diff --git a/roles/podman_nextcloud/files/cloud.conf b/roles/podman_nextcloud/files/cloud.conf
new file mode 100644
index 0000000..d22afe2
--- /dev/null
+++ b/roles/podman_nextcloud/files/cloud.conf
@@ -0,0 +1,94 @@
+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  upstream backend {
+      server nextcloud-php:9000;
+  }
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  server {
+    listen 80;
+
+    # Add headers to serve security related headers
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy 'same-origin';
+
+    root /var/www/html;
+    client_max_body_size 16G; # 0=unlimited - set max upload size
+    fastcgi_buffers 64 4K;
+
+    gzip off;
+
+    index index.php;
+    error_page 403 /core/templates/403.php;
+    error_page 404 /core/templates/404.php;
+
+    rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
+    rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
+    rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger permanent;
+    rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo permanent;
+
+    location = /robots.txt {
+      allow all;
+      log_not_found off;
+      access_log off;
+    }
+
+    location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
+      deny all;
+    }
+
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+      deny all;
+    }
+
+    location / {
+      rewrite ^/remote/(.*) /remote.php last;
+      rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+      try_files $uri $uri/ =404;
+    }
+
+    location ~ \.php(?:$|/) {
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
+      include fastcgi_params;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_param PATH_INFO $fastcgi_path_info;
+      fastcgi_param HTTPS on;
+      fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+      fastcgi_pass backend;
+      fastcgi_intercept_errors on;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the location ~ \.php(?:$|/) { block
+    location ~* \.(?:css|js)$ {
+      add_header Cache-Control "public, max-age=7200";
+      # Add headers to serve security related headers
+      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+      add_header X-Content-Type-Options nosniff;
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Robots-Tag none;
+      add_header X-Download-Options noopen;
+      add_header X-Permitted-Cross-Domain-Policies none;
+      # Optional: Don't log access to assets
+      access_log off;
+    }
+
+    # Optional: Don't log access to other assets
+    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
+      access_log off;
+    }
+  }
+}
diff --git a/roles/podman_nextcloud/tasks/main.yml b/roles/podman_nextcloud/tasks/main.yml
new file mode 100644
index 0000000..854cb6b
--- /dev/null
+++ b/roles/podman_nextcloud/tasks/main.yml
@@ -0,0 +1,83 @@
+---
+- name: Create volumes
+  containers.podman.podman_volume:
+    name: "{{ item }}"
+    state: present
+    recreate: false
+  loop:
+    - nextcloud_database
+    - nextcloud_storage
+
+- name: Copy nginx configuration
+  ansible.builtin.copy:
+    src: cloud.conf
+    dest: "{{ ansible_user_dir }}/nextcloud_nginx.conf"
+    mode: u=rw,g=r,o=r
+    seuser: system_u
+    serole: object_r
+    setype: container_file_t
+
+- name: Create network
+  containers.podman.podman_network:
+    name: webnet
+    state: present
+    recreate: false
+    disable_dns: true
+
+- name: Create pod
+  containers.podman.podman_pod:
+    name: nextcloud
+    state: started
+    network: webnet
+    recreate: false
+    publish:
+      - 8080:80
+
+
+- name: Create database container
+  containers.podman.podman_container:
+    name: nextcloud-db
+    state: started
+    image: docker.io/library/mariadb:latest
+    pod: nextcloud
+    recreate: false
+    volumes:
+      - "nextcloud_database:/var/lib/mysql:Z"
+    env:
+      MYSQL_ROOT_PASSWORD: "{{ nc_db_root_secret }}"
+      MYSQL_DATABASE: ncdb
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: "{{ nc_db_secret }}"
+    command:
+      - '--skip-innodb-read-only-compressed'
+      - '--character-set-server=utf8mb4'
+      - '--collation-server=utf8mb4_unicode_ci'
+
+- name: Create FPM container
+  containers.podman.podman_container:
+    name: nextcloud-php
+    state: started
+    image: docker.io/library/nextcloud:fpm
+    pod: nextcloud
+    recreate: false
+    volumes:
+      - "nextcloud_storage:/var/www/html:Z"
+    env:
+      MYSQL_DATABASE: ncdb
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: "{{ nc_db_secret }}"
+      MYSQL_HOST: nextcloud-db
+
+- name: Create webserver container
+  containers.podman.podman_container:
+    name: nextcloud-web
+    state: started
+    image: docker.io/library/nginx:latest
+    pod: nextcloud
+    recreate: false
+    volumes:
+      - "{{ ansible_user_dir }}/nextcloud_nginx.conf:/etc/nginx/nginx.conf:Z"
+    volumes_from:
+      - nextcloud-php
+    env:
+      VIRTUAL_HOST: "{{ nextcloud_domain }}"