diff --git a/debian/Containerfile b/debian/Containerfile
index ada1f7c..f44ad47 100644
--- a/debian/Containerfile
+++ b/debian/Containerfile
@@ -24,7 +24,7 @@ RUN rm /etc/localtime && \
 
 # Install packages
 RUN apt update -y && \
-    apt upgrade -y && \
+    apt full-upgrade -y && \
     apt install -y init sudo wget nano less man-db unzip rsync procps software-properties-common && \
     apt autoremove -y --purge && \
     apt clean -y
diff --git a/gitea/Containerfile b/gitea/Containerfile
index 270c223..105447b 100644
--- a/gitea/Containerfile
+++ b/gitea/Containerfile
@@ -1,7 +1,7 @@
 ###
 ### Build Variables
 ###
-FROM localhost/debian:latest
+FROM localhost/debian
 
 # deploy options
 # -p (port) and -v (volume) both go host:container
@@ -28,7 +28,7 @@ ENV DBNAME=gitea
 ###
 
 # install packages we want
-RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server
+RUN apt update -y && apt install -y postgresql postgresql-doc git openssh-server cron
 
 # create directories for volumes
 RUN mkdir -p /vol/git /vol/data /vol/log /vol/keys
@@ -75,39 +75,53 @@ RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf
 ### Gitea
 ###
 
-# Install templating engine
-RUN wget https://raw.githubusercontent.com/jirutka/esh/master/esh && \
-    chmod +x esh && \
-    mkdir -p /usr/local/lib/esh && \
-    mv esh /usr/local/lib/esh
-
 # dowload gitea
-RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \
+RUN wget --progress=dot:giga https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \
     mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \
     chmod +x /usr/local/bin/gitea
 
 # make directories gitea needs
-RUN mkdir -p /var/lib/gitea/data/ /var/log/gitea /etc/gitea && \
+RUN mkdir -p /vol/data/gitea /var/log/gitea /etc/gitea && \
     chown -R gitea:gitea /var/lib/gitea /var/log/gitea && \
-    chmod -R 750 /var/lib/gitea /var/log/gitea && \
+    chmod -R 750 /var/lib/gitea /var/log/gitea /vol/data/gitea && \
     ln -s /var/log/gitea /var/lib/gitea/log && \
-    ln -s /vol/data/custom /var/lib/gitea/custom
+    ln -s /vol/data/custom /var/lib/gitea/custom && \
+    ln -s /vol/data/gitea /var/lib/gitea/data
 
-# template config file
-COPY assets/app.ini.esh.esh /etc/gitea/
-RUN cd /etc/gitea && \
-    esh app.ini.esh.esh && \
-    rm app.ini.esh.esh && \
-    chmod -R +r /etc/gitea
+# copy config file
+COPY assets/app.config.ini /etc/gitea/
 
+# copy gitea service
 COPY assets/gitea.service /etc/systemd/system/
 
 # make alias for running admin commands from command line easily
 RUN echo "alias gitea='sudo -u gitea gitea --config /etc/gitea/app.ini'" >> /root/.bashrc
 
+###
+### Data
+###
+
+WORKDIR /vol/data
+
+# copy config files
+COPY data/ /vol/data/
+# template secrets file to generate secrets
+RUN eval "echo \"$(cat app.secret.ini)\"" > app.secret.ini
+
+###
+### DB Auto Load/Dump
+###
+
+# copy service
+COPY assets/db-updown.service /etc/systemd/system/
+
+# enable service
+RUN systemctl enable db-updown.service
+
 ###
 ### Crontab
 ###
+
 COPY assets/crontab /root/
 RUN crontab -u gitea /root/crontab
 
@@ -116,5 +130,5 @@ RUN crontab -u gitea /root/crontab
 ###
 
 # bugfix for cron
-COPY bugfix/cronfix /root/
+COPY assets/bugfix/cronfix /root/
 RUN chmod +x /root/cronfix && /root/cronfix
diff --git a/gitea/assets/app.ini.esh.esh b/gitea/assets/app.config.ini
similarity index 72%
rename from gitea/assets/app.ini.esh.esh
rename to gitea/assets/app.config.ini
index 27c764c..1a602f7 100644
--- a/gitea/assets/app.ini.esh.esh
+++ b/gitea/assets/app.config.ini
@@ -1,15 +1,8 @@
-<%% . /vol/data/hostvars -%>
-APP_NAME = <%%= $pagename %>
+[DEFAULT]
 RUN_USER = gitea
 RUN_MODE = prod
 
-[oauth2]
-JWT_SECRET = <%= $(gitea generate secret JWT_SECRET) %>
-
 [security]
-INTERNAL_TOKEN = <%= $(gitea generate secret INTERNAL_TOKEN) %>
-INSTALL_LOCK   = true
-SECRET_KEY     = <%= $(gitea generate secret SECRET_KEY) %>
 ; disable password complexity checks
 PASSWORD_COMPLEXITY = off
 
@@ -27,16 +20,11 @@ PATH     = /var/lib/gitea/data/gitea.db
 ROOT = /vol/git/repos
 
 [server]
-DOMAIN           = <%% $domain %>
-ROOT_URL         = https://<%% $domain %>/
-HTTP_PORT        = 80
 START_SSH_SERVER = false
-SSH_PORT         = <%% $sshport %%>
 SSH_CREATE_AUTHORIZED_KEYS_FILE = true
 SSH_AUTHORIZED_KEYS_BACKUP = false
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = /vol/git/lfs
-LFS_JWT_SECRET   = <%= $(gitea generate secret JWT_SECRET) %>
 OFFLINE_MODE     = true
 
 [mailer]
diff --git a/gitea/bugfix/cronfix b/gitea/assets/bugfix/cronfix
similarity index 100%
rename from gitea/bugfix/cronfix
rename to gitea/assets/bugfix/cronfix
diff --git a/gitea/assets/db-updown.service b/gitea/assets/db-updown.service
new file mode 100644
index 0000000..5fa7215
--- /dev/null
+++ b/gitea/assets/db-updown.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Load/Dump database on start/stop
+After=postgresql.service
+Requires=postgresql.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/environment
+ExecStart=/bin/bash -c "db-load /vol/data/sql/$DBNAME-updown.sql"
+ExecStop=/bin/bash -c "db-dump /vol/data/sql/$DBNAME-updown.sql"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gitea/assets/gitea.service b/gitea/assets/gitea.service
index 6780d43..b2fec2e 100644
--- a/gitea/assets/gitea.service
+++ b/gitea/assets/gitea.service
@@ -2,7 +2,8 @@
 Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
-Requires=postgresql.service
+After=postgresql.service
+Wants=postgresql.service
 
 [Service]
 # Modify these two values and uncomment them if you have
@@ -16,20 +17,14 @@ Type=simple
 User=gitea
 Group=gitea
 WorkingDirectory=/var/lib/gitea/
-# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
-# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
-#RuntimeDirectory=gitea
-ExecStartPre=/usr/local/bin/esh /etc/gitea/app.ini.esh
-ExecStartPre=/usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys
+PermissionsStartOnly=true
+ExecStartPre=/bin/bash -c "cat /vol/data/app.host.ini /vol/data/app.secret.ini /etc/gitea/app.config.ini > /etc/gitea/app.ini"
+ExecStartPre=/bin/bash -c "sudo -u gitea /usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys"
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
 Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
-# If you want to bind Gitea to a port below 1024, uncomment
-# the two values below, or use socket activation to pass Gitea its ports as above
-###
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-###
 
 [Install]
 WantedBy=multi-user.target
diff --git a/gitea/data/app.host.ini b/gitea/data/app.host.ini
new file mode 100644
index 0000000..37ba62a
--- /dev/null
+++ b/gitea/data/app.host.ini
@@ -0,0 +1,8 @@
+[DEFAULT]
+APP_NAME = My Title Page Name
+
+[server]
+DOMAIN           = git.example.com
+ROOT_URL         = https://git.example.com/
+HTTP_PORT        = 80
+SSH_PORT         = 22
diff --git a/gitea/data/app.secret.ini b/gitea/data/app.secret.ini
new file mode 100644
index 0000000..b4fc202
--- /dev/null
+++ b/gitea/data/app.secret.ini
@@ -0,0 +1,10 @@
+[oauth2]
+JWT_SECRET = $(gitea generate secret JWT_SECRET)
+
+[security]
+INTERNAL_TOKEN = $(gitea generate secret INTERNAL_TOKEN)
+SECRET_KEY     = $(gitea generate secret SECRET_KEY)
+INSTALL_LOCK   = true
+
+[server]
+LFS_JWT_SECRET   = $(gitea generate secret JWT_SECRET)