diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
index c235378..f175981 100644
--- a/nextcloud/Containerfile
+++ b/nextcloud/Containerfile
@@ -6,7 +6,6 @@ FROM localhost/debian
 # deploy options
 # -p (port) and -v (volume) both go host:container
 LABEL config_default="\
---cap-add=sys_admin --security-opt apparmor=unconfined \
 -p 9080:80 \
 -v /srv/vol/nextcloud/files:/vol/files \
 -v /srv/vol/nextcloud/data:/vol/data"
@@ -46,7 +45,7 @@ COPY assets/bin/ /usr/local/bin/
 # make sure volume dirs exist, and copy sample data
 RUN mkdir -p /vol/data /vol/files
 
-COPY --chown=www-data:www-data assets/data/ /vol/data/
+COPY --chown=www-data:www-data data/ /vol/data/
 
 ###
 ### PHP
@@ -105,13 +104,25 @@ RUN wget https://download.nextcloud.com/server/releases/latest.zip && \
     rm latest.zip
 
 # create data dir for nextcloud
-RUN mkdir -p /srv/nextcloud/data && \
-    chown -R www-data:www-data /srv/nextcloud
+RUN mkdir -p /vol/files && \
+    chown -R www-data:www-data /vol/files
 
 # copy nextcloud config
 COPY --chown=www-data:www-data assets/config/ nextcloud/config/
-# make link to host config
-RUN ln -s /vol/data/host.config.php nextcloud/config/host.config.php
+# make link to host config & secret config
+RUN cd nextcloud/config && \
+    ln -s /vol/data/host.config.php && \
+    ln -s /vol/data/secret.config.php
+
+###
+### DB Auto Load/Dump
+###
+
+# copy nextcloud db service
+COPY assets/nextcloud-db.service /etc/systemd/system/
+
+# enable service
+RUN systemctl enable nextcloud-db.service
 
 ###
 ### Crontab
@@ -132,3 +143,9 @@ COPY assets/bugfix/apache2.override /etc/systemd/system/apache2.service.d/overri
 # bugfix for cron
 COPY assets/bugfix/cronfix /root/
 RUN chmod +x /root/cronfix && /root/cronfix
+
+###
+### Workdir
+###
+
+WORKDIR /vol/data
diff --git a/nextcloud/Systemdfile b/nextcloud/Systemdfile
index d4372d3..70104c6 100644
--- a/nextcloud/Systemdfile
+++ b/nextcloud/Systemdfile
@@ -10,7 +10,7 @@ sleep 5
 db-make
 
 # install nextcloud
-nc-occ maintenance:install --data-dir "/srv/nextcloud/data/" --database "pgsql" --database-host "/var/run/postgresql" --database-name "$DBNAME" --database-user "$DBUSER" --database-pass "" --admin-user "admin" --admin-pass "admin"
+nc-occ maintenance:install --data-dir "/vol/files" --database "pgsql" --database-host "/var/run/postgresql" --database-name "$DBNAME" --database-user "$DBUSER" --database-pass "" --admin-user "admin" --admin-pass "admin"
 
 # do post-installation steps
 nc-occ maintenance:update:htaccess
diff --git a/nextcloud/assets/bin/db-make b/nextcloud/assets/bin/db-make
index 6491b52..7a230d6 100755
--- a/nextcloud/assets/bin/db-make
+++ b/nextcloud/assets/bin/db-make
@@ -5,8 +5,8 @@ cmd() {
 }
 
 cd /var/lib/postgresql
-cmd "DROP DATABASE IF EXISTS $DBNAME;"
-cmd "DROP USER IF EXISTS $DBUSER;"
-cmd "CREATE USER $DBUSER;"
-cmd "CREATE DATABASE $DBNAME;"
-cmd "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;"
+cmd "DROP DATABASE IF EXISTS ${DBNAME:?};"
+cmd "DROP USER IF EXISTS ${DBUSER:?};"
+cmd "CREATE USER ${DBUSER:?};"
+cmd "CREATE DATABASE ${DBNAME:?};"
+cmd "GRANT ALL PRIVILEGES ON DATABASE ${DBNAME:?} TO ${DBUSER:?};"
diff --git a/nextcloud/assets/bin/nc-adduser b/nextcloud/assets/bin/nc-adduser
deleted file mode 100755
index a3188c7..0000000
--- a/nextcloud/assets/bin/nc-adduser
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-if [[ -z $1 ]]; then
-        echo "Usage: $0 username"
-        exit 2
-fi
-
-set -e
-
-nc-occ user:add "$1"
-
-mkdir -p /vol/files/"$1"
-chown www-data:www-data /vol/files/"$1"
-
-nc-mntuser "$1"
diff --git a/nextcloud/assets/bin/nc-mntuser b/nextcloud/assets/bin/nc-mntuser
deleted file mode 100755
index 8e1f8cb..0000000
--- a/nextcloud/assets/bin/nc-mntuser
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-if [[ -z $1 ]]; then
-        echo "Usage: $0 user"
-        exit 2
-fi
-user=$1
-
-intdir=/srv/nextcloud/data
-extdir=/vol/files
-
-set -e
-
-nc-occ maintenance:mode --on
-
-mkdir -p $intdir/$user/files
-chown -R www-data:www-data $intdir/$user
-line="$extdir/$user $intdir/$user/files none defaults,bind,nofail 0 0"
-if ! grep -q "$line" /etc/fstab ; then
-    echo "$line" >> /etc/fstab
-fi
-mount -a
-
-nc-occ maintenance:mode --off
diff --git a/nextcloud/assets/nextcloud-db.service b/nextcloud/assets/nextcloud-db.service
new file mode 100644
index 0000000..b64183d
--- /dev/null
+++ b/nextcloud/assets/nextcloud-db.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Load/Dump database on start/stop
+After=postgresql.service
+Requires=postgresql.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/etc/environment
+ExecStart=/usr/local/bin/db-load /vol/data/sql/nextcloud-updown.sql
+ExecStop=/usr/local/bin/db-dump /vol/data/sql/nextcloud-updown.sql
+
+[Install]
+WantedBy=multi-user.target
diff --git a/nextcloud/assets/data/host.config.php b/nextcloud/data/host.config.php
similarity index 100%
rename from nextcloud/assets/data/host.config.php
rename to nextcloud/data/host.config.php
diff --git a/nextcloud/data/secret.config.php b/nextcloud/data/secret.config.php
new file mode 100644
index 0000000..c470173
--- /dev/null
+++ b/nextcloud/data/secret.config.php
@@ -0,0 +1,10 @@
+<?php
+$CONFIG = array(
+/** After your first install, place the auto-generated values for these parameters here
+    and uncomment them, so that they persist across re-deploys. */
+/**
+  'passwordsalt' => '',
+  'secret' => '',
+  'instanceid' => '',
+*/
+);
diff --git a/nextcloud/startup/nextcloud b/nextcloud/startup/nextcloud
index 9440871..b8ebba4 100755
--- a/nextcloud/startup/nextcloud
+++ b/nextcloud/startup/nextcloud
@@ -2,5 +2,3 @@
 sysctl vm.overcommit_memory=1
 echo never > /sys/kernel/mm/transparent_hugepage/enabled
 podman start nextcloud
-sleep 5
-podman exec nextcloud /bin/bash -c "mount -a"