diff --git a/Makefile b/Makefile
index 3d3d449..b2ebb15 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ ssh: setup
 setup:
 	$(eval INSTANCE  := $(shell terraform output instance_id | sed -e 's/"//g'))
 	$(eval PUBLIC_IP := $(shell terraform output public_ip   | sed -e 's/"//g'))
+	$(eval BUCKET    := $(shell terraform output bucket      | sed -e 's/"//g'))
 	chmod 600 privkey.pem
 
 ansible: setup
@@ -18,6 +19,7 @@ ansible: setup
 	sed \
 		-e 's/{{INSTANCE}}/$(INSTANCE)/' \
 		-e 's/{{PUBLIC_IP}}/$(PUBLIC_IP)/' \
+		-e 's/{{BUCKET}}/$(BUCKET)/' \
 		inventory.tmpl.ini > inventory.ini
 	ansible-playbook -i inventory.ini --private-key privkey.pem -l nextcloud site.yaml
 
diff --git a/inventory.tmpl.ini b/inventory.tmpl.ini
index 11fb7e6..1e9075d 100644
--- a/inventory.tmpl.ini
+++ b/inventory.tmpl.ini
@@ -1,4 +1,4 @@
 [nextcloud]
-nextcloud ansible_host={{INSTANCE}} ansible_user=ubuntu hostname=nextcloud public_ip={{PUBLIC_IP}}
+nextcloud ansible_host={{INSTANCE}} ansible_user=ubuntu hostname=nextcloud public_ip={{PUBLIC_IP}} bucket={{BUCKET}}
 [nextcloud:vars]
 ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ProxyCommand="sh -c \"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\""
diff --git a/nextcloud.tf b/nextcloud.tf
index 66d2600..e97fa76 100644
--- a/nextcloud.tf
+++ b/nextcloud.tf
@@ -205,5 +205,8 @@ output "public_ip" {
 output "nameservers" {
   value = module.zone.route53_zone_name_servers
 }
+output "bucket" {
+  value = module.s3_bucket.s3_bucket_id
+}
 
 
diff --git a/roles/nextcloud/tasks/main.yaml b/roles/nextcloud/tasks/main.yaml
index c2027fc..d7f3ccb 100644
--- a/roles/nextcloud/tasks/main.yaml
+++ b/roles/nextcloud/tasks/main.yaml
@@ -127,12 +127,32 @@
   args:
     chdir: /srv/nextcloud
 
-- name: restart nextcloud
+- name: restart via docker-compose
   command: docker-compose restart
   args:
     chdir: /srv/nextcloud
   when: nginxconf.changed or certbotnginx.changed
 
+# ---
+
+- name: edit config.php
+  lineinfile:
+    path: /srv/nextcloud/www/config/config.php
+    insertbefore: '^\);'
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - regexp: "  'overwrite.cli.url' => .*"
+      line: "  'overwrite.cli.url' => 'https://cloud.stoopid.club',"
+    - regexp: "  'overwriteprotocol' => .*"
+      line: "  'overwriteprotocol' => 'https',"
+    - regexp: "  'overwritehost' => .*"
+      line: "  'overwritehost' => 'cloud.stoopid.club',"
+  register: configphp
+
+- name: restart nextcloud
+  command: docker restart nextcloud
+  when: configphp.changed
 
 # ---
 
diff --git a/roles/nextcloud/templates/docker-compose.yaml b/roles/nextcloud/templates/docker-compose.yaml
index 1198c17..c0973cc 100644
--- a/roles/nextcloud/templates/docker-compose.yaml
+++ b/roles/nextcloud/templates/docker-compose.yaml
@@ -29,6 +29,8 @@ services:
       - "MYSQL_PASSWORD={{mysql_password}}"
       - "MYSQL_USER={{mysql_user}}"
       - "MYSQL_HOST={{mysql_host}}"
+      - "OBJECTSTORE_S3_BUCKET={{bucket}}"
+      - "OBJECTSTORE_S3_REGION=us-west-2"
       - "TRUSTED_PROXIES=172.0.0.0/8"
       - "NEXTCLOUD_TRUSTED_DOMAINS=cloud.stoopid.club nextcloud"
       - "NEXTCLOUD_UPDATE=1"