diff --git a/.gitignore b/.gitignore
index f5e2f12..e75fdbd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,8 +46,13 @@ env/
 .continue/
 
 # Docker data volumes (NEVER commit these - contain private data!)
-matrix/data/
+# Matrix - allow config files but exclude sensitive data
+matrix/data/*.db*
+matrix/data/media_store/
+matrix/data/.DS_Store
 matrix/*.signing.key
+# Matrix config files (homeserver.yaml, *.log.config) are NOT ignored and will be tracked
+
 ollama/
 open-webui/
 data/uploads/
@@ -75,7 +80,8 @@ backups/
 # Logs
 *.log
 logs/
-*.log.*
+# Matrix log config is NOT a log file, allow it
+!matrix/data/*.log.config
 
 # OS specific
 .DS_Store
diff --git a/docker-compose.yml b/docker-compose.yml
index f37d89f..dcea9b0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,8 +27,8 @@ services:
         condition: service_started
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
-      - "description=Studio EinsZwoVier PDF Cost Calculator"
-      - "maintainer=Studio EinsZwoVier"
+      - "description=studio einszwovier PDF Cost Calculator"
+      - "maintainer=studio einszwovier"
 
   synapse:
     image: matrixdotorg/synapse:latest
@@ -44,8 +44,7 @@ services:
     cpus: 2.0
     mem_reservation: 512m
     healthcheck:
-      test:
-        ["CMD-SHELL", "curl -f http://localhost:8008/_matrix/static/ || exit 1"]
+      test: ["CMD-SHELL", "curl -f http://localhost:8008/health || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -53,7 +52,7 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=Matrix homeserver for print orders"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   ollama:
     image: ollama/ollama:latest
@@ -75,7 +74,7 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=Local LLM inference engine"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   open-webui:
     image: ghcr.io/open-webui/open-webui:latest
@@ -102,16 +101,22 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=Web UI for Ollama LLM"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   bookstack:
     image: lscr.io/linuxserver/bookstack:latest
     container_name: bookstack
     environment:
-      - MYSQL_ROOT_PASSWORD=${BOOKSTACK_DB_PASSWORD}
-      - MYSQL_DATABASE=${BOOKSTACK_DB_DATABASE}
-      - MYSQL_USER=${BOOKSTACK_DB_USERNAME}
-      - MYSQL_PASSWORD=${BOOKSTACK_DB_PASSWORD}
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - APP_KEY=${BOOKSTACK_APP_KEY}
+      - APP_URL=${BOOKSTACK_APP_URL}
+      - DB_HOST=bookstack-mariadb
+      - DB_PORT=3306
+      - DB_DATABASE=${BOOKSTACK_DB_DATABASE}
+      - DB_USERNAME=${BOOKSTACK_DB_USERNAME}
+      - DB_PASSWORD=${BOOKSTACK_DB_PASSWORD}
     volumes:
       - ./bookstack/bookstack_app_data:/config
     ports:
@@ -121,11 +126,7 @@ services:
       bookstack-mariadb:
         condition: service_healthy
     healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "mariadb -u${BOOKSTACK_DB_USERNAME} -p${BOOKSTACK_DB_PASSWORD} -e 'SELECT 1' || exit 1",
-        ]
+      test: ["CMD-SHELL", "curl -f http://localhost:80 || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 3
@@ -133,7 +134,7 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=BookStack Documentation Wiki"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   bookstack-mariadb:
     image: lscr.io/linuxserver/mariadb:latest
@@ -164,7 +165,7 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=MariaDB Database for BookStack"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   watchtower:
     image: containrrr/watchtower:latest
@@ -185,7 +186,7 @@ services:
       retries: 3
     labels:
       - "description=Watchtower Auto-Update Service"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   portainer:
     image: portainer/portainer-ce:latest
@@ -209,7 +210,7 @@ services:
       start_period: 30s
     labels:
       - "description=Portainer Container Management UI"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   jupyterhub:
     build: ./jupyterhub
@@ -231,10 +232,20 @@ services:
     cpus: 1.0
     depends_on:
       - web
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "curl -f http://localhost:8001/hub/health || curl -f http://localhost:8001/hub/ || exit 1",
+        ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=JupyterHub for interactive notebooks"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   forgejo:
     image: codeberg.org/forgejo/forgejo:11
@@ -262,7 +273,7 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "description=Forgejo Git Server"
-      - "maintainer=Studio EinsZwoVier"
+      - "maintainer=studio einszwovier"
 
   element-web:
     image: vectorim/element-web:latest
@@ -299,5 +310,5 @@ networks:
   default:
     name: einszwovier_network
     labels:
-      - "description=Studio EinsZwoVier network"
-      - "maintainer=Studio EinsZwoVier"
+      - "description=studio einszwovier network"
+      - "maintainer=studio einszwovier"
diff --git a/matrix/data/homeserver.yaml b/matrix/data/homeserver.yaml
new file mode 100644
index 0000000..f614703
--- /dev/null
+++ b/matrix/data/homeserver.yaml
@@ -0,0 +1,30 @@
+# Configuration file for Synapse.
+
+server_name: "einszwovier.local"
+pid_file: /data/homeserver.pid
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+database:
+  name: sqlite3
+  args:
+    database: /data/homeserver.db
+
+# Connection and performance settings
+max_upload_size: 50M
+url_preview_enabled: false
+
+log_config: "/data/localhost.log.config"
+media_store_path: /data/media_store
+registration_shared_secret: "D2mw3LqNKe98ga-pYO1l5KbXf^jgx&s5yjq&ipAGjln:AzLag8"
+report_stats: false
+macaroon_secret_key: "T26aaiHWLHbm+P6fi_8:VXTIn0W_kHH__CQAdhPyaLhBe~OG*_"
+form_secret: "k,C38Dw^6b8Y+9-cSQpLb@GPoS*1POr8GDWXsLMKLHEU2+&q-@"
+signing_key_path: "/data/localhost.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
diff --git a/matrix/data/localhost.log.config b/matrix/data/localhost.log.config
new file mode 100644
index 0000000..832f0fa
--- /dev/null
+++ b/matrix/data/localhost.log.config
@@ -0,0 +1,39 @@
+version: 1
+
+formatters:
+  precise:
+    
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+    
+
+handlers:
+
+
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    # This is just here so we can leave `loggers` in the config regardless of whether
+    # we configure other loggers below (avoid empty yaml dict error).
+    _placeholder:
+        level: "INFO"
+
+    
+    
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+    
+
+    
+
+root:
+    level: INFO
+
+
+    handlers: [console]
+
+
+disable_existing_loggers: false
\ No newline at end of file