diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 000000000..35b312ae6
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,19 @@
+nextcloud_install: True
+nextcloud_enabled: False
+
+nextcloud_url: /nextcloud
+nextcloud_prefix: /opt
+nextcloud_data_dir: /library/nextcloud/data
+nextcloud_dl_url: https://download.nextcloud.com/server/releases/
+nextcloud_src_file: latest-11.tar.bz2
+
+# we install on mysql with these setting or those from default_vars, etc.
+nextcloud_dbname: nextcloud
+nextcloud_dbhost: localhost
+nextcloud_dbuser: nextcloud
+nextcloud_dbpassword: nextcloudmysql
+
+nextcloud_admin_user: 'Admin'
+nextcloud_admin_password: 'changeme'
+
+nextcloud_required_ip: 10.0.0.0/8 192.168.0.0/16
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 000000000..94e49405f
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: mysql }
diff --git a/roles/nextcloud/tasks/F18.yml b/roles/nextcloud/tasks/F18.yml
new file mode 100644
index 000000000..3aaa1a7e3
--- /dev/null
+++ b/roles/nextcloud/tasks/F18.yml
@@ -0,0 +1,13 @@
+- name: Remove /etc/nextcloud to avoid confusion as we use the config in {{ nextcloud_prefix }}/nextcloud/config/
+ file: path=/etc/nextcloud
+ state=absent
+
+# but we use the tar file to get the latest version; really only benefits the xo4 on fedora 18
+- name: Get the nextcloud software
+ get_url: url="{{ nextcloud_dl_url }}"/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }}
+ when: not {{ use_cache }} and not {{ no_network }}
+ tags:
+ - download2
+
+- name: Copy it to permanent location /opt
+ unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }} dest=/opt/
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 000000000..3b57f253e
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,108 @@
+# we need to install the rpm in order to get the dependencies
+# but we only need to do this the first time
+
+- name: See if the nextcloud startup page exists
+ stat: path={{ nextcloud_prefix }}/nextcloud/index.php
+ register: nextcloud_page
+
+
+# but we use the tar file to get the latest version
+
+- name: Get the nextcloud software
+ get_url: url={{ nextcloud_dl_url }}/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }}
+ when: not {{ use_cache }} and not {{ no_network }}
+ async: 300
+ poll: 5
+ tags:
+ - download
+
+- name: Install list of packages
+ apt: name={{ item }} state=installed
+ with_items:
+ - libapache2-mod-php5
+ - php5-gd
+ - php5-json
+ - php5-mysql
+ - php5-curl
+ - php5-intl
+ - php5-mcrypt
+ - php5-imagick
+
+- name: Copy it to permanent location /opt
+ unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}
+ dest={{ nextcloud_prefix }}
+ creates={{ nextcloud_prefix }}/nextcloud/version.php
+ when: not is_F18
+
+# ansible 1.4.1 does not have "creates"
+- name: Copy it to permanent location /opt
+ unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}
+ dest={{ nextcloud_prefix }}
+ when: is_F18
+
+- name: in Centos, the following config dir is symlink to /etc/nextcloud
+ file: path=/etc/nextcloud
+ state=directory
+
+- name: Add autoconfig file
+ template: src=autoconfig.php.j2
+ dest={{ nextcloud_prefix }}/nextcloud/config/autoconfig.php
+ owner={{ apache_user }}
+ group=apache
+ mode=0640
+
+- name: Make apache owner
+ file: path={{ nextcloud_prefix }}/nextcloud
+ owner={{ apache_data }}
+ group=apache
+ recurse=yes
+ state=directory
+
+- name: Create data directory library
+ file: path={{ item }}
+ mode=0750
+ owner={{ apache_data}}
+ group=apache
+ state=directory
+ with_items:
+ - "{{ nextcloud_data_dir }}"
+
+- name: Create a mysql database for nextcloud
+ mysql_db: name={{ nextcloud_dbname }}
+ when: mysql_enabled and nextcloud_enabled
+
+- name: Create a user to access the nextcloud database
+ mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT
+ with_items:
+ - "{{ nextcloud_dbhost }}"
+ - 127.0.0.1
+ - ::1
+ - localhost
+ when: mysql_enabled and nextcloud_enabled
+
+- name: Restart apache, so it picks up the new aliases
+ service: name={{ apache_service }} state=restarted
+ when: not nextcloud_enabled
+
+# Enable nextcloud by copying template to httpd config
+
+- include: nextcloud_enabled.yml
+ when: nextcloud_enabled
+
+- name: Add nextcloud to service list
+ ini_file: dest='{{ service_filelist }}'
+ section=nextcloud
+ option='{{ item.option }}'
+ value='{{ item.value }}'
+ with_items:
+ - option: name
+ value: nextcloud
+ - option: description
+ value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
+ - option: path
+ value: "{{ nextcloud_prefix }}/nextcloud"
+ - option: source
+ value: "{{ nextcloud_src_file }}"
+ - option: enabled
+ value: "{{ nextcloud_enabled }}"
+
diff --git a/roles/nextcloud/tasks/nextcloud_enabled.yml b/roles/nextcloud/tasks/nextcloud_enabled.yml
new file mode 100644
index 000000000..6e4ae3c30
--- /dev/null
+++ b/roles/nextcloud/tasks/nextcloud_enabled.yml
@@ -0,0 +1,35 @@
+ # This should go in computed_network.yml, but here for now
+
+- name: Compute nextcloud listen ip addr for nextcloud.conf
+ set_fact:
+ nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
+ when: ansible_default_ipv4.network is defined
+
+- name: Enable nextcloud by copying template to httpd config
+ template: src=nextcloud.conf.j2
+ dest=/etc/{{ apache_config_dir }}/nextcloud.conf
+ owner=root
+ group=root
+ mode=0644
+
+- name: Enable nextcloud
+ file: path=/etc/apache2/sites-enabled/nextcloud.conf
+ src=/etc/apache2/sites-available/nextcloud.conf
+ state=link
+ when: nextcloud_enabled and is_debian
+
+- name: Disable nextcloud
+ file: path=/etc/apache2/sites-enabled/nextcloud.conf
+ state=absent
+ when: not nextcloud_enabled and is_debian
+
+- name: Restart apache, so it picks up the new aliases
+ service: name={{ apache_service }} state=restarted
+
+- name: Run nextcloud initial install wizard
+ shell: curl http://{{ xsce_hostname }}{{ nextcloud_url }}/index.php
+
+- name: Remove Rewrite URL
+ lineinfile: regexp='overwrite.cli.url'
+ state=absent
+ dest="{{ nextcloud_prefix }}/nextcloud/config/config.php"
diff --git a/roles/nextcloud/templates/autoconfig.php.j2 b/roles/nextcloud/templates/autoconfig.php.j2
new file mode 100644
index 000000000..66ef7a0ab
--- /dev/null
+++ b/roles/nextcloud/templates/autoconfig.php.j2
@@ -0,0 +1,28 @@
+ '{{ nextcloud_data_dir }}',
+ 'trusted_domains' =>
+ array (
+ 0 => '{{ xsce_hostname }}.{{ xsce_domain }}',
+ 1 => "{{ xsce_hostname }}",
+ 2 => 'localhost',
+ 3 => 'internet-in-a-box.lan',
+ 4 => 'internet-in-a-box',
+ 5 => 'schoolserver.lan',
+ 6 => 'schoolserver',
+ 7 => 'school.lan',
+ 8 => 'school',
+ 9 => 'box.lan',
+ 10 => 'box',
+ 11 => '172.18.96.1',
+ ),
+ 'overwrite.cli.url' => 'http://{{ xsce_hostname }}.{{ xsce_domain }}/nextcloud',
+ 'dbtype' => 'mysql',
+ 'dbname' => '{{ nextcloud_dbname }}',
+ 'dbhost' => '{{ nextcloud_dbhost }}',
+ 'dbtableprefix' => '',
+ 'dbuser' => '{{ nextcloud_dbuser }}',
+ 'dbpass' => '{{ nextcloud_dbpassword }}',
+ 'adminlogin' => '{{ nextcloud_admin_user }}',
+ 'adminpass' => '{{ nextcloud_admin_password }}',
+);
diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
new file mode 100644
index 000000000..bec146a9d
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -0,0 +1,38 @@
+Alias {{ nextcloud_url }} {{ nextcloud_prefix}}/nextcloud
+
+
+ Options -Indexes
+
+
+ # Apache 2.4
+ Require host localhost
+ Require ip 127.0.0.1 {{lan_ip}}/{{lan_netmask}} {{ nextcloud_required_ip }}
+
+
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.1
+ Allow from ::1
+
+
+ ErrorDocument 404 /core/templates/404.php
+
+
+ php_value upload_max_filesize 512M
+ php_value post_max_size 512M
+ php_value memory_limit 512M
+ php_value mbstring.func_overload 0
+
+
+ SetEnv htaccessWorking true
+
+
+ ModPagespeed Off
+
+
+ RewriteEngine on
+ RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last]
+ RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R]
+ RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R]
+