diff --git a/playbooks/lehmann-webserver.yml b/playbooks/lehmann-webserver.yml
new file mode 100644
index 0000000..c3ba7bc
--- /dev/null
+++ b/playbooks/lehmann-webserver.yml
@@ -0,0 +1,99 @@
+#
+#
+# Automated webserver installation with plesk for captica Webservers
+#
+# Project: playbooks
+# Author: Marc Böhm <marc.boehm@captica.de>
+# License: MIT License (see LICENSE.md)
+#
+# Copyright (c) captica GmbH est. 2021
+#
+- hosts: "srvleh01web01"
+  vars:
+    hostname: leh01
+    tools_install_users:
+      - root
+      - ansible
+    ssh_pubkeys_root:
+      - "../files/ssh/root.pub"
+    ssh_pubkeys_ansible:
+      - "../files/ssh/ansible.pub"
+    bitwarden_version: 2025.7.0
+    bitwarden_url: https://vault.captica.de
+    bitwarden_domain: vault.captica.de
+    bitwarden_admins: marc.boehm@captica.de
+    bitwarden_reply_to_mail: no-reply@vault.captica.de
+    bitwarden_smtp_host: captica.de
+    bitwarden_smtp_port: 465
+    rclone_version: "1.65.0"
+    rclone_configs:
+      - name: strato-captica
+        entries:
+          type: s3
+          provider: Other
+          env_auth: false
+          access_key_id: "{{ rclone_hidrive_access_key_id }}"
+          secret_access_key: "{{ rclone_hidrive_access_key_secret }}"
+          region: eu-central-1
+          endpoint: https://s3.hidrive.strato.com
+          acl: private
+      - name: backup-captica
+        entries:
+          type: crypt
+          remote: strato-captica:backup-srvweb01
+          filename_encryption: standard
+          directory_name_encryption: true
+          password: "{{ rclone_backup_password }}"
+          password2: "{{ rclone_backup_password2 }}"
+    rclone_sync_cronjobs:
+      - name: backup-nextcloud
+        source: /datapool/docker-nextcloud/nextcloud
+        target: backup-lehmann:nextcloud
+        cron:
+          minute: '0'
+          hour: '6'
+          day: '*/5'
+        disabled: false
+      - name: backup-frigate-nvr
+        source: /rpool/vmpool/frigate-nvr
+        target: backup-lehmann:frigate-nvr
+        cron:
+          minute: '0'
+          hour: '2'
+          day: '*/5'
+        disabled: false      
+      - name: backup-gitea
+        source: /datapool/subvol-107-disk-0
+        target: backup-lehmann:gitea
+        cron:
+          minute: '30'
+          hour: '2'
+          day: '*/5'
+        disabled: false      
+      - name: backup-nginx-proxy-manager
+        source: /datapool/docker-nginx-proxy-manager
+        target: backup-lehmann:nginx-proxy-manager
+        cron:
+          minute: '30'
+          hour: '5'
+          day: '*/5'
+        disabled: false
+      - name: backup-harvester-data
+        source: /datapool/subvol-1035-disk-1
+        target: backup-lehmann:harvester-data
+        cron:
+          minute: '45'
+          hour: '5'
+          day: '*/5'
+        disabled: false
+  roles:
+    - linux-base-install
+    - zsh
+    - vim
+    - fzf
+    - linux-docker
+    - rclone
+    - plesk
+    - nextcloud-hpb
+    - wireguard
+    - bitwarden
diff --git a/requirements.yml b/requirements.yml
index 87ecc84..fead5fc 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -59,11 +59,18 @@ roles:
     src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.open-webui.git
     scm: git
     version: main
+  
   - name: n8n
     src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.n8n.git
     scm: git
     version: main
-    
+
+  - name: photoprism
+    src: git@git.captica.de:captica-automation/de.captica.automation.ansible.role.photoprism
+    scm: git
+    version: main 
+
+
 # Collections requirements
 collections:
   - name: community.general
diff --git a/templates/nextcloud/docker-compose.yml.j2 b/templates/nextcloud/docker-compose.yml.j2
index 3efd5ec..e11e630 100644
--- a/templates/nextcloud/docker-compose.yml.j2
+++ b/templates/nextcloud/docker-compose.yml.j2
@@ -1,6 +1,6 @@
 services:
   db:
-    image: postgres:14    
+    image: postgres:17    
     restart: always
     volumes:
       - {{ service_directory }}/data/db:/var/lib/postgresql/data
@@ -62,8 +62,27 @@ services:
       - db
       - redis
 
+  documentserver:
+    image: onlyoffice/documentserver
+    restart: always
+    environment:
+      - TZ
+      - JWT_SECRET
+    volumes:
+      - /opt/nextcloud/data/onlyoffice/data:/var/www/onlyoffice/Data
+      - /opt/nextcloud/data/onlyoffice/db:/var/lib/postgresql
+      - /opt/nextcloud/data/onlyoffice/fonts:/usr/share/fonts/truetype/custom
+      - /opt/nextcloud/data/onlyoffice/log:/var/log/onlyoffice
+      - /opt/nextcloud/data/onlyoffice/app:/var/lib/onlyoffice
+      - /opt/nextcloud/data/onlyoffice/rabbitmq:/var/lib/rabbitmq
+      - /opt/nextcloud/data/onlyoffice/redis:/var/lib/redis
+    ports:
+      - 127.0.0.1:10081:80      
+    networks:
+      default:
+
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.15.1
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.18.2
     container_name: elasticsearch
     restart: always
     volumes:
@@ -115,6 +134,8 @@ services:
     networks:
       default:
 
+  
+
 networks:
   default:
     ipam: