diff --git a/roles/authelia-for-owncloud/defaults/main.json b/roles/authelia-for-owncloud/defaults/main.json
new file mode 100644
index 0000000..b12d86f
--- /dev/null
+++ b/roles/authelia-for-owncloud/defaults/main.json
@@ -0,0 +1,8 @@
+{
+	"var_authelia_for_owncloud_owncloud_url_base": "https://owncloud.example.org",
+	"var_authelia_for_owncloud_web_client_id": "owncloud_web",
+	"var_authelia_for_owncloud_android_client_id": "owncloud_android",
+	"var_authelia_for_owncloud_android_client_secret": "REPLACE_ME",
+	"var_authelia_for_owncloud_ios_client_id": "owncloud_ios",
+	"var_authelia_for_owncloud_ios_client_secret": "REPLACE_ME"
+}
diff --git a/roles/authelia-for-owncloud/info.md b/roles/authelia-for-owncloud/info.md
new file mode 100644
index 0000000..54e275f
--- /dev/null
+++ b/roles/authelia-for-owncloud/info.md
@@ -0,0 +1,10 @@
+## Beschreibung
+
+Um [ownCloud](../owncloud) gegen [Authelia](../authelia) authentifizieren zu lassen
+
+
+## Verweise
+
+- [Authelia-Dokumentation | ownCloud Infinite Scale Integration](https://www.authelia.com/integration/openid-connect/ocis/)
+- [Helge Klein | SSO via Authelia: ownCloud OpenID Connect Authentication](https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/#sso-via-authelia-owncloud-openid-connect-authentication)
+- [ownCloud Forums | OCIS + Authelia](https://central.owncloud.org/t/ocis-authelia/44222)
diff --git a/roles/authelia-for-owncloud/tasks/main.json b/roles/authelia-for-owncloud/tasks/main.json
new file mode 100644
index 0000000..1272bc8
--- /dev/null
+++ b/roles/authelia-for-owncloud/tasks/main.json
@@ -0,0 +1,31 @@
+[
+	{
+		"name": "configuration | emplace",
+		"become": true,
+		"loop": [
+			{"src": "authelia-client-conf-web.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-web.json"},
+			{"src": "authelia-client-conf-desktop.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"},
+			{"src": "authelia-client-conf-android.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-android.json"},
+			{"src": "authelia-client-conf-ios.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"}
+		],
+		"ansible.builtin.template": {
+			"src": "{{item.src}}",
+			"dest": "{{item.dest}}"
+		}
+	},
+	{
+		"name": "configuration | apply",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "/usr/bin/authelia-conf-compose"
+		}
+	},
+	{
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "authelia"
+		}
+	}
+]
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2
new file mode 100644
index 0000000..fab1372
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2
@@ -0,0 +1,16 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_android_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_android_client_secret}}",
+	"client_name": "ownCloud | Android Client",
+	"authorization_policy": "one_factor",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"oc://android.owncloud.com"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2
new file mode 100644
index 0000000..61b3e43
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2
@@ -0,0 +1,17 @@
+{
+	"client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
+	"client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
+	"client_name": "ownCloud | Desktop Client",
+	"authorization_policy": "one_factor",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"http://127.0.0.1",
+		"http://localhost"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2
new file mode 100644
index 0000000..ce465a9
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2
@@ -0,0 +1,17 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_ios_client_id}}",
+	"client_secret": "{{var_authelia_for_owncloud_ios_client_secret}}",
+	"client_name": "ownCloud | iOS Client",
+	"authorization_policy": "one_factor",
+	"scopes": [
+		"openid",
+		"groups",
+		"profile",
+		"email",
+		"offline_access"
+	],
+	"redirect_uris": [
+		"oc://ios.owncloud.com",
+		"oc.ios://ios.owncloud.com"
+	]
+}
diff --git a/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2
new file mode 100644
index 0000000..45b6983
--- /dev/null
+++ b/roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2
@@ -0,0 +1,20 @@
+{
+	"client_id": "{{var_authelia_for_owncloud_web_client_id}}",
+	"client_name": "ownCloud | Web Client",
+	"public": true,
+	"authorization_policy": "one_factor",
+	"scopes": [
+		"openid",
+		"email",
+		"profile",
+		"groups"
+	],
+	"response_types": [
+		"code"
+	],
+	"redirect_uris": [
+		"{{var_authelia_for_owncloud_owncloud_url_base}}",
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html",
+		"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html"
+	]
+}
diff --git a/roles/authelia-for-owncloud/vardef.json b/roles/authelia-for-owncloud/vardef.json
new file mode 100644
index 0000000..8bf599d
--- /dev/null
+++ b/roles/authelia-for-owncloud/vardef.json
@@ -0,0 +1,26 @@
+{
+	"owncloud_url_base": {
+		"type": "string",
+		"mandatory": false
+	},
+	"web_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"android_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"android_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"ios_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"ios_client_secret": {
+		"type": "string",
+		"mandatory": false
+	}
+}
diff --git a/roles/owncloud-and-nginx/defaults/main.json b/roles/owncloud-and-nginx/defaults/main.json
new file mode 100644
index 0000000..9ad192e
--- /dev/null
+++ b/roles/owncloud-and-nginx/defaults/main.json
@@ -0,0 +1,5 @@
+{
+	"var_owncloud_and_nginx_domain": "owncloud.example.org",
+	"var_owncloud_and_nginx_tls_mode": "force",
+	"var_owncloud_and_nginx_maximum_upload_size": "1G"
+}
diff --git a/roles/owncloud-and-nginx/tasks/main.json b/roles/owncloud-and-nginx/tasks/main.json
new file mode 100644
index 0000000..004dfa3
--- /dev/null
+++ b/roles/owncloud-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_owncloud_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/roles/owncloud-and-nginx/templates/conf.j2 b/roles/owncloud-and-nginx/templates/conf.j2
new file mode 100644
index 0000000..85e67ab
--- /dev/null
+++ b/roles/owncloud-and-nginx/templates/conf.j2
@@ -0,0 +1,34 @@
+{% macro owncloud_common() %}
+	location / {
+		proxy_pass http://localhost:9200;
+		client_max_body_size {{var_owncloud_and_nginx_maximum_upload_size}};
+	}
+{% endmacro %}
+
+server {
+	listen 80;
+	listen [::]:80;
+	
+	server_name {{var_owncloud_and_nginx_domain}};
+	
+{% if var_owncloud_and_nginx_tls_mode == 'force' %}
+	return 301 https://$http_host$request_uri;
+{% else %}
+	{{ owncloud_common() }}
+{% endif %}
+}
+
+{% if var_owncloud_and_nginx_tls_mode != 'disable' %}
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	
+	server_name {{var_owncloud_and_nginx_domain}};
+	
+	ssl_certificate_key /etc/ssl/private/{{var_owncloud_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
+	include /etc/nginx/ssl-hardening.conf;
+	
+	{{ owncloud_common() }}
+}
+{% endif %}
diff --git a/roles/owncloud-and-nginx/vardef.json b/roles/owncloud-and-nginx/vardef.json
new file mode 100644
index 0000000..7872cb8
--- /dev/null
+++ b/roles/owncloud-and-nginx/vardef.json
@@ -0,0 +1,20 @@
+
+{
+	"domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"tls_mode": {
+        "type": "string",
+        "options": [
+			"disable",
+			"enable",
+			"force"
+        ],
+        "mandatory": false
+	},
+	"maximum_upload_size": {
+		"type": "string",
+		"mandatory": false
+	}
+}
diff --git a/roles/owncloud/defaults/main.json b/roles/owncloud/defaults/main.json
new file mode 100644
index 0000000..1101e12
--- /dev/null
+++ b/roles/owncloud/defaults/main.json
@@ -0,0 +1,18 @@
+{
+	"var_owncloud_user": "owncloud",
+	"var_owncloud_directory": "/opt/owncloud",
+	"var_owncloud_version": "5.0.0",
+	"var_owncloud_platform": "linux-amd64",
+	"var_owncloud_domain": "owncloud.example.org",
+	"var_owncloud_admin_password": "REPLACE_ME",
+	"var_owncloud_authentication_kind": "internal",
+	"var_owncloud_authentication_data_authelia_url_base": "https://authelia.example.org",
+	"var_owncloud_authentication_data_authelia_web_client_id": "owncloud_web",
+	"var_owncloud_authentication_data_authelia_web_client_secret": "REPLACE_ME",
+	"var_owncloud_authentication_data_authelia_android_client_id": "owncloud_android",
+	"var_owncloud_authentication_data_authelia_android_client_secret": "REPLACE_ME",
+	"var_owncloud_authentication_data_authelia_ios_client_id": "owncloud_ios",
+	"var_owncloud_authentication_data_authelia_ios_client_secret": "REPLACE_ME",
+	"var_owncloud_public_share_password_necessity": "writable",
+	"var_owncloud_public_share_password_policy_active": true
+}
diff --git a/roles/owncloud/info.md b/roles/owncloud/info.md
new file mode 100644
index 0000000..bb50a4d
--- /dev/null
+++ b/roles/owncloud/info.md
@@ -0,0 +1,18 @@
+## Beschreibung
+
+Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infinite Scale")
+
+
+## Verweise
+
+- [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/)
+- [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/)
+- [ownCloud-Dokumentation | Service | Proxy](https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html)
+- [ownCloud-Dokumentation | Service | Web](https://doc.owncloud.com/ocis/next/deployment/services/s-list/web.html)
+- [ownCloud-Dokumentation | Service | Sharing](https://doc.owncloud.com/ocis/next/deployment/services/s-list/sharing.html)
+- [GitHub | ocis](https://github.com/owncloud/ocis/)
+
+
+## ToDo
+
+- Downlowd prüfen
diff --git a/roles/owncloud/tasks/main.json b/roles/owncloud/tasks/main.json
new file mode 100644
index 0000000..0a6e356
--- /dev/null
+++ b/roles/owncloud/tasks/main.json
@@ -0,0 +1,56 @@
+[
+	{
+		"name": "user",
+		"become": true,
+		"ansible.builtin.user": {
+			"name": "{{var_owncloud_user}}",
+			"create_home": true,
+			"home": "{{var_owncloud_directory}}"
+		}
+	},
+	{
+		"name": "download",
+		"become": true,
+		"become_user": "{{var_owncloud_user}}",
+		"ansible.builtin.get_url": {
+			"url": "https://download.owncloud.com/ocis/ocis/stable/{{var_owncloud_version}}/ocis-{{var_owncloud_version}}-{{var_owncloud_platform}}",
+			"dest": "{{var_owncloud_directory}}/ocis",
+			"mode": "u+rx"
+		}
+	},
+	{
+		"name": "setup",
+		"become": true,
+		"become_user": "{{var_owncloud_user}}",
+		"ansible.builtin.shell": {
+			"chdir": "{{var_owncloud_directory}}",
+			"cmd": "rm -f {{var_owncloud_directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{var_owncloud_admin_password}}"
+		}
+	},
+	{
+		"name": "configuration",
+		"become": true,
+		"become_user": "{{var_owncloud_user}}",
+		"ansible.builtin.template": {
+			"src": "env.j2",
+			"dest": "{{var_owncloud_directory}}/.env"
+		}
+	},
+	{
+		"name": "systemd unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd_unit.j2",
+			"dest": "/etc/systemd/system/owncloud.service"
+		}
+	},
+	{
+		"name": "run",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"name": "owncloud",
+			"enabled": true,
+			"state": "restarted"
+		}
+	}
+]
diff --git a/roles/owncloud/templates/env.j2 b/roles/owncloud/templates/env.j2
new file mode 100644
index 0000000..eb2c299
--- /dev/null
+++ b/roles/owncloud/templates/env.j2
@@ -0,0 +1,44 @@
+OCIS_URL="https://{{var_owncloud_domain}}"
+OCIS_INSECURE="false"
+
+PROXY_TLS="false"
+
+{% if var_owncloud_authentication_kind != 'internal' %}
+PROXY_AUTOPROVISION_ACCOUNTS="false"
+{% endif %}
+
+{% if var_owncloud_authentication_kind == 'authelia' %}
+OCIS_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
+OCIS_OIDC_ISSUER="{{var_owncloud_authentication_data_authelia_url_base}}"
+
+PROXY_AUTOPROVISION_ACCOUNTS="true"
+PROXY_OIDC_REWRITE_WELLKNOWN="true"
+PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD="none"
+PROXY_OIDC_INSECURE="false"
+PROXY_USER_OIDC_CLAIM="name"
+PROXY_USER_CS3_CLAIM="username"
+
+WEB_OIDC_AUTHORITY="{{var_owncloud_authentication_data_authelia_url_base}}"
+WEB_OIDC_METADATA_URL="{{var_owncloud_authentication_data_authelia_url_base}}/.well-known/openid-configuration"
+WEB_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
+WEB_OIDC_SCOPE="openid profile email groups"
+{% endif %}
+
+{% if var_owncloud_public_share_password_necessity == 'nothing' %}
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="false"
+{% endif %}
+{% if var_owncloud_public_share_password_necessity == 'writable' %}
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
+{% endif %}
+{% if var_owncloud_public_share_password_necessity == 'all' %}
+OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="true"
+OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
+{% endif %}
+
+{% if var_owncloud_public_share_password_policy_active %}
+OCIS_SHARING_PASSWORD_POLICY_DISABLED="false"
+{% else %}
+OCIS_SHARING_PASSWORD_POLICY_DISABLED="true"
+{% endif %}
diff --git a/roles/owncloud/templates/systemd_unit.j2 b/roles/owncloud/templates/systemd_unit.j2
new file mode 100644
index 0000000..7e43971
--- /dev/null
+++ b/roles/owncloud/templates/systemd_unit.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=ownCloud
+After=network.target
+
+[Service]
+WorkingDirectory={{var_owncloud_directory}}
+EnvironmentFile={{var_owncloud_directory}}/.env
+ExecStart={{var_owncloud_directory}}/ocis server
+Type=simple
+Restart=always
+User={{var_owncloud_user}}
+
+[Install]
+WantedBy=default.target
+RequiredBy=network.target
diff --git a/roles/owncloud/vardef.json b/roles/owncloud/vardef.json
new file mode 100644
index 0000000..6641a03
--- /dev/null
+++ b/roles/owncloud/vardef.json
@@ -0,0 +1,75 @@
+{
+	"user": {
+		"type": "string",
+		"mandatory": false
+	},
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"version": {
+		"type": "string",
+		"mandatory": false
+	},
+	"platform": {
+		"type": "string",
+		"mandatory": false
+	},
+	"domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"admin_password": {
+		"type": "string",
+		"mandatory": true
+	},
+	"authentication_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"internal",
+			"authelia"
+		]
+	},
+	"authentication_data_authelia_url_base": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_web_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_web_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_android_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_android_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_ios_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_ios_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"public_share_password_necessity": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"nothing",
+			"writable",
+			"all"
+		]
+	},
+	"public_share_password_policy_active": {
+		"type": "boolean",
+		"mandatory": false
+	}
+}