diff --git a/bin/convertdomain b/bin/convertdomain
index 3b3ca88..a8235f3 100755
--- a/bin/convertdomain
+++ b/bin/convertdomain
@@ -285,146 +285,40 @@ convert_nextcloud() {
 
   convert_generic nextcloud
   sed -i "s#$DOMAIN#$DOMAIN_NEW#g" /federated/apps/nextcloud/data/var/www/html/config/config.php
-
-  # Make new nextcloud config
-  cat > /federated/apps/nextcloud/data/configs.json <<EOF
-{
-   "system": {
-        "mail_smtpmode": "smtp",
-        "mail_smtpsecure": "tls",
-        "mail_sendmailmode": "smtp",
-        "mail_from_address": "nextcloud",
-        "mail_domain": "$DOMAIN_NEW",
-        "mail_smtpauthtype": "LOGIN",
-        "mail_smtpauth": 1,
-        "mail_smtphost": "mail.$DOMAIN_NEW",
-        "mail_smtpport": "587",
-        "mail_smtpname": "$SMTPUSER",
-        "mail_smtppassword": "$ADMINPASS"
-   },
-   "apps": {
-	"side_menu": {
-            "background-color-opacity": "100",
-            "current-app-background-color": "#005b8d",
-            "types": "",
-            "enabled": "yes",
-            "text-color": "#ffffff",
-            "loader-color": "#339bd4",
-            "types": "",
-            "always-displayed": "0",
-            "big-menu": "0",
-            "side-with-categories": "0",
-            "background-color": "#0068a1",
-            "background-color-to": "#0068a1",
-            "icon-invert-filter": "0",
-            "icon-opacity": "100",
-            "opener": "side-menu-opener",
-            "dark-mode-background-color": "#0068a1",
-            "dark-mode-background-color-to": "#0068a1",
-            "dark-mode-background-color-opacity": "100",
-            "dark-mode-current-app-background-color": "#005b8d",
-            "dark-mode-text-color": "#ffffff",
-            "dark-mode-loader-color": "#ffffff",
-            "dark-mode-icon-invert-filter": "0",
-            "dark-mode-icon-opacity": "100",
-            "dark-mode-opener": "side-menu-opener",
-            "opener-position": "before",
-            "opener-only": "0",
-            "hide-when-no-apps": "0",
-            "opener-hover": "0",
-            "display-logo": "1",
-            "use-avatar": "0",
-            "add-logo-link": "1",
-            "big-menu-hidden-apps": "[]",
-            "show-settings": "0",
-            "size-icon": "normal",
-            "size-text": "normal",
-            "target-blank-apps": "[]",
-            "loader-enabled": "1",
-            "top-side-menu-apps": "[]",
-            "top-menu-mouse-over-hidden-label": "0",
-            "apps-order": "[\"dashboard\",\"mail\",\"calendar\",\"contacts\",\"notes\",\"tasks\",\"files\",\"deck\",\"bookmarks\",\"forms\",\"spreed\",\"photos\",\"activity\"]",
-            "categories-order-type": "default",
-            "categories-custom": "[]",
-            "apps-categories-custom": "[]",
-            "categories-order": "[\"other\",\"customization\",\"dashboard\",\"external_links\",\"files\",\"workflow\",\"games\",\"integration\",\"monitoring\",\"multimedia\",\"office\",\"organization\",\"search\",\"security\",\"social\",\"tools\"]",
-            "default-enabled": "1",
-            "force": "0",
-            "top-menu-apps": "[\"photos\",\"activity\",\"dashboard\",\"forms\",\"calendar\",\"tasks\",\"bookmarks\",\"deck\",\"contacts\",\"notes\",\"spreed\",\"mail\",\"files\"]",
-            "cache": "2"
-	}
-   }
-}
-EOF
-
-cat > /federated/apps/nextcloud/data/config.sh <<EOF
-#!/bin/sh
-
-PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
-
-/var/www/html/occ app:enable user_ldap
-/var/www/html/occ ldap:create-empty-config
-/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN_NEW'
-/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=groups,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_NEW_LDAP_dc
-/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
-/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
-/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=posixGroup)))'
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr uniqueMember
-/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
-/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
-/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
-/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
-/var/www/html/occ ldap:set-config s01 ldapPagingSize 500 
-/var/www/html/occ ldap:set-config s01 ldapPort 636
-/var/www/html/occ ldap:set-config s01 ldapTLS 1 
-/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
-/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
-/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
-/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0 
-/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
-/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
-/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto 
-/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0 
-/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0 
-/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1 
-/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1 
-/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
-/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
-/var/www/html/occ config:system:set overwriteprotocol --value=https
-/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
-/var/www/html/occ config:system:delete trusted_domains
-/var/www/html/occ config:system:set trusted_domains 1 --value=*
-/var/www/html/occ group:adduser admin admin
-/var/www/html/occ user:delete nextcloud
-/var/www/html/occ app:enable mail
-/var/www/html/occ app:enable calendar
-/var/www/html/occ app:enable contacts
-/var/www/html/occ app:enable notes
-/var/www/html/occ app:enable deck
-/var/www/html/occ app:enable tasks
-/var/www/html/occ app:enable bookmarks
-/var/www/html/occ app:enable forms
-/var/www/html/occ app:enable spreed
-/var/www/html/occ app:enable side_menu
-/var/www/html/occ app:enable external 
-/var/www/html/occ app:enable richdocuments
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments public_wopi_url
-/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN_NEW richdocuments wopi_url
-/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
-/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
-/var/www/html/occ config:app:set external sites "--value={\"1\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":1,\"name\":\"Video Conference (Jitsi)\",\"url\":\"https:\/\/jitsi.$DOMAIN_NEW\"},\"2\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":2,\"name\":\"Worldwide Chat (Element)\",\"url\":\"https:\/\/element.$DOMAIN_NEW\"},\"3\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":3,\"name\":\"Mailing Lists (Listmonk)\",\"url\":\"https:\/\/listmonk.$DOMAIN_NEW\"},\"4\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":4,\"name\":\"Databases (Baserow)\",\"url\":\"https:\/\/baserow.$DOMAIN_NEW\"},\"5\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":5,\"name\":\"Passwords (Vaultwarden)\",\"url\":\"https:\/\/vaultwarden.$DOMAIN_NEW\"},\"7\":{\"icon\":\"external.svg\",\"lang\":\"\",\"type\":\"link\",\"device\":\"browser\",\"groups\":[],\"redirect\":true,\"id\":7,\"name\":\"Source code (Gitea)\",\"url\":\"https:\/\/gitea.$DOMAIN_NEW\"}}"
-/var/www/html/occ config:import configs.json
-EOF
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_accounts SET data=REPLACE(data, '$DOMAIN', '$DOMAIN_NEW') WHERE data LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_accounts_data SET value=REPLACE(value, '$DOMAIN', '$DOMAIN_NEW') WHERE value LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_appconfig SET configvalue=REPLACE(configvalue, '$DOMAIN', '$DOMAIN_NEW') WHERE configvalue LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET inbound_host=REPLACE(inbound_host, '$DOMAIN', '$DOMAIN_NEW') WHERE inbound_host LIKE '%$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_preferences SET configvalue=REPLACE(configvalue, '$DOMAIN', '$DOMAIN_NEW') WHERE configvalue LIKE '%$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_richdocuments_wopi SET server_host=REPLACE(server_host, '$DOMAIN', '$DOMAIN_NEW') WHERE server_host LIKE '%$DOMAIN%'"
+  # Authelia integration...
+  # FIXME should we just wipe oc_user_oidc_sessions, given they will probably be invalid
+  # with reconfigured authelia anyway?
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_providers SET discovery_endpoint=REPLACE(discovery_endpoint, '$DOMAIN', '$DOMAIN_NEW') WHERE discovery_endpoint LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_providers SET end_session_endpoint=REPLACE(end_session_endpoint, '$DOMAIN', '$DOMAIN_NEW') WHERE end_session_endpoint LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_user_oidc_sessions SET iss=REPLACE(iss, '$DOMAIN', '$DOMAIN_NEW') WHERE iss LIKE '%$DOMAIN%'"
+  # DAV links...
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendars SET uri=REPLACE(uri, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE uri LIKE '%/$DOMAIN/%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendars SET displayname=REPLACE(displayname, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE displayname LIKE '%/$DOMAIN/%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET uri=REPLACE(uri, '$DOMAIN', '$DOMAIN_NEW') WHERE uri LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET displayname=REPLACE(displayname, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE displayname LIKE '%/$DOMAIN/%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarsubscriptions SET source=REPLACE(source, '/$DOMAIN/', '/$DOMAIN_NEW/') WHERE source LIKE '%/$DOMAIN/%'"
+  # Email addresses (for authentication and otherwise)...
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_authtoken SET login_name=REPLACE(login_name, '@$DOMAIN', '@$DOMAIN_NEW') WHERE login_name LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_invitations SET attendee=REPLACE(attendee, '@$DOMAIN', '@$DOMAIN_NEW') WHERE attendee LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_invitations SET organizer=REPLACE(organizer, '@$DOMAIN', '@$DOMAIN_NEW') WHERE attendee LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_cards_properties SET value=REPLACE(value, '@$DOMAIN', '@$DOMAIN_NEW') WHERE value LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_accounts SET inbound_user=REPLACE(inbound_user, '@$DOMAIN', '@$DOMAIN_NEW') WHERE inbound_user LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_coll_addresses SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_recipients SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_mail_trusted_senders SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_recent_contact SET email=REPLACE(email, '@$DOMAIN', '@$DOMAIN_NEW') WHERE email LIKE '%@$DOMAIN'"
+  # May contain links to dashboard.$DOMAIN etc.
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_bookmarks SET url=REPLACE(url, '$DOMAIN', '$DOMAIN_NEW') WHERE url LIKE '%$DOMAIN%'"
+  # This can contain Jitsi links
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendar_appt_configs SET location=REPLACE(location, '$DOMAIN', '$DOMAIN_NEW') WHERE location LIKE '%$DOMAIN%'"
+  docker exec postgresql psql -U nextcloud -c "UPDATE oc_calendarobjects_props SET value=REPLACE(value, '$DOMAIN', '$DOMAIN_NEW') WHERE value LIKE '%$DOMAIN%'"
 
   # Grab the container IP from docker-compose
   SERVICE_IP=`grep ipv4_address /federated/apps/nextcloud/docker-compose.yml | awk '{ print $2 }'`
@@ -432,40 +326,6 @@ EOF
   # Start service with command to make sure it's up before proceeding
   start_service_convert "nextcloud" "nc -z $SERVICE_IP 80 &> /dev/null"
 
-  # Move config.sh and sidemenu config, set config.sh executable
-  mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
-  docker exec nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
-  docker exec nextcloud chmod 755 /var/www/html/config.sh
-  [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
-
-  # Run config.sh - Setup LDAP, configuration for nextcloud
-  # DEBUG  docker exec -u 33 nextcloud /var/www/html/config.sh &> /dev/null
-  docker exec -u 33 nextcloud /var/www/html/config.sh
-  [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
-
-  # Add admin user to group
-  # Have to do it this many times so it will query LDAP and populate admin user first
-  docker exec -u 33 nextcloud /var/www/html/occ ldap:search admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:list
-  docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:adduser admin admin
-  docker exec -u 33 nextcloud /var/www/html/occ group:list
-
-  # Config admin email
-  docker exec -u 33 nextcloud bash -c "/var/www/html/occ mail:account:create admin admin admin@$DOMAIN_NEW mail.$DOMAIN_NEW 993 ssl admin@$DOMAIN_NEW $ADMINPASS mail.$DOMAIN_NEW 465 ssl admin@$DOMAIN_NEW $ADMINPASS password"
-
-  # Remove configs
-  # DEBUG  rm /federated/apps/nextcloud/data/var/www/html/config.sh /federated/apps/nextcloud/data/var/www/html/configs.json
-
-  # Configure SSO to Authelia
-  NEXTCLOUD_CLIENT_SECRET=$(cat /federated/apps/nextcloud/.nextcloud.client.secret)
-  docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider:delete Authelia -f
-  docker exec -u 33 nextcloud /var/www/html/occ config:system:set allow_local_remote_servers --value=true
-  docker exec -u 33 nextcloud /var/www/html/occ app:enable user_oidc
-  docker exec -u 33 nextcloud /var/www/html/occ config:system:set --value=true --type=boolean user_oidc use_pkce
-  docker exec -u 33 nextcloud /var/www/html/occ user_oidc:provider Authelia --clientid="nextcloud" --clientsecret="$NEXTCLOUD_CLIENT_SECRET" --discoveryuri="https://authelia.$DOMAIN_NEW/.well-known/openid-configuration" --mapping-uid=name --endsessionendpointuri=https://authelia.$DOMAIN_NEW/logout
-  docker exec -u 33 nextcloud /var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(uid=%uid))'
-
   echo -ne "done."
 }
 convert_matrix() {