diff --git a/group_vars/all.yml b/group_vars/all.yml
index 8677bcb..491c13f 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -34,7 +34,7 @@ security_autoupdate_reboot: false
 security_autoupdate_reboot_time: "03:00"
 security_autoupdate_mail_to: "service@softbox.de"
 security_autoupdate_mail_on_error: false
-security_fail2ban_enabled: false
+security_fail2ban_enabled: true
 security_fail2ban_custom_configuration_template: "jail.local.j2"
 ###
 #packages
diff --git a/group_vars/nextcloud.yml b/group_vars/nextcloud.yml
new file mode 100644
index 0000000..7ecbbdf
--- /dev/null
+++ b/group_vars/nextcloud.yml
@@ -0,0 +1,2 @@
+hostname: cloud.softbox-rz.lan
+php_version: 8.2
diff --git a/roles/lamp/defaults/main.yml b/roles/lamp/defaults/main.yml
deleted file mode 100644
index 1641f00..0000000
--- a/roles/lamp/defaults/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-site_conf: example.com.conf
-php_verison: "8.4"
-mysql_db_name: mysql
-mysql_db_user: mysql
-web_root: "/var/www/{{ hostname }}"
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 0000000..515ebc2
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,5 @@
+site_conf: cloud.conf
+php_verison: "8.4"
+mysql_db_name: nextcloud
+mysql_db_user: nextcloud
+web_root: "/var/www/nextcloud"
diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml
new file mode 100644
index 0000000..af398e8
--- /dev/null
+++ b/roles/nextcloud/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted
diff --git a/roles/lamp/tasks/apache.yml b/roles/nextcloud/tasks/apache.yml
similarity index 92%
rename from roles/lamp/tasks/apache.yml
rename to roles/nextcloud/tasks/apache.yml
index be82530..f4ff72e 100644
--- a/roles/lamp/tasks/apache.yml
+++ b/roles/nextcloud/tasks/apache.yml
@@ -22,9 +22,9 @@
     mode: 0644
   notify: restart apache
 
-- name: Enable the ownCloud site.
+- name: Enable the Nextcloud site.
   command: >
-    a2ensite owncloud.dav
+    a2ensite {{ site_conf }}
     creates="/etc/apache2/sites-enabled/{{ site_conf }}"
   notify: restart apache
 
diff --git a/roles/lamp/tasks/dependencies.yml b/roles/nextcloud/tasks/dependencies.yml
similarity index 71%
rename from roles/lamp/tasks/dependencies.yml
rename to roles/nextcloud/tasks/dependencies.yml
index 7bf90bd..796c0d2 100644
--- a/roles/lamp/tasks/dependencies.yml
+++ b/roles/nextcloud/tasks/dependencies.yml
@@ -7,10 +7,16 @@
       - python3-pycurl
       - python3-pymysql
 
-- name: Add ondrej repository for later versions of PHP.
-  apt_repository:
-    repo: "ppa:ondrej/php"
-    update_cache: yes
+#- name: Add ondrej repository for later versions of PHP.
+#  apt_repository:
+#    repo: "ppa:ondrej/php"
+#    update_cache: yes
+
+#sudo dpkg -l | grep php | tee packages.txt
+#sudo apt install apt-transport-https lsb-release ca-certificates wget -y
+#sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+#sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
+#sudo apt update
 
 - name: "Install Apache, MySQL, PHP, and other dependencies."
   apt:
@@ -26,7 +32,7 @@
       - mariadb-server
       - libpcre3-dev
       - apache2
-      - "libapache2-mod-php{{ php_version }}"
+      - "libapache2-mod-php"
       - "php{{ php_version }}"
       - "php{{ php_version }}-imagick"
       - "php{{ php_version }}-common"
@@ -34,7 +40,7 @@
       - "php{{ php_version }}-gd"
       - "php{{ php_version }}-imap"
       - "php{{ php_version }}-intl"
-      - "php{{ php_version }}-json"
+      #- "php{{ php_version }}-json"
       - "php{{ php_version }}-mbstring"
       - "php{{ php_version }}-gmp"
       - "php{{ php_version }}-bcmath"
@@ -45,7 +51,7 @@
       - "php{{ php_version }}-apcu"
       - "php{{ php_version }}-redis"
       - "php{{ php_version }}-ldap"
-      - "php{{ php_version }}-smbclient"
+      #- "php{{ php_version }}-smbclient"
       - php-phpseclib
       - bzip2
       - rsync
diff --git a/roles/lamp/tasks/main.yml b/roles/nextcloud/tasks/main.yml
similarity index 66%
rename from roles/lamp/tasks/main.yml
rename to roles/nextcloud/tasks/main.yml
index aaa4839..7dce4ad 100644
--- a/roles/lamp/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -14,3 +14,11 @@
 - name: Configure MySQL.
   include_tasks:
     file: mysql.yml
+
+- name: Create occ helper script.
+  include_tasks:
+    file: occ.yml
+
+- name: Download Nextcloud.
+  include_tasks:
+    file: nextcloud.yml
diff --git a/roles/lamp/tasks/mysql.yml b/roles/nextcloud/tasks/mysql.yml
similarity index 100%
rename from roles/lamp/tasks/mysql.yml
rename to roles/nextcloud/tasks/mysql.yml
diff --git a/roles/nextcloud/tasks/nextcloud.yml b/roles/nextcloud/tasks/nextcloud.yml
new file mode 100644
index 0000000..c78af24
--- /dev/null
+++ b/roles/nextcloud/tasks/nextcloud.yml
@@ -0,0 +1,13 @@
+---
+- name: Download Nextcloud source.
+  ansible.builtin.get_url:
+    url: https://download.nextcloud.com/server/releases/latest.tar.bz2
+    dest: "/tmp/nextcloud-complete-latest.tar.bz2"
+    owner: www-data
+
+- name: Extract the archive.
+  ansible.builtin.unarchive:
+    src: "/tmp/nextcloud-complete-latest.tar.bz2"
+    dest: "/var/www/"
+    owner: www-data
+    remote_src: yes
diff --git a/roles/nextcloud/tasks/occ.yml b/roles/nextcloud/tasks/occ.yml
new file mode 100644
index 0000000..f53ad67
--- /dev/null
+++ b/roles/nextcloud/tasks/occ.yml
@@ -0,0 +1,7 @@
+- name: Create a helper script for running occ commands.
+  template:
+    src: "templates/occ.j2"
+    dest: "/usr/local/bin/occ"
+    owner: root
+    group: root
+    mode: 0755
diff --git a/roles/lamp/tasks/php.yml b/roles/nextcloud/tasks/php.yml
similarity index 84%
rename from roles/lamp/tasks/php.yml
rename to roles/nextcloud/tasks/php.yml
index c693adf..bbe8140 100644
--- a/roles/lamp/tasks/php.yml
+++ b/roles/nextcloud/tasks/php.yml
@@ -1,7 +1,7 @@
 ---
 - name: Adjust OpCache memory setting.
   lineinfile:
-    dest: "/etc/php/7.4/apache2/conf.d/10-opcache.ini"
+    dest: "/etc/php/{{ php_version }}/apache2/conf.d/10-opcache.ini"
     regexp: "^opcache.memory_consumption"
     line: "opcache.memory_consumption = 96"
     state: present
diff --git a/roles/lamp/templates/example.com.conf.j2 b/roles/nextcloud/templates/cloud.conf.j2
similarity index 71%
rename from roles/lamp/templates/example.com.conf.j2
rename to roles/nextcloud/templates/cloud.conf.j2
index 62957b2..f44fc6f 100644
--- a/roles/lamp/templates/example.com.conf.j2
+++ b/roles/nextcloud/templates/cloud.conf.j2
@@ -3,7 +3,7 @@ ServerName {{ hostname }}
 DirectoryIndex index.php index.html
 DocumentRoot {{ web_root }}
 <Directory {{ web_root }}>
-  Options +FollowSymlinks -Indexes
+  Options FollowSymLinks MultiViews
   AllowOverride All
   Require all granted
 
@@ -11,7 +11,7 @@ DocumentRoot {{ web_root }}
   Dav off
  </IfModule>
 
- SetEnv HOME {{ web_root }}
- SetEnv HTTP_HOME {{ web_root }}
+ #SetEnv HOME {{ web_root }}
+ #SetEnv HTTP_HOME {{ web_root }}
 </Directory>
 </VirtualHost>
diff --git a/roles/nextcloud/templates/occ.j2 b/roles/nextcloud/templates/occ.j2
new file mode 100644
index 0000000..20f6ed4
--- /dev/null
+++ b/roles/nextcloud/templates/occ.j2
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd /var/www/nextcloud || exit
+sudo -E -u www-data /usr/bin/php /var/www/nextcloud/occ "$@"
diff --git a/run.yml b/run.yml
index 4bc04d1..765ff19 100644
--- a/run.yml
+++ b/run.yml
@@ -48,4 +48,4 @@
   roles:
     - role: geerlingguy.security
     #- role: geerlingguy.ntp ## NEEDED?
-    - role: lamp
+    - role: nextcloud
diff --git a/vars/vault.yml b/vars/vault.yml
index 60d84d5..6a9e7d6 100644
--- a/vars/vault.yml
+++ b/vars/vault.yml
@@ -1,14 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-64313562613766336237383361623333393830336465653361646334323034643831393230393737
-6538353232666230373434626365373632366265346230340a643739373735643232376564323335
-38613365393833316661643332303965653530393834653062636665613835353565643232373432
-3434333936396637340a613163333161393239636435633761316639666531633065323761333263
-62323930333162323137643939616266326333613034303339653762663566323862356136393665
-63653335396434613738626164653437613639336436613362666434343565343866336237633561
-36356139363939323635643862333730633638633139653364363435393761653131636635383765
-61663933376333663262373739643337336232323166306239616564363931366535626638626534
-66376436323735373634333164653437393830386333303034326461383062653930366437636234
-38626632653236346233636163646435313034656534623134626366663466636335313236323837
-35636531616531663663393636663735643236323234633833386463666131333036343562646539
-33343331646463613661316637653236633362393333346535376161626365643433616138663565
-3838
+31353435633062366461353231666566366662373733656337356339626234313966366139613161
+3533646266393033316330323737303638303162356161610a393337313837653835396162633030
+30313066326337393831643833663237643966383163363866386133373264373933633133653462
+6636376563336433640a356231363764363834626431616435633436306662313932313164623733
+62383062653166613661303939346135643661646630386532306161393365393133626164303337
+31623962623931353365346365623333386638313266356131326565613730303338643863396237
+39353261616339356563393236633232646361326234333533643338656331623732636432383434
+63653963336333366462366562633631336636643935646632323031666366633136383732643733
+63366433363136666131386434333431333062363238633064646336626463623730616238646136
+31333839623538306161393862306231656466613231326165666562616432363136396332646533
+30663130336438623463336333343830656138316236353963373833386434393337356262313934
+63323030323837373066323337363633636236353931643636643337393161303965613438363638
+3532