diff --git a/roles/nextcloud/tasks/configure.yml b/roles/nextcloud/tasks/configure.yml
index 1928df8..5d5ae4b 100644
--- a/roles/nextcloud/tasks/configure.yml
+++ b/roles/nextcloud/tasks/configure.yml
@@ -4,9 +4,10 @@
   lineinfile:
     path: "{{ nextcloud_dir }}/.user.ini"
     line: '{{ item.type }} {{ item.option }} {{ item.value }}'
-    create: true
     owner: "{{ webserver_user }}"
     group: "{{ webserver_group }}"
+    mode: "0644"
+    create: true
   loop: "{{ nextcloud_user_ini }}"
 
 - name: Install apps
@@ -14,24 +15,21 @@
   become_user: "{{ webserver_user }}"
   command:
     cmd: php occ app:install {{ item }}
+  args:
     chdir: "{{ nextcloud_dir }}"
     creates: "{{ nextcloud_dir }}/apps/{{ item }}"
-  ignore_errors: true
-  with_items: "{{ nextcloud_apps }}"
+  with_items: "{{ nextcloud_occ_install_app }}"
 
 - name: Set configs via occ
   become: true
   become_user: "{{ webserver_user }}"
   command:
     cmd: php occ config:app:set {{ item }}
+  args:
     chdir: "{{ nextcloud_dir }}"
-  loop:
-    - "preview jpeg_quality --value=60"
-    - "previewgenerator squareSizes --value='256 1024'"
-    - "previewgenerator widthSizes --value=2048"
-    - "previewgenerator heightSizes --value=2048"
-    - "files_trashbin background_job_expire_trash --value=no"
-    - "files_versions background_job_expire_versions --value=no"
+  register: nextcloud_occ_config_app_output
+  changed_when: nextcloud_occ_config_app_output.rc != 0
+  loop: "{{ nextcloud_occ_config_app }}"
   when: not nextcloud_dir_stat.stat.exists
 
 - name: Get latest nextcloud_exporter version
@@ -45,15 +43,16 @@
   register: nextcloud_exporter_version
 - name: "{{ nextcloud_exporter_version }}"
   set_fact:
-    nextcloud_exporter_version: "{{ nextcloud_exporter_version | replace ('v', '', 1) | trim }}"
+    nextcloud_exporter_version: "{{ nextcloud_exporter_version | replace('v', '', 1) | trim }}"
   run_once: true
 
-- name: Download nextcloud_exporter {{ nextcloud_exporter_version.tag }} from GitHub
+- name: "Download nextcloud_exporter from GitHub (v{{ nextcloud_exporter_version.tag }})"
   get_url:
     url: "https://github.com/xperimental/nextcloud-exporter/releases/download/\
           v{{ nextcloud_exporter_version.tag }}/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}\
           -{{ deb_architecture }}.bz2"
     dest: "/var/tmp/nextcloud-exporter.bz2"
+    mode: "0644"
   register: nextcloud_exporter_download_archive
   until: nextcloud_exporter_download_archive is succeeded
   retries: 3
@@ -70,9 +69,9 @@
 
 - name: Copy nextcloud_exporter
   copy:
+    remote_src: true
     src: "/var/tmp/nextcloud-exporter"
     dest: "{{ nextcloud_exporter_install_dir }}/nextcloud_exporter"
-    remote_src: true
     owner: "{{ nextcloud_exporter_system_user }}"
     group: "{{ nextcloud_exporter_system_group }}"
     mode: "0755"
@@ -89,34 +88,35 @@
   register: nextcloud_notify_push_version
 - name: "{{ nextcloud_notify_push_version }}"
   set_fact:
-    nextcloud_notify_push_version: "{{ nextcloud_notify_push_version | replace ('v', '', 1) | trim }}"
+    nextcloud_notify_push_version: "{{ nextcloud_notify_push_version | replace('v', '', 1) | trim }}"
   run_once: true
 
-- name: "set deb_architecture alias"
+- name: Set deb_architecture alias and filename
   set_fact:
-    deb_architecture_alias: "x86_64"  # noqa: var-naming[no-role-prefix]
+    notify_push_filename: "x86_64-unknown-linux-musl"  # noqa: var-naming[no-role-prefix]
   when: deb_architecture == "amd64"
 
-- name: "set deb_architecture alias"
+- name: Set deb_architecture alias and filename
   set_fact:
-    deb_architecture_alias: "{{ deb_architecture }}"  # noqa: var-naming[no-role-prefix]
-  when: deb_architecture != "amd64"
+    notify_push_filename: "armv7-unknown-linux-musleabihf"  # noqa: var-naming[no-role-prefix]
+  when: deb_architecture == "arm64"
 
-- name: Download nextcloud_notify_push {{ nextcloud_notify_push_version.tag }} from GitHub
+- name: "Download nextcloud_notify_push from GitHub (v{{ nextcloud_notify_push_version.tag }})"
   get_url:
     url: "https://github.com/nextcloud/notify_push/releases/download/v{{ nextcloud_notify_push_version.tag }}\
-          /notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
-    dest: "/var/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
-  register: nextcloud_notify_push_download_archive
-  until: nextcloud_notify_push_download_archive is succeeded
+          /notify_push-{{ notify_push_filename }}"
+    dest: "/var/tmp/notify_push"
+    mode: "0700"
+  register: nextcloud_notify_push_download_file
+  until: nextcloud_notify_push_download_file is succeeded
   retries: 3
   delay: 5
 
 - name: Copy nextcloud_notify_push
   copy:
-    src: "/var/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
-    dest: "{{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push-{{ deb_architecture_alias }}"
     remote_src: true
+    src: "/var/tmp/notify_push"
+    dest: "{{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push"
     owner: "{{ webserver_user }}"
     group: "{{ webserver_group }}"
     mode: "0700"
@@ -145,8 +145,7 @@
     - nextcloud_nightlycron.service
     - nextcloud_nightlycron.timer
   notify:
-    - Restart {{ item | regex_replace ('\..*', '') }}
-    - Restart systemd_exporter
+    - Restart {{ item | regex_replace('\..*', '') }}
 
 - name: Copy Nextcloud logrotate file
   template:
diff --git a/roles/nextcloud/templates/nextcloud_notify_push.service.j2 b/roles/nextcloud/templates/nextcloud_notify_push.service.j2
index bab1a18..8b407a0 100644
--- a/roles/nextcloud/templates/nextcloud_notify_push.service.j2
+++ b/roles/nextcloud/templates/nextcloud_notify_push.service.j2
@@ -10,7 +10,7 @@ Group={{ webserver_user }}
 RuntimeDirectory=nextcloud
 RuntimeDirectoryMode=0750
 PIDFile=/run/nextcloud/notify_push.pid
-ExecStart = {{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push-{{ deb_architecture_alias }} {{ nextcloud_dir }}/config/config.php
+ExecStart = {{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push {{ nextcloud_dir }}/config/config.php
 Restart=always
 
 [Install]
diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml
index 7d39d1b..49eeb7a 100644
--- a/roles/nextcloud/vars/main.yml
+++ b/roles/nextcloud/vars/main.yml
@@ -72,16 +72,31 @@ nextcloud_user_ini:
     option: max_execution_time
     value: 3600
 
-nextcloud_apps:
+nextcloud_occ_install_app:
+  - bruteforcesettings
   - calendar
   - contacts
   - external
   - extract
   - groupfolders
+  - metadata
   - notes
   - notify_push
+  - suspicious_login
+  - tables
   - tasks
+  - twofactor_nextcloud_notification
   - twofactor_totp
+  - end_to_end_encryption
+
+nextcloud_occ_config_app:
+  - "preview jpeg_quality --value=60"
+  - "previewgenerator squareSizes --value='256 1024'"
+  - "previewgenerator widthSizes --value=2048"
+  - "previewgenerator heightSizes --value=2048"
+  - "files_trashbin background_job_expire_trash --value=no"
+  - "files_versions background_job_expire_versions --value=no"
+  - "files max_chunk_size --value 134217728"
 
 nextcloud_exporter_install_dir: "/usr/local/bin"
 nextcloud_exporter_system_group: "node-exporter"