diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 000000000..35b312ae6
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,19 @@
+nextcloud_install: True
+nextcloud_enabled: False
+
+nextcloud_url: /nextcloud
+nextcloud_prefix: /opt
+nextcloud_data_dir: /library/nextcloud/data
+nextcloud_dl_url: https://download.nextcloud.com/server/releases/
+nextcloud_src_file: latest-11.tar.bz2
+
+# we install on mysql with these setting or those from default_vars, etc.
+nextcloud_dbname: nextcloud
+nextcloud_dbhost: localhost
+nextcloud_dbuser: nextcloud
+nextcloud_dbpassword: nextcloudmysql
+
+nextcloud_admin_user: 'Admin'
+nextcloud_admin_password: 'changeme'
+
+nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 000000000..94e49405f
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+    - { role: mysql }
diff --git a/roles/nextcloud/tasks/F18.yml b/roles/nextcloud/tasks/F18.yml
new file mode 100644
index 000000000..3aaa1a7e3
--- /dev/null
+++ b/roles/nextcloud/tasks/F18.yml
@@ -0,0 +1,13 @@
+- name: Remove /etc/nextcloud to avoid confusion as we use the config in {{ nextcloud_prefix }}/nextcloud/config/
+  file: path=/etc/nextcloud
+        state=absent
+
+# but we use the tar file to get the latest version; really only benefits the xo4 on fedora 18
+- name: Get the nextcloud software
+  get_url: url="{{ nextcloud_dl_url }}"/{{ nextcloud_src_file }}  dest={{ downloads_dir }}/{{ nextcloud_src_file }}
+  when: not {{ use_cache }} and not {{ no_network }}
+  tags:
+    - download2
+
+- name: Copy it to permanent location /opt
+  unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}  dest=/opt/
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 000000000..3b57f253e
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,108 @@
+# we need to install the rpm in order to get the dependencies
+# but we only need to do this the first time
+
+- name: See if the nextcloud startup page exists
+  stat: path={{ nextcloud_prefix }}/nextcloud/index.php
+  register: nextcloud_page
+
+
+# but we use the tar file to get the latest version
+
+- name: Get the nextcloud software
+  get_url: url={{ nextcloud_dl_url }}/{{ nextcloud_src_file }}  dest={{ downloads_dir }}/{{ nextcloud_src_file }}
+  when: not {{ use_cache }} and not {{ no_network }}
+  async: 300
+  poll: 5
+  tags:
+    - download
+
+- name: Install list of packages  
+  apt: name={{ item }} state=installed
+  with_items:   
+    - libapache2-mod-php5
+    - php5-gd
+    - php5-json
+    - php5-mysql
+    - php5-curl
+    - php5-intl
+    - php5-mcrypt
+    - php5-imagick
+     
+- name: Copy it to permanent location /opt
+  unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}  
+             dest={{ nextcloud_prefix }}
+             creates={{ nextcloud_prefix }}/nextcloud/version.php
+  when: not is_F18
+
+# ansible 1.4.1 does not have "creates"
+- name: Copy it to permanent location /opt
+  unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}  
+             dest={{ nextcloud_prefix }}
+  when: is_F18
+
+- name: in Centos, the following config dir is symlink to /etc/nextcloud
+  file: path=/etc/nextcloud
+        state=directory
+
+- name: Add autoconfig file
+  template: src=autoconfig.php.j2
+            dest={{ nextcloud_prefix }}/nextcloud/config/autoconfig.php
+            owner={{ apache_user }}
+            group=apache
+            mode=0640
+
+- name: Make apache owner
+  file: path={{ nextcloud_prefix }}/nextcloud
+        owner={{ apache_data }}
+        group=apache
+        recurse=yes
+        state=directory
+
+- name: Create data directory library
+  file: path={{ item }}
+        mode=0750
+        owner={{ apache_data}}
+        group=apache
+        state=directory
+  with_items:
+    - "{{ nextcloud_data_dir }}"
+
+- name: Create a mysql database for nextcloud
+  mysql_db: name={{ nextcloud_dbname }}
+  when: mysql_enabled and nextcloud_enabled
+
+- name: Create a user to access the nextcloud database
+  mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT
+  with_items:
+        - "{{ nextcloud_dbhost }}"
+        - 127.0.0.1
+        - ::1
+        - localhost
+  when: mysql_enabled and nextcloud_enabled
+
+- name: Restart apache, so it picks up the new aliases
+  service: name={{ apache_service }} state=restarted
+  when: not nextcloud_enabled
+
+# Enable nextcloud by copying template to httpd config
+
+- include: nextcloud_enabled.yml
+  when: nextcloud_enabled
+
+- name: Add nextcloud to service list
+  ini_file: dest='{{ service_filelist }}'
+            section=nextcloud
+            option='{{ item.option }}'
+            value='{{ item.value }}'
+  with_items:
+    - option: name
+      value: nextcloud
+    - option: description
+      value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
+    - option: path
+      value: "{{ nextcloud_prefix }}/nextcloud"
+    - option: source
+      value: "{{ nextcloud_src_file }}"
+    - option: enabled
+      value: "{{ nextcloud_enabled }}"
+
diff --git a/roles/nextcloud/tasks/nextcloud_enabled.yml b/roles/nextcloud/tasks/nextcloud_enabled.yml
new file mode 100644
index 000000000..6e4ae3c30
--- /dev/null
+++ b/roles/nextcloud/tasks/nextcloud_enabled.yml
@@ -0,0 +1,35 @@
+ # This should go in computed_network.yml, but here for now
+
+- name: Compute nextcloud listen ip addr for nextcloud.conf
+  set_fact:
+     nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
+  when: ansible_default_ipv4.network is defined
+
+- name: Enable nextcloud by copying template to httpd config
+  template: src=nextcloud.conf.j2
+            dest=/etc/{{ apache_config_dir }}/nextcloud.conf
+            owner=root
+            group=root
+            mode=0644
+
+- name: Enable nextcloud
+  file: path=/etc/apache2/sites-enabled/nextcloud.conf
+        src=/etc/apache2/sites-available/nextcloud.conf
+        state=link
+  when: nextcloud_enabled and is_debian
+
+- name: Disable nextcloud
+  file: path=/etc/apache2/sites-enabled/nextcloud.conf
+        state=absent
+  when: not nextcloud_enabled and is_debian
+
+- name: Restart apache, so it picks up the new aliases
+  service: name={{ apache_service }} state=restarted
+
+- name: Run nextcloud initial install wizard
+  shell: curl http://{{ xsce_hostname }}{{ nextcloud_url }}/index.php
+
+- name: Remove Rewrite URL
+  lineinfile: regexp='overwrite.cli.url'
+              state=absent
+              dest="{{ nextcloud_prefix }}/nextcloud/config/config.php"
diff --git a/roles/nextcloud/templates/autoconfig.php.j2 b/roles/nextcloud/templates/autoconfig.php.j2
new file mode 100644
index 000000000..66ef7a0ab
--- /dev/null
+++ b/roles/nextcloud/templates/autoconfig.php.j2
@@ -0,0 +1,28 @@
+<?php
+$AUTOCONFIG = array(
+  'directory'     => '{{ nextcloud_data_dir }}',
+  'trusted_domains' =>
+    array (
+     0 => '{{ xsce_hostname }}.{{ xsce_domain }}',
+     1 => "{{ xsce_hostname }}",
+     2 => 'localhost',
+     3 => 'internet-in-a-box.lan',
+     4 => 'internet-in-a-box',
+     5 => 'schoolserver.lan',
+     6 => 'schoolserver',
+     7 => 'school.lan',
+     8 => 'school',
+     9 => 'box.lan',
+     10 => 'box',
+     11 => '172.18.96.1',
+    ), 
+  'overwrite.cli.url' => 'http://{{ xsce_hostname }}.{{ xsce_domain }}/nextcloud',
+  'dbtype' => 'mysql',
+  'dbname' => '{{ nextcloud_dbname }}',
+  'dbhost' => '{{ nextcloud_dbhost }}',
+  'dbtableprefix' => '',
+  'dbuser' => '{{ nextcloud_dbuser }}',
+  'dbpass' => '{{ nextcloud_dbpassword }}',
+  'adminlogin' => '{{ nextcloud_admin_user }}',
+  'adminpass' => '{{ nextcloud_admin_password }}',
+);
diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
new file mode 100644
index 000000000..bec146a9d
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -0,0 +1,38 @@
+Alias {{ nextcloud_url }} {{ nextcloud_prefix}}/nextcloud
+
+<Directory {{ nextcloud_prefix }}/nextcloud/>
+    Options -Indexes
+
+    <IfModule mod_authz_core.c>
+    # Apache 2.4
+    Require host localhost
+    Require ip 127.0.0.1 {{lan_ip}}/{{lan_netmask}} {{ nextcloud_required_ip }}
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+    # Apache 2.2
+    Order Deny,Allow
+    Deny from all
+    Allow from 127.0.0.1
+    Allow from ::1
+    </IfModule>
+
+    ErrorDocument 404 /core/templates/404.php
+
+    <IfModule mod_php5.c>
+    php_value upload_max_filesize 512M
+    php_value post_max_size 512M
+    php_value memory_limit 512M
+    php_value mbstring.func_overload 0
+    </IfModule>
+
+    SetEnv htaccessWorking true
+
+    <IfModule pagespeed_module>
+    ModPagespeed Off
+    </IfModule>
+
+    RewriteEngine on
+    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
+    RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
+    RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
+</Directory>