diff --git a/roles/global-handlers/handlers/main.yml b/roles/global-handlers/handlers/main.yml
index a26af29..7311383 100644
--- a/roles/global-handlers/handlers/main.yml
+++ b/roles/global-handlers/handlers/main.yml
@@ -30,6 +30,11 @@
     name: dovecot
     state: restarted
 
+- name: reload nginx
+  systemd:
+    name: nginx
+    state: reloaded
+
 - name: restart nginx
   systemd:
     name: nginx
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 0000000..c808c92
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+    - global-handlers
diff --git a/roles/nextcloud/tasks/main.yaml b/roles/nextcloud/tasks/main.yaml
index ac23e13..8fe202b 100644
--- a/roles/nextcloud/tasks/main.yaml
+++ b/roles/nextcloud/tasks/main.yaml
@@ -5,3 +5,17 @@
     name: Nextcloud cron-cleanup
     job: /usr/bin/sudo -u www-data /usr/bin/php -f /var/www/nextcloud/cron.php
     user: root
+
+- name: Template nginx base conf
+  template:
+    src: nginx.conf
+    dest: /etc/nginx/nginx.conf
+  notify:
+    - reload nginx
+
+- name: Template nginx nextcloud conf
+  template:
+    src: nginx-nextcloud.conf
+    dest: /etc/nginx/sites-enabled/nextcloud.conf
+  notify:
+    - reload nginx
diff --git a/roles/nextcloud/nginx-nextcloud.conf b/roles/nextcloud/templates/nginx-nextcloud.conf
similarity index 100%
rename from roles/nextcloud/nginx-nextcloud.conf
rename to roles/nextcloud/templates/nginx-nextcloud.conf
diff --git a/roles/nextcloud/templates/nginx.conf b/roles/nextcloud/templates/nginx.conf
new file mode 100644
index 0000000..23f36ea
--- /dev/null
+++ b/roles/nextcloud/templates/nginx.conf
@@ -0,0 +1,27 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+
+	access_log /var/log/nginx/access.log;
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}