diff --git a/roles/bootstrap/handlers/nextcloud.yml b/roles/bootstrap/handlers/nextcloud.yml
index a5d7d41..608ba40 100644
--- a/roles/bootstrap/handlers/nextcloud.yml
+++ b/roles/bootstrap/handlers/nextcloud.yml
@@ -8,57 +8,61 @@
     - name: Enable monitoring of network hardware
       ansible.builtin.command:
         cmd: "snap connect nextcloud:network-observe"
-    - name: Enable access to removable media
+    - name: Begin manual installation
       ansible.builtin.command:
-        cmd: "snap connect nextcloud:removable-media"
+        argv:
+          - /snap/bin/nextcloud.manual-install
+          - "{{ config.nextcloud.users.admin.username }}"
+          - "{{ config.nextcloud.users.admin.password }}"
     # @TODO see if setting below is necessary given use of reverse proxy
-    # - name: Set trusted domains
-    #   ansible.builtin.command:
-    #     cmd: "nextcloud.occ config:system:set trusted_domains 0 --value='cloud.{{ hostvars[inventory_hostname].fqdn }}'"
+    - name: Set trusted domains
+      block:
+        - name: Set localhost as trusted domain
+          ansible.builtin.command:
+            cmd: "/snap/bin//snap/bin/nextcloud.occ config:system:set trusted_domains 0 --value='localhost'"
+        # @TODO see if setting below is necessary given use of reverse proxy
+        - name: Set FQDN as trusted domain
+          ansible.builtin.command:
+            cmd: "/snap/bin//snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value='cloud.{{ hostvars[inventory_hostname].fqdn }}'"
     # @TODO configure perhaps for trusted (reverse) proxy instead of above
-    - name: Set trusted reverse proxy IPv4 address
-      when: config.trusted_revproxy_ips.ipv4 is None or len(config.trusted_revproxy_ips.ipv4) < 1
-      ansible.builtin.command:
-        argv:
-          - nextcloud.occ
-          - "config:system:set"
-          - trusted_proxies 0
-          - "--value=$(hostname -I | awk -F ' ' '{ print $1 }')"
-    - name: Set trusted reverse proxy IPv4 address
-      when: config.trusted_revproxy_ips.ipv4 is not None and len(config.trusted_revproxy_ips.ipv4) > 0
-      ansible.builtin.command:
-        argv:
-          - nextcloud.occ
-          - "config:system:set"
-          - "trusted_proxies {{ idx }}"
-          - "--value={{ item }}"
-      loop: "{{ config.trusted_revproxy_ips.ipv4 }}"
-      loop_control:
-        index_var: idx
-    - name: Set trusted reverse proxy IPv6 address
-      when: config.trusted_revproxy_ips.ipv6 is None or len(config.trusted_revproxy_ips.ipv6) < 1
-      ansible.builtin.command:
-        argv:
-          - nextcloud.occ
-          - "config:system:set"
-          - trusted_proxies 0
-          - "--value=$(hostname -I | awk -F ' ' '{ print $2 }')"
-    - name: Set trusted reverse proxy IPv6 address
-      when: config.trusted_revproxy_ips.ipv6 is not None and len(config.trusted_revproxy_ips.ipv6) > 0
-      ansible.builtin.command:
-        argv:
-          - nextcloud.occ
-          - "config:system:set"
-          - "trusted_proxies {{ idx }}"
-          - "--value={{ item }}"
-      loop: "{{ config.trusted_revproxy_ips.ipv6 }}"
-      loop_control:
-        index_var: idx
-    - name: Enable LDAP integration app
-      ansible.builtin.command:
-        cmd: "nextcloud.occ app:enable user_ldap"
-    # @TODO see if can further configure LDAP in particular: https://docs.nextcloud.com/server/stable/admin_manual/occ_command.html#ldap-commands
-    - name: Enable contacts' birthday calendar app
-      ansible.builtin.command:
-        cmd: "nextcloud.occ dav:sync-birthday-calendar"
-    # @TODO create system-level bash alias for `nextcloud.occ` command
+    - name: Set trusted reverse proxy addresses
+      block:
+        - name: Set trusted reverse proxy IPv4 address based on hostname
+          when: config.trusted_revproxy_ips.ipv4 is None or len(config.trusted_revproxy_ips.ipv4) < 1
+          ansible.builtin.command:
+            argv:
+              - /snap/bin/nextcloud.occ
+              - "config:system:set"
+              - trusted_proxies 0
+              - "--value=$(hostname -I | awk -F ' ' '{ print $1 }')"
+        - name: Set trusted reverse proxy IPv4 address
+          when: config.trusted_revproxy_ips.ipv4 is not None and len(config.trusted_revproxy_ips.ipv4) > 0
+          ansible.builtin.command:
+            argv:
+              - /snap/bin/nextcloud.occ
+              - "config:system:set"
+              - "trusted_proxies {{ idx }}"
+              - "--value={{ item }}"
+          loop: "{{ config.trusted_revproxy_ips.ipv4 }}"
+          loop_control:
+            index_var: idx
+        - name: Set trusted reverse proxy IPv6 address based on hostname
+          when: config.trusted_revproxy_ips.ipv6 is None or len(config.trusted_revproxy_ips.ipv6) < 1
+          ansible.builtin.command:
+            argv:
+              - /snap/bin/nextcloud.occ
+              - "config:system:set"
+              - trusted_proxies 1
+              - --value=$(hostname -I | awk -F ' ' '{ print $2 }')
+        - name: Set trusted reverse proxy IPv6 address
+          when: config.trusted_revproxy_ips.ipv6 is not None and len(config.trusted_revproxy_ips.ipv6) > 0
+          ansible.builtin.command:
+            argv:
+              - /snap/bin/nextcloud.occ
+              - "config:system:set"
+              - "trusted_proxies {{ idx }}"
+              - "--value={{ item }}"
+          loop: "{{ config.trusted_revproxy_ips.ipv6 }}"
+          loop_control:
+            index_var: idx
+    # @TODO create system-level bash alias for `/snap/bin/nextcloud.occ` command