diff --git a/roles/authelia-for-owncloud/defaults/main.json b/roles/authelia-for-owncloud/defaults/main.json
new file mode 100644
index 0000000..df89782
--- /dev/null
+++ b/roles/authelia-for-owncloud/defaults/main.json
@@ -0,0 +1,11 @@
+{
+	"var_authelia_for_owncloud_owncloud_url_base": "https://owncloud.example.org",
+	"var_authelia_for_owncloud_web_client_id": "owncloud_web",
+	"var_authelia_for_owncloud_web_client_secret": "REPLACE_ME",
+	"var_authelia_for_owncloud_desktop_client_id": "owncloud_desktop",
+	"var_authelia_for_owncloud_desktop_client_secret": "REPLACE_ME",
+	"var_authelia_for_owncloud_android_client_id": "owncloud_android",
+	"var_authelia_for_owncloud_android_client_secret": "REPLACE_ME",
+	"var_authelia_for_owncloud_ios_client_id": "owncloud_ios",
+	"var_authelia_for_owncloud_ios_client_secret": "REPLACE_ME"
+}
diff --git a/roles/authelia-for-owncloud/info.md b/roles/authelia-for-owncloud/info.md
new file mode 100644
index 0000000..2ef0452
--- /dev/null
+++ b/roles/authelia-for-owncloud/info.md
@@ -0,0 +1,9 @@
+## Beschreibung
+
+Um [ownCloud](../owncloud) gegen [Authelia](../authelia) authentifizieren zu lassen
+
+
+## Verweise
+
+- [Authelia-Dokumentation | ownCloud Infinite Scale Integration](https://www.authelia.com/integration/openid-connect/ocis/)
+- [Helge Klein | SSO via Authelia: ownCloud OpenID Connect Authentication](https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/#sso-via-authelia-owncloud-openid-connect-authentication)
diff --git a/roles/authelia-for-owncloud/tasks/main.json b/roles/authelia-for-owncloud/tasks/main.json
new file mode 100644
index 0000000..1272bc8
--- /dev/null
+++ b/roles/authelia-for-owncloud/tasks/main.json
@@ -0,0 +1,31 @@
+[
+	{
+		"name": "configuration | emplace",
+		"become": true,
+		"loop": [
+			{"src": "authelia-client-conf-web.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-web.json"},
+			{"src": "authelia-client-conf-desktop.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"},
+			{"src": "authelia-client-conf-android.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-android.json"},
+			{"src": "authelia-client-conf-ios.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"}
+		],
+		"ansible.builtin.template": {
+			"src": "{{item.src}}",
+			"dest": "{{item.dest}}"
+		}
+	},
+	{
+		"name": "configuration | apply",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "/usr/bin/authelia-conf-compose"
+		}
+	},
+	{
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "authelia"
+		}
+	}
+]
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2
new file mode 100644
index 0000000..2540ac2
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2
@@ -0,0 +1,15 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_android_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_android_client_secret}}",
+	"client_name": "ownCloud Android app",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"oc://android.owncloud.com"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2
new file mode 100644
index 0000000..1a8088d
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2
@@ -0,0 +1,16 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_desktop_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_desktop_client_secret}}",
+	"client_name": "ownCloud desktop client",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"http://127.0.0.1",
+		"http://localhost"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2
new file mode 100644
index 0000000..9c4a2f0
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2
@@ -0,0 +1,16 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_ios_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_ios_client_secret}}",
+	"client_name": "ownCloud iOS app",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"oc://ios.owncloud.com",
+		"oc.ios://ios.owncloud.com"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2
new file mode 100644
index 0000000..2887eaf
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2
@@ -0,0 +1,11 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_web_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_web_client_secret}}",
+	"client_name": "ownCloud Infinite Scale",
+	"public": true,
+	"redirect_uris": [
+		"{{var_authelia_for_owncloud_owncloud_url_base}}",
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html",
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html"
+	]
+}
diff --git a/roles/owncloud-and-nginx/defaults/main.json b/roles/owncloud-and-nginx/defaults/main.json
new file mode 100644
index 0000000..c9d2b8f
--- /dev/null
+++ b/roles/owncloud-and-nginx/defaults/main.json
@@ -0,0 +1,3 @@
+{
+	"var_owncloud_and_nginx_domain": "owncloud.example.org"
+}
diff --git a/roles/owncloud-and-nginx/tasks/main.json b/roles/owncloud-and-nginx/tasks/main.json
new file mode 100644
index 0000000..004dfa3
--- /dev/null
+++ b/roles/owncloud-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_owncloud_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/roles/owncloud-and-nginx/templates/conf.j2 b/roles/owncloud-and-nginx/templates/conf.j2
new file mode 100644
index 0000000..77e4eaf
--- /dev/null
+++ b/roles/owncloud-and-nginx/templates/conf.j2
@@ -0,0 +1,16 @@
+server {
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	
+	server_name {{var_owncloud_and_nginx_domain}};
+	
+	ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_owncloud_and_nginx_domain}}.pem;
+	include /etc/nginx/ssl-hardening.conf;
+	
+	location / {
+		proxy_pass http://localhost:9200;
+	}
+}
diff --git a/roles/owncloud/defaults/main.json b/roles/owncloud/defaults/main.json
new file mode 100644
index 0000000..a4e3063
--- /dev/null
+++ b/roles/owncloud/defaults/main.json
@@ -0,0 +1,20 @@
+{
+	"var_owncloud_user": "owncloud",
+	"var_owncloud_directory": "/opt/owncloud",
+	"var_owncloud_version": "5.0.0",
+	"var_owncloud_platform": "linux-amd64",
+	"var_owncloud_admin_password": "REPLACE_ME",
+	"var_owncloud_authentication_kind": "none",
+	"var_owncloud_authentication_data_authelia_url_base": "https://authelia.example.org",
+	"var_owncloud_authentication_data_authelia_web_client_id": "owncloud_web",
+	"var_owncloud_authentication_data_authelia_web_client_secret": "REPLACE_ME",
+	"var_owncloud_authentication_data_authelia_desktop_client_id": "owncloud_desktop",
+	"var_owncloud_authentication_data_authelia_desktop_client_secret": "REPLACE_ME",
+	"var_owncloud_authentication_data_authelia_android_client_id": "owncloud_android",
+	"var_owncloud_authentication_data_authelia_android_client_secret": "REPLACE_ME",
+	"var_owncloud_authentication_data_authelia_ios_client_id": "owncloud_ios",
+	"var_owncloud_authentication_data_authelia_ios_client_secret": "REPLACE_ME",
+	"var_owncloud_bind_password": "XJY1n3yakq.ko8fO&Ysl3YBiCMslIMd4",
+	"var_owncloud_account_id": "a2b6ad84-a728-44d3-bc4c-07f8b275d7ba",
+	"var_owncloud_account_secret": "7ivhMgFMakmZeGdhgne5rMUi*.1FVy4A"
+}
diff --git a/roles/owncloud/info.md b/roles/owncloud/info.md
new file mode 100644
index 0000000..9bfee3e
--- /dev/null
+++ b/roles/owncloud/info.md
@@ -0,0 +1,15 @@
+## Beschreibung
+
+Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infinite Scale")
+
+
+## Verweise
+
+- [GitHub | ocis](https://github.com/rhafer/ocis/)
+- [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/)
+- [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/)
+
+
+## ToDo
+
+- Downlowd prüfen
diff --git a/roles/owncloud/tasks/main.json b/roles/owncloud/tasks/main.json
new file mode 100644
index 0000000..f7c8c3b
--- /dev/null
+++ b/roles/owncloud/tasks/main.json
@@ -0,0 +1,47 @@
+[
+	{
+		"name": "user",
+		"become": true,
+		"ansible.builtin.user": {
+			"name": "{{var_owncloud_user}}",
+			"create_home": true,
+			"home": "{{var_owncloud_directory}}"
+		}
+	},
+	{
+		"name": "download",
+		"become": true,
+		"become_user": "{{var_owncloud_user}}",
+		"ansible.builtin.get_url": {
+			"url": "https://download.owncloud.com/ocis/ocis/stable/{{var_owncloud_version}}/ocis-{{var_owncloud_version}}-{{var_owncloud_platform}}",
+			"dest": "{{var_owncloud_directory}}/ocis",
+			"mode": "u+rx"
+		}
+	},
+	{
+		"name": "setup",
+		"become": true,
+		"become_user": "{{var_owncloud_user}}",
+		"ansible.builtin.shell": {
+			"chdir": "{{var_owncloud_directory}}",
+			"cmd": "./ocis --insecure no --admin-password={{var_owncloud_admin_password}}"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd_unit.j2",
+			"dest": "/etc/systemd/system/owncloud.service"
+		}
+	},
+	{
+		"name": "run",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"name": "owncloud",
+			"enabled": true,
+			"state": "restarted"
+		}
+	}
+]
diff --git a/roles/owncloud/templates/ocis.yaml.j2 b/roles/owncloud/templates/ocis.yaml.j2
new file mode 100644
index 0000000..89254ff
--- /dev/null
+++ b/roles/owncloud/templates/ocis.yaml.j2
@@ -0,0 +1,136 @@
+token_manager:
+  jwt_secret: cv95NuKbq9zKlbmE-5H6fv*A2gRqzY1y
+machine_auth_api_key: BgY2%q1L2BwQTxqJpaWfbjHWzl@QAHGA
+system_user_api_key: kGnoApWytP%Bt&kn!H2nAMOBqZhKM!f3
+transfer_secret: X8THQbAA-rFfTskAaZdf936vnd9UpodR
+system_user_id: 2c56ae2c-881f-49a8-827b-c804d8ccb962
+admin_user_id: 253c3a04-5bb2-46de-bd4a-6d19dbbb50da
+graph:
+  application:
+    id: 5251ba75-4a4f-4713-bed0-18ddb5328793
+  events:
+    tls_insecure: true
+  spaces:
+    insecure: true
+  identity:
+    ldap:
+      bind_password: jqwCl3ix*wexA^SOIg=wiRF#&DIfezAf
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+idp:
+  ldap:
+    bind_password: BYd$k0lmb=.=T7NOGk.$^XKYKY13kHbh
+idm:
+  service_user_passwords:
+    admin_password: foobar
+    idm_password: jqwCl3ix*wexA^SOIg=wiRF#&DIfezAf
+    reva_password: {{var_owncloud_bind_password}}
+    idp_password: BYd$k0lmb=.=T7NOGk.$^XKYKY13kHbh
+proxy:
+  oidc:
+{% if var_owncloud_authentication_kind == 'none' %}
+    insecure: true
+{% endif %}
+{% if var_owncloud_authentication_kind == 'authelia' %}
+    insecure: false
+    issuer: "{{var_owncloud_authentication_data_authelia_url_base}}"
+    access_token_verify_method: none
+    rewrite_wellknown: true
+{% endif %}
+  user:
+    oidc:
+      claim: preferred_username
+  insecure_backends: true
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+frontend:
+  app_handler:
+    insecure: true
+  archiver:
+    insecure: true
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+auth_basic:
+  auth_providers:
+    ldap:
+      bind_password: {{var_owncloud_bind_password}}
+auth_bearer:
+  auth_providers:
+    oidc:
+      insecure: true
+users:
+  drivers:
+    ldap:
+      bind_password: {{var_owncloud_bind_password}}
+groups:
+  drivers:
+    ldap:
+      bind_password: {{var_owncloud_bind_password}}
+ocdav:
+  insecure: true
+ocm:
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+thumbnails:
+  thumbnail:
+    transfer_secret: vEycSxTtr+4kqQBx1XLM9db*2Ac4v5l#
+    webdav_allow_insecure: true
+    cs3_allow_insecure: true
+search:
+  events:
+    tls_insecure: true
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+audit:
+  events:
+    tls_insecure: true
+settings:
+  service_account_ids:
+  - {{var_owncloud_account_id}}
+sharing:
+  events:
+    tls_insecure: true
+storage_users:
+  events:
+    tls_insecure: true
+  mount_id: 7762e662-d016-4d2d-a353-28e439270b46
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+notifications:
+  notifications:
+    events:
+      tls_insecure: true
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+nats:
+  nats:
+    tls_skip_verify_client_cert: true
+gateway:
+  storage_registry:
+    storage_users_mount_id: 7762e662-d016-4d2d-a353-28e439270b46
+userlog:
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+auth_service:
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+clientlog:
+  service_account:
+    service_account_id: {{var_owncloud_account_id}}
+    service_account_secret: {{var_owncloud_account_secret}}
+web:
+{% if var_owncloud_authentication_kind == 'authelia' %}
+  oidc:
+    client_id: "{{var_owncloud_authentication_data_authelia_web_client_id}}"
+    client_secret: "{{var_owncloud_authentication_data_authelia_web_client_secret}}"
+    scope: "openid profile email groups"
+{% endif %}
diff --git a/roles/owncloud/templates/systemd_unit.j2 b/roles/owncloud/templates/systemd_unit.j2
new file mode 100644
index 0000000..46203ff
--- /dev/null
+++ b/roles/owncloud/templates/systemd_unit.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=ownCloud
+After=network.target
+
+[Service]
+WorkingDirectory={{var_owncloud_directory}}
+{% if var_owncloud_authentication_kind == 'authelia' %}
+Environment="OCIS_OIDC_ISSUER='{{var_owncloud_authentication_data_authelia_url_base}}'"
+{% endif %}
+ExecStart={{var_owncloud_directory}}/ocis server
+Type=simple
+Restart=always
+User={{var_owncloud_user}}
+
+[Install]
+WantedBy=default.target
+RequiredBy=network.target
diff --git a/roles/owncloud/vardef.json b/roles/owncloud/vardef.json
new file mode 100644
index 0000000..2940d4a
--- /dev/null
+++ b/roles/owncloud/vardef.json
@@ -0,0 +1,30 @@
+{
+	"user": {
+		"type": "string",
+		"mandatory": false
+	},
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"version": {
+		"type": "string",
+		"mandatory": false
+	},
+	"platform": {
+		"type": "string",
+		"mandatory": false
+	},
+	"admin_password": {
+		"type": "string",
+		"mandatory": true
+	},
+	"authentication_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"none",
+			"authelia"
+		]
+	}
+}