}"
+- name: create symlinks for logs
+  block:
+    - name: symlink for nextcloud log
+      ansible.builtin.file:
+        path: ~/logs/nextcloud.log
+        src: ~/nextcloud_data/nextcloud.log
+        state: link
+    - name: symlink for nextcloud updater log
+      ansible.builtin.file:
+        path: ~/logs/nextcloud-updater.log
+        src: ~/nextcloud_data/updater.log
+        state: link
diff --git a/roles/nextcloud/templates/apcu.j2 b/roles/nextcloud/templates/apcu.j2
new file mode 100644
index 0000000..008bcab
--- /dev/null
+++ b/roles/nextcloud/templates/apcu.j2
@@ -0,0 +1 @@
+apc.enable_cli=1
diff --git a/roles/nextcloud/templates/memory_limit.j2 b/roles/nextcloud/templates/memory_limit.j2
new file mode 100644
index 0000000..3ab26b3
--- /dev/null
+++ b/roles/nextcloud/templates/memory_limit.j2
@@ -0,0 +1 @@
+memory_limit=512M
diff --git a/roles/nextcloud/templates/notify_push_service.j2 b/roles/nextcloud/templates/notify_push_service.j2
new file mode 100644
index 0000000..c822498
--- /dev/null
+++ b/roles/nextcloud/templates/notify_push_service.j2
@@ -0,0 +1,4 @@
+[program:notify_push]
+command=notify_push %(ENV_HOME)s/html/config/config.php
+autostart=yes
+autorestart=yes
\ No newline at end of file
diff --git a/roles/nextcloud/templates/opcache.j2 b/roles/nextcloud/templates/opcache.j2
new file mode 100644
index 0000000..f588f0c
--- /dev/null
+++ b/roles/nextcloud/templates/opcache.j2
@@ -0,0 +1,7 @@
+opcache.enable=1
+opcache.enable_cli=1
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=128
+opcache.save_comments=1
+opcache.revalidate_freq=1
\ No newline at end of file
diff --git a/roles/nextcloud/templates/output_buffering.j2 b/roles/nextcloud/templates/output_buffering.j2
new file mode 100644
index 0000000..4102868
--- /dev/null
+++ b/roles/nextcloud/templates/output_buffering.j2
@@ -0,0 +1 @@
+output_buffering=off
diff --git a/roles/nextcloud/templates/update.j2 b/roles/nextcloud/templates/update.j2
new file mode 100644
index 0000000..7e1129c
--- /dev/null
+++ b/roles/nextcloud/templates/update.j2
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+## Updater automatically works in maintenance:mode.
+## Use the Uberspace backup system for files and database if you need to roll back.
+## The Nextcloud updater creates backups only to safe base and app code data and config files
+## so it takes ressources you might need for your productive data.
+## Deactivate NC-updater Backups with --no-backup (works from 19.0.4, 18.0.10 and 17.0.10)
+php ~/html/updater/updater.phar -vv --no-backup --no-interaction
+
+## re-enable maintenance mode for occ commands
+php ~/html/occ maintenance:mode --on
+
+## database optimisations
+php ~/html/occ db:add-missing-primary-keys --no-interaction
+php ~/html/occ db:add-missing-columns --no-interaction
+php ~/html/occ db:add-missing-indices --no-interaction
+php ~/html/occ db:convert-filecache-bigint --no-interaction
+
+php ~/html/occ app:update --all
+php ~/html/occ maintenance:mode --off
+/usr/sbin/restorecon -R ~/html
+
+## If you have set up the notify_push service uncomment the following line by removing the #
+supervisorctl restart notify_push
diff --git a/roles/redis/meta/main.yml b/roles/redis/meta/main.yml
new file mode 100644
index 0000000..fdda41b
--- /dev/null
+++ b/roles/redis/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common
diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml
new file mode 100644
index 0000000..ec7ef43
--- /dev/null
+++ b/roles/redis/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: create redis directory
+  ansible.builtin.file:
+    path: ~/.redis
+    state: directory
+- name: create config file
+  ansible.builtin.template:
+    src: config.j2
+    dest: ~/.redis/config
+    mode: 0644
+- name: create service configuration
+  ansible.builtin.template:
+    src: redis_service.j2
+    dest: ~/etc/services.d/redis.ini
+    mode: 0644
+  notify:
+    - reload supervisorctl
+    - update supervisorctl 
diff --git a/roles/redis/templates/config.j2 b/roles/redis/templates/config.j2
new file mode 100644
index 0000000..693f82f
--- /dev/null
+++ b/roles/redis/templates/config.j2
@@ -0,0 +1,4 @@
+unixsocket /home/{{ uberspace_user }}/.redis/sock
+daemonize no
+port 0
+save ""
\ No newline at end of file
diff --git a/roles/redis/templates/redis_service.j2 b/roles/redis/templates/redis_service.j2
new file mode 100644
index 0000000..47535c0
--- /dev/null
+++ b/roles/redis/templates/redis_service.j2
@@ -0,0 +1,5 @@
+[program:redis]
+command=redis-server %(ENV_HOME)s/.redis/conf
+directory=%(ENV_HOME)s/.redis
+autostart=yes
+autorestart=yes