diff --git a/lib/nextcloud.sh b/lib/nextcloud.sh
index 71ec499..5e84e36 100644
--- a/lib/nextcloud.sh
+++ b/lib/nextcloud.sh
@@ -10,7 +10,12 @@ config_nextcloud() {
   SPINPID=$!
 
   if [ ! -d "/federated/apps/nextcloud" ]; then
+    mkdir -p /federated/apps/nextcloud/data/root &> /dev/null
+    mkdir -p /federated/apps/nextcloud/data/home &> /dev/null
     mkdir -p /federated/apps/nextcloud/data/var/www/html &> /dev/null
+    mkdir -p /federated/apps/nextcloud/data/var/www/html/custom_apps &> /dev/null
+    mkdir -p /federated/apps/nextcloud/data/var/www/config &> /dev/null
+    mkdir -p /federated/apps/nextcloud/data/var/www/data &> /dev/null
   fi
 
   DOMAIN_ARRAY=(${DOMAIN//./ })
@@ -27,21 +32,25 @@ services:
     hostname: nextcloud.$DOMAIN
     domainname: $DOMAIN
     restart: always
-    build:
-      context: .
-      dockerfile: Dockerfile
+#    working_dir: /var/www/html
     networks:
       federated:
         ipv4_address: 172.99.0.16
     extra_hosts:
       - "collabora.$DOMAIN:$EXTERNALIP"
     volumes:
+      - ./data/root:/root
+      - ./data/home:/home
       - ./data/var/www/html:/var/www/html
+      - ./data/var/www/html/custom_apps:/var/www/html/custom_apps
+      - ./data/var/www/config:/var/www/config
+      - ./data/var/www/data:/var/www/data
     env_file:
       - ./.env
     secrets:
       - federated_psql_password
       - federated_nextcloud_password
+    command: [ "/root/nextcloud.sh" ]
 
 secrets:
   federated_psql_password:
@@ -53,12 +62,13 @@ networks:
     external: true
 EOF
 
-cp /federated/apps/postgresql/.postgresql.secret /federated/apps/nextcloud/
+echo "$NEXTCLOUD_SECRET" > /federated/apps/nextcloud/.postgresql.secret
 echo "$ADMINPASS" > /federated/apps/nextcloud/.nextcloud.secret
 chmod 600 /federated/apps/nextcloud/.postgresql.secret /federated/apps/nextcloud/.nextcloud.secret
 
 cat > /federated/apps/nextcloud/.env <<EOF
 IMAGE_VERSION="25.0.3"
+NEXTCLOUD_UPDATE=1
 VIRTUAL_PROTO=http
 VIRTUAL_PORT=80
 VIRTUAL_HOST=nextcloud.$DOMAIN
@@ -73,7 +83,7 @@ POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
 EOF
 chmod 600 /federated/apps/nextcloud/.env
 
-cat > /federated/apps/nextcloud/supervisord.conf <<EOF
+cat > /federated/apps/nextcloud/data/root/supervisord.conf <<'EOF'
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@@ -98,26 +108,35 @@ stderr_logfile_maxbytes=0
 command=service ssh start
 EOF
 
-cat > /federated/apps/nextcloud/Dockerfile <<EOF
-FROM nextcloud:latest
+cat > /federated/apps/nextcloud/data/root/nextcloud.sh <<'EOF'
+#!/bin/sh -x
 
-RUN apt update -y && apt-get install ssh -y \ 
-&& apt-get install python3 -y && apt-get install sudo -y
-RUN echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
-&& useradd -m ansible -s /bin/bash \
-&& sudo -u ansible mkdir /home/ansible/.ssh \
-&& mkdir -p /var/run/sshd
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-RUN apt-get install -y supervisor \
+if [ ! -e /root/.init ]; then
+  echo "First start and initialization"
+  apt update -y && apt-get install ssh -y
+  apt-get install python3 -y && apt-get install sudo -y
+
+  echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers \
+  && useradd -m ansible -s /bin/bash \
+  && sudo -u ansible mkdir /home/ansible/.ssh \
+  && mkdir -p /var/run/sshd
+
+  apt-get install -y supervisor \
   && rm -rf /var/lib/apt/lists/* \
   && mkdir /var/log/supervisord /var/run/supervisord
 
-COPY supervisord.conf /
-
-ENV NEXTCLOUD_UPDATE=1
-
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+  touch /root/.init
+  export NEXTCLOUD_UPDATE=1
+  /usr/bin/supervisord -c /root/supervisord.conf
+else
+  echo "Already Initialized, running supervisord"
+  export NEXTCLOUD_UPDATE=1
+  /usr/bin/supervisord -c /root/supervisord.conf
+fi
 EOF
+chmod +x /federated/apps/nextcloud/data/root/nextcloud.sh
 
 cat > /federated/apps/nextcloud/data/configs.json <<EOF
 {
@@ -189,121 +208,94 @@ cat > /federated/apps/nextcloud/data/configs.json <<EOF
 }
 EOF
 
-cat > /federated/apps/nextcloud/data/nextcloud.sh <<EOF
+cat > /federated/apps/nextcloud/data/config.sh <<EOF
 #!/bin/sh
 
 PATH=/var/www/html:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/sbin:/bin
 
-./occ app:enable user_ldap
-./occ ldap:create-empty-config
-./occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
-./occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
-./occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
-./occ ldap:set-config s01 ldapEmailAttribute mail
-./occ ldap:set-config s01 ldapGidNumber gidNumber
-./occ ldap:set-config s01 ldapGroupDisplayName cn
-./occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
-./occ ldap:set-config s01 ldapGroupFilterMode 0
-./occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
-./occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
-./occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
-./occ ldap:set-config s01 ldapLoginFilterEmail 0
-./occ ldap:set-config s01 ldapLoginFilterMode 0
-./occ ldap:set-config s01 ldapLoginFilterUsername 1
-./occ ldap:set-config s01 ldapLoginFilterEmail 0
-./occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
-./occ ldap:set-config s01 ldapNestedGroups 0
-./occ ldap:set-config s01 ldapPagingSize 500 
-./occ ldap:set-config s01 ldapPort 636
-./occ ldap:set-config s01 ldapTLS 1 
-./occ ldap:set-config s01 ldapUserAvatarRule default
-./occ ldap:set-config s01 ldapUserDisplayName cn
-./occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
-./occ ldap:set-config s01 ldapUserFilterMode 0 
-./occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
-./occ ldap:set-config s01 ldapUuidGroupAttribute auto
-./occ ldap:set-config s01 ldapUuidUserAttribute auto 
-./occ ldap:set-config s01 turnOffCertCheck 0 
-./occ ldap:set-config s01 turnOnPasswordChange 0 
-./occ ldap:set-config s01 useMemberOfToDetectMembership 1 
-./occ ldap:set-config s01 ldapConfigurationActive 1 
-./occ ldap:set-config s01 ldap_expert_username_attr uid
-./occ ldap:set-config s01 ldap_display_name givenName
-./occ config:system:set overwriteprotocol --value=https
-./occ config:system:set default_phone_region --value="$COUNTRY"
-./occ config:system:delete trusted_domains
-./occ config:system:set trusted_domains 1 --value=*
-ADMINUUID=\`./occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
-./occ group:adduser admin \$ADMINUUID
-./occ user:delete nextcloud
-./occ app:enable mail
-./occ app:enable calendar
-./occ app:enable contacts
-./occ app:enable notes
-./occ app:enable deck
-./occ app:enable tasks
-./occ app:enable bookmarks
-./occ app:enable forms
-./occ app:enable spreed
-./occ app:enable side_menu
-./occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
-./occ app:enable richdocuments
-./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
-./occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
-./occ config:app:set --value ooxml richdocuments doc_format
-./occ config:app:set --value "" richdocuments disable_certificate_verification
-./occ config:import configs.json
+/var/www/html/occ app:enable user_ldap
+/var/www/html/occ ldap:create-empty-config
+/var/www/html/occ ldap:set-config s01 ldapHost 'ldaps://ldap.$DOMAIN'
+/var/www/html/occ ldap:set-config s01 ldapAgentName cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapAgentPassword $LDAP_SECRET
+/var/www/html/occ ldap:set-config s01 ldapBase ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBaseGroups ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
+/var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
+/var/www/html/occ ldap:set-config s01 ldapGidNumber gidNumber
+/var/www/html/occ ldap:set-config s01 ldapGroupDisplayName cn
+/var/www/html/occ ldap:set-config s01 ldapGroupFilter '(&(|(objectclass=inetOrgPerson)))'
+/var/www/html/occ ldap:set-config s01 ldapGroupFilterMode 0
+/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass inetOrgPerson
+/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr gidNumber
+/var/www/html/occ ldap:set-config s01 ldapLoginFilter '(&(|(objectclass=inetOrgPerson))(mail=%uid))'
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterMode 0
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterUsername 1
+/var/www/html/occ ldap:set-config s01 ldapLoginFilterEmail 0
+/var/www/html/occ ldap:set-config s01 ldapMatchingRuleInChainState unknown
+/var/www/html/occ ldap:set-config s01 ldapNestedGroups 0
+/var/www/html/occ ldap:set-config s01 ldapPagingSize 500 
+/var/www/html/occ ldap:set-config s01 ldapPort 636
+/var/www/html/occ ldap:set-config s01 ldapTLS 1 
+/var/www/html/occ ldap:set-config s01 ldapUserAvatarRule default
+/var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
+/var/www/html/occ ldap:set-config s01 ldapUserFilter '(|(objectclass=inetOrgPerson))'
+/var/www/html/occ ldap:set-config s01 ldapUserFilterMode 0 
+/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass inetOrgPerson
+/var/www/html/occ ldap:set-config s01 ldapUuidGroupAttribute auto
+/var/www/html/occ ldap:set-config s01 ldapUuidUserAttribute auto 
+/var/www/html/occ ldap:set-config s01 turnOffCertCheck 0 
+/var/www/html/occ ldap:set-config s01 turnOnPasswordChange 0 
+/var/www/html/occ ldap:set-config s01 useMemberOfToDetectMembership 1 
+/var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1 
+/var/www/html/occ ldap:set-config s01 ldap_expert_username_attr uid
+/var/www/html/occ ldap:set-config s01 ldap_display_name givenName
+/var/www/html/occ config:system:set overwriteprotocol --value=https
+/var/www/html/occ config:system:set default_phone_region --value="$COUNTRY"
+/var/www/html/occ config:system:delete trusted_domains
+/var/www/html/occ config:system:set trusted_domains 1 --value=*
+ADMINUUID=\`./var/www/html/occ user:list | grep admin | awk '{ print \$2 }' | awk -F: '{ print \$1 }'\`
+/var/www/html/occ group:adduser admin \$ADMINUUID
+/var/www/html/occ user:delete nextcloud
+/var/www/html/occ app:enable mail
+/var/www/html/occ app:enable calendar
+/var/www/html/occ app:enable contacts
+/var/www/html/occ app:enable notes
+/var/www/html/occ app:enable deck
+/var/www/html/occ app:enable tasks
+/var/www/html/occ app:enable bookmarks
+/var/www/html/occ app:enable forms
+/var/www/html/occ app:enable spreed
+/var/www/html/occ app:enable side_menu
+/var/www/html/occ mail:account:create \$ADMINUUID admin admin@$DOMAIN mail.$DOMAIN 993 ssl admin@$DOMAIN $ADMINPASS mail.$DOMAIN 465 ssl admin@$DOMAIN $ADMINPASS password
+/var/www/html/occ app:enable richdocuments
+/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments public_wopi_url
+/var/www/html/occ config:app:set --value https:\/\/collabora.$DOMAIN richdocuments wopi_url
+/var/www/html/occ config:app:set --value ooxml richdocuments doc_format
+/var/www/html/occ config:app:set --value "" richdocuments disable_certificate_verification
+/var/www/html/occ config:import configs.json
 EOF
 
-chmod +x /federated/apps/nextcloud/data/nextcloud.sh
+chmod +x /federated/apps/nextcloud/data/config.sh
 
   kill -9 $SPINPID &> /dev/null
   echo -ne "done."
 }
 
 start_nextcloud() {
-  echo -ne "\n* Starting /federated/apps/nextcloud service.."
-  spin &
-  SPINPID=$!
+  # Start service with command to make sure it's up before proceeding
+  start_service "nextcloud" "nc -z 172.99.0.16 80 &> /dev/null"
 
-  if [ $DEBUG ]; then
-    # Start /federated/apps/nextcloud with output to console for debug
-    docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build
-    [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/nextcloud"
-  else
-    docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud up --build -d &> /dev/null
+  # Move config.sh and sidemenu config, set config.sh executable
+  mv /federated/apps/nextcloud/data/config.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
+  docker exec -it nextcloud chown www-data:root /var/www/html/config.sh /var/www/html/configs.json
+  docker exec -it nextcloud chmod 755 /var/www/html/config.sh
+  [ $? -ne 0 ] && fail "Couldn't chown config.sh in /federated/apps/nextcloud container"
 
-    # Keep trying nextcloud port 80 to make sure it's up
-    # before we proceed
-    RETRY="35"
-    while [ $RETRY -gt 0 ]; do
-      nc -z 172.99.0.16 80 &> /dev/null
-      if [ $? -eq 0 ]; then
-        break
-      else
-        if [ "$RETRY" == 1 ]; then
-          docker-compose -f /federated/apps/nextcloud/docker-compose.yml -p nextcloud down &> /dev/null
-          kill -9 $SPINPID &> /dev/null
-          fail "There was a problem starting service /federated/apps/nextcloud\nCheck the output of 'docker logs nextcloud' or turn on\ndebug with -d"
-        fi
-        ((RETRY--))
-        sleep 7
-      fi
-    done
-  fi
-
-  # Move nextcloud.sh and sidemenu config, set nextcloud.sh executable
-  mv /federated/apps/nextcloud/data/nextcloud.sh /federated/apps/nextcloud/data/configs.json /federated/apps/nextcloud/data/var/www/html/
-  docker exec -it nextcloud chown www-data:root /var/www/html/nextcloud.sh /var/www/html/configs.json
-  docker exec -it nextcloud chmod 755 /var/www/html/nextcloud.sh
-  [ $? -ne 0 ] && fail "Couldn't chown nextcloud.sh in /federated/apps/nextcloud container"
-
-  # Run nextcloud.sh - Setup LDAP, configuration for nextcloud
-  docker exec -it -u 33 nextcloud /var/www/html/nextcloud.sh &> /dev/null
-  [ $? -ne 0 ] && fail "Couldn't run nextcloud.sh inside /federated/apps/nextcloud container"
+  # Run config.sh - Setup LDAP, configuration for nextcloud
+  docker exec -it -u 33 nextcloud /var/www/html/config.sh &> /dev/null
+  [ $? -ne 0 ] && fail "Couldn't run config.sh inside /federated/apps/nextcloud container"
 
   kill -9 $SPINPID &> /dev/null
   echo -ne "done."
diff --git a/lib/postgresql.sh b/lib/postgresql.sh
index 0e51424..7ca244f 100644
--- a/lib/postgresql.sh
+++ b/lib/postgresql.sh
@@ -48,7 +48,7 @@ services:
       -c ssl_cert_file=/var/lib/postgresql/server.crt
       -c ssl_key_file=/var/lib/postgresql/server.key
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U nextcloud"]
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
       interval: 10s
       timeout: 5s
       retries: 5
@@ -63,8 +63,8 @@ EOF
 
 cat > /federated/apps/postgresql/.env <<EOF
 IMAGE_VERSION="14"
-POSTGRES_DB=nextcloud
-POSTGRES_USER=nextcloud
+POSTGRES_DB=postgres
+POSTGRES_USER=postgres
 POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
 POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
 EOF
@@ -73,6 +73,7 @@ chmod 600 /federated/apps/postgresql/.env
 PSQL_SECRET=$(create_password);
 echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
 chmod 600 /federated/apps/postgresql/.postgresql.secret
+NEXTCLOUD_SECRET=$(create_password);
 VAULTWARDEN_SECRET=$(create_password);
 LISTMONK_SECRET=$(create_password);
 MATRIX_SECRET=$(create_password);
@@ -81,6 +82,9 @@ CALCOM_SECRET=$(create_password);
 
 # cat postgresql/data/docker-entrypoint-initdb.d/init.sql
 cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
+CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
+CREATE DATABASE nextcloud;
+GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
 CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
 CREATE DATABASE vaultwarden;
 GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
@@ -101,38 +105,9 @@ EOF
 kill -9 $SPINPID &> /dev/null
 echo -ne "done."
 }
-
 start_postgresql() {
-  # Start /federated/apps/postgresql with output to /dev/null
-  echo -ne "\n* Starting /federated/apps/postgresql service.."
-  spin &
-  SPINPID=$!
-
-  if [ $DEBUG ]; then
-    # Start /federated/apps/postgresql with output to console for debug
-    docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql up
-    [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/postgresql"
-  else
-    docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql up -d &> /dev/null
-
-    # Keep trying postgresql port 5432 to make sure it's up
-    # before we proceed
-    RETRY="30"
-    while [ $RETRY -gt 0 ]; do
-      nc -z 172.99.0.11 5432 &> /dev/null
-      if [ $? -eq 0 ]; then
-        break
-      else
-        if [ "$RETRY" == 1 ]; then
-          docker-compose -f /federated/apps/postgresql/docker-compose.yml -p postgresql down &> /dev/null
-          kill -9 $SPINPID &> /dev/null
-          fail "There was a problem starting service /federated/apps/postgresql\nCheck the output of 'docker logs postgresql' or turn on\ndebug with -d"
-        fi
-        ((RETRY--))
-        sleep 7
-      fi
-    done
-  fi
+  # Start service with command to make sure it's up before proceeding
+  start_service "postgresql" "nc -z 172.99.0.11 5432 &> /dev/null"
 
   kill -9 $SPINPID &> /dev/null
   echo -ne "done."