diff --git a/defaults/main.yml b/defaults/main.yml
index 776e065..d1bab2c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,10 @@
 nextcloud:
+  version: ~
   listen:
     - "443 ssl"
     - "[::]:443 ssl"
   upload_size_max: 512M
-  datadir: /var/www/nextcloud/data
+  datadir: /var/lib/nextcloud/data
   externalurl: example.com
   mail:
     mode: sendmail
diff --git a/library/nextcloud_ldap.py b/library/nextcloud_ldap.py
index 317114f..5ab1ddc 100644
--- a/library/nextcloud_ldap.py
+++ b/library/nextcloud_ldap.py
@@ -6,7 +6,6 @@ import json
 
 def run_module():
 	module_args = {
-		'nextcloud_path': {'type': 'str', 'default': '/var/www/nextcloud'},
 		'config': {'type': 'dict', 'default': {}}
 	}
 
@@ -24,10 +23,7 @@ def run_module():
 	if 'config_id' not in module.params:
 		module.params['config_id'] = 's01'
 
-	os.chdir(module.params['nextcloud_path'])
-
-	rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True,
-											cwd=module.params['nextcloud_path'])
+	rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
 
 	try:
 		current_configs = json.loads(stdout)
@@ -41,15 +37,13 @@ def run_module():
 			module.fail_json(msg=f"Config ID ({module.params['config']['config_id']}) does not match next free config ID ({new_config_id})!", **result)
 
 		if not module.check_mode:
-			rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True,
-													cwd=module.params['nextcloud_path'])
+			rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True)
 			new_config_id = stdout.strip()
 
 			if new_config_id != new_config_id_calculated:
 				module.fail_json(msg=f"New config id ({new_config_id}) is not the same as calculated id ({new_config_id_calculated})!", **result)
 
-			rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True,
-													cwd=module.params['nextcloud_path'])
+			rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
 
 			try:
 				current_configs = json.loads(stdout)
@@ -73,25 +67,22 @@ def run_module():
 
 			if not module.check_mode:
 				try:
-					module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], key,
+					module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], key,
 										';'.join(new_config[key]) if isinstance(new_config[key], list) else str(new_config[key])],
-										check_rc=True, cwd=module.params['nextcloud_path'])
+										check_rc=True)
 				except Exception as e:
 					module.fail_json(msg="Error on key " + key + " : " + str(e), **result)
 
-	rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True,
-											cwd=module.params['nextcloud_path'])
+	rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True)
 
 	if stdout.strip() != 'The configuration is valid and the connection could be established!':
 		module.fail_json(msg=f"LDAP connection test failed: {stdout}", **result)
 
 	if not module.check_mode:
-		module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True,
-						   cwd=module.params['nextcloud_path'])
+		module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True)
 
 		# set update interval, seems necessary to activate sync.
-		module.run_command(['/usr/bin/php', 'occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True,
-						   cwd=module.params['nextcloud_path'])
+		module.run_command(['nextcloud-occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True)
 
 	module.exit_json(**result)
 
diff --git a/tasks/base.yml b/tasks/base.yml
index 53ac3ac..87fe58a 100644
--- a/tasks/base.yml
+++ b/tasks/base.yml
@@ -1,11 +1,21 @@
+- name: pin nextcloud version
+  template:
+    src: apt-preferences.j2
+    dest: /etc/apt/preferences.d/nextcloud
+    mode: '0644'
+
+- name: setup cccv repo key
+  apt_key:
+    url: "https://packages.cccv.de/docs/cccv-archive-key.gpg"
+
+- name: add cccv infrapackages-nextcloud repo
+  apt_repository:
+    repo: "deb https://packages.cccv.de/infrapackages-nextcloud/ {{ ansible_distribution_release|lower }} main"
+
 - name: install nextcloud
-  unarchive:
-    src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
-    remote_src: yes
-    dest: /var/www/
-    owner: www-data
-    group: www-data
-    creates: /var/www/nextcloud
+  apt:
+    pkg:
+    - nextcloud
 
 - name: create nextcloud datadir
   file:
@@ -24,13 +34,17 @@
     content: |
       apc.enable_cli = 1
 
+- name: check nextcloud install status
+  check_mode: no
+  shell: "nextcloud-occ status"
+  register: nextcloud_status_check
+  changed_when: false
+
 - name: setup nextcloud
-  become_user: www-data
-  become: true
+  when: "'installed: false' in nextcloud_status_check.stdout"
   command:
     argv:
-      - /usr/bin/php
-      - occ
+      - nextcloud-occ
       - maintenance:install
       - -n
       - --database
@@ -47,38 +61,25 @@
       - '{{ nextcloud.admin.pw }}'
       - --data-dir
       - '{{ nextcloud.datadir }}'
-  args:
-    chdir: /var/www/nextcloud
-    creates: /var/www/nextcloud/config/config.php
 
 - name: set nextcloud trusted domains
-  become_user: www-data
-  become: true
   command: # noqa no-changed-when
     argv:
-      - /usr/bin/php
-      - occ
+      - nextcloud-occ
       - config:system:set
       - trusted_domains
       - 1
       - --value
       - "{{ nextcloud.externalurl }}"
-  args:
-    chdir: /var/www/nextcloud
 
 - name: set other nextcloud config values
-  become_user: www-data
-  become: true
   command: # noqa no-changed-when
     argv:
-      - /usr/bin/php
-      - occ
+      - nextcloud-occ
       - config:system:set
       - "{{ item.key }}"
       - --value
       - "{{ item.value }}"
-  args:
-    chdir: /var/www/nextcloud
   with_items:
   - { key: "mail_from_address",    value: "{{ nextcloud.mail.from }}" }
   - { key: "mail_domain",          value: "{{ nextcloud.mail.domain }}" }
@@ -111,10 +112,3 @@
     state: link
   notify:
   - restart nginx
-
-- name: add cronjob for nextcloud
-  cron:
-    job: /usr/bin/php -f /var/www/nextcloud/cron.php
-    user: www-data
-    minute: "*/10"
-    name: nextcloud-cron
diff --git a/tasks/groupfolders.yml b/tasks/groupfolders.yml
index eb7b9af..eb0228c 100644
--- a/tasks/groupfolders.yml
+++ b/tasks/groupfolders.yml
@@ -1,14 +1,9 @@
 - name: manage group folders
-  become_user: www-data
-  become: true
-
   block:
     # Get list of existing group folders and set them as fact
     - name: get list of group folders
       check_mode: no
-      command: '/usr/bin/php occ groupfolders:list --output json'
-      args:
-        chdir: /var/www/nextcloud
+      command: 'nextcloud-occ groupfolders:list --output json'
       register: existing_group_folders
 
     - name: store existing group folders
@@ -17,9 +12,7 @@
 
     # Create group folders that did not exist yet
     - name: create non-existing folders
-      command: "/usr/bin/php occ groupfolders:create {{ item.name }}"
-      args:
-        chdir: /var/www/nextcloud
+      command: "nextcloud-occ groupfolders:create {{ item.name }}"
       with_items: "{{ nextcloud.groupfolders }}"
       when: group_folders | selectattr(search_key, 'equalto', search_val) | list | count == 0
       vars:
@@ -29,9 +22,7 @@
     # Get list of existing group folders AGAIN and set them as fact
     - name: get list of group folders again
       check_mode: no
-      command: '/usr/bin/php occ groupfolders:list --output json'
-      args:
-        chdir: /var/www/nextcloud
+      command: 'nextcloud-occ groupfolders:list --output json'
       register: existing_group_folders
 
     - name: store existing group folders
@@ -40,9 +31,7 @@
 
     # Set quota for folders where it does not match
     - name: set group folder quota
-      command: "/usr/bin/php occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
-      args:
-        chdir: /var/www/nextcloud
+      command: "nextcloud-occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
       with_items: "{{ nextcloud.groupfolders }}"
       when: (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).quota != item.quota
       vars:
@@ -51,16 +40,12 @@
 
     # We search for some random name so that the LDAP data cache gets updated
     - name: update LDAP cache
-      command: "/usr/bin/php occ ldap:search random_string_to_update_cache"
-      args:
-        chdir: /var/www/nextcloud
+      command: "nextcloud-occ ldap:search random_string_to_update_cache"
       changed_when: False
 
     # Set folder permissions if they are not correct yet
     - name: Set folder permissions
-      command: "/usr/bin/php occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
-      args:
-        chdir: /var/www/nextcloud
+      command: "nextcloud-occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
       # Only execute when the permissions of the group for that folder are not "31" (31 is write, share, delete)
       when: ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] is undefined) or
             ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] != 31)
diff --git a/tasks/main.yml b/tasks/main.yml
index 15cdbee..1ab2ec8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,8 +1,6 @@
 - import_tasks: base.yml
 
 - name: configure ldap app
-  become: true
-  become_user: www-data
   nextcloud_ldap:
     config: "{{ nextcloud.ldap }}"
   when:
diff --git a/templates/apt-preferences.j2 b/templates/apt-preferences.j2
new file mode 100644
index 0000000..16df67f
--- /dev/null
+++ b/templates/apt-preferences.j2
@@ -0,0 +1,5 @@
+{% if nextcloud.version %}
+Package: nextcloud
+Pin: version {{ nextcloud.version }}
+Pin-Priority: 999
+{% endif %}
diff --git a/templates/nginx.j2 b/templates/nginx.j2
index 2efe362..9d439eb 100644
--- a/templates/nginx.j2
+++ b/templates/nginx.j2
@@ -3,7 +3,7 @@ server {
         listen {{ listen }};
 	{% endfor %}
 
-        root /var/www/nextcloud;
+        root /usr/share/nextcloud;
         client_max_body_size {{ nextcloud.upload_size_max }};
         client_body_buffer_size 128k;
 	fastcgi_buffers 64 4K;