diff --git a/homelab/docker-compose.yaml b/homelab/docker-compose.yaml
index fdae566..dad98f9 100644
--- a/homelab/docker-compose.yaml
+++ b/homelab/docker-compose.yaml
@@ -110,10 +110,13 @@ services:
         traefik.http.routers.nextcloud.rule: "Host(`drive.woozle.org`) || PathPrefix(`/nextcloud`)"
         traefik.http.routers.nextcloud.tls: "true"
         traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
-        traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker
+        traefik.http.routers.nextcloud.middlewares: nextcloud-caldav@docker,sts
         traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent: "true"
         traefik.http.middlewares.nextcloud-caldav.redirectregex.regex: ^https://(.*)/.well-known/(card|cal)dav
         traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement: https://$${1}/remote.php/dav/
+        traefik.http.middlewares.sts.headers.stsincludesubdomains: "false"
+        traefik.http.middlewares.sts.headers.stspreload: "true"
+        traefik.http.middlewares.sts.headers.stsseconds: "31536000"
         traefik.http.services.nextcloud.loadbalancer.server.port: "80"
   redis:
     image: redis
@@ -123,7 +126,7 @@ services:
         target: /var/lib/redis
 
   atlas:
-    image: ctassisf/ripe-atlas-alpine:amd64v8
+    image: ctassisf/ripe-atlas-alpine:arm64v8
     volumes:
       - type: bind
         source: /mnt/ext/srv/atlas/etc
@@ -131,6 +134,8 @@ services:
       - type: bind
         source: /mnt/ext/srv/atlas/status
         target: /var/atlas-probe/status
+    networks:
+      - hostnet
 
 secrets:
   password: