diff --git a/hosts/hub/apps/nextcloud.nix b/hosts/hub/apps/nextcloud.nix
index 97371d5..e0511be 100644
--- a/hosts/hub/apps/nextcloud.nix
+++ b/hosts/hub/apps/nextcloud.nix
@@ -28,7 +28,7 @@
           nextcloud = {
             enable = true;
             hostName = "nextcloud.thewordnerd.info";
-            package = pkgs.nextcloud30;
+            package = pkgs.nextcloud31;
             configureRedis = true;
             maxUploadSize = "16G";
             # autoUpdateApps.enable = true;
@@ -54,27 +54,43 @@
           };
           resolved.enable = true;
         };
+        # IMPORTANT: Nextcloud container startup workaround
+        # The nextcloud-setup service blocks container startup when it needs to perform upgrades,
+        # creating a circular dependency: the network can't be configured until the container is ready,
+        # but the container can't be ready without network access for the upgrade.
+        # 
+        # To upgrade Nextcloud when changing major versions:
+        # 1. Uncomment the lines below to disable nextcloud-setup
+        # 2. Run: nixos-rebuild switch
+        # 3. Run: nixos-container run nextcloud -- nextcloud-occ upgrade
+        # 4. Run: nixos-container run nextcloud -- nextcloud-occ maintenance:mode --off
+        # 5. Comment out the lines below again
+        # 6. Run: nixos-rebuild switch
+        #
+        # systemd.services.nextcloud-setup = {
+        #   enable = false;
+        # };
         programs.nix-ld.enable = true;
         networking = {
           firewall.allowedTCPPorts = [ 80 ];
           useHostResolvConf = lib.mkForce false;
         };
-        virtualisation.docker.enable = true;
-        users.users.nextcloud.extraGroups = [ "docker" ];
+        # virtualisation.docker.enable = true;
+        # users.users.nextcloud.extraGroups = [ "docker" ];
         environment.systemPackages = with pkgs; [
           poppler_utils
-          (pkgs.writeScriptBin "occ" ''
-            #!${pkgs.bash}/bin/bash
-            exec nextcloud-occ "$@"
-          '')
+          # (pkgs.writeScriptBin "occ" ''
+          #   #!${pkgs.bash}/bin/bash
+          #   exec nextcloud-occ "$@"
+          # '')
         ];
         programs.java.binfmt = true;
         system.stateVersion = "24.11";
       };
     # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
-    additionalCapabilities = [
-      ''all" --system-call-filter="add_key keyctl bpf" --capability="all''
-    ];
+    # additionalCapabilities = [
+    # ''all" --system-call-filter="add_key keyctl bpf" --capability="all''
+    # ];
     bindMounts = {
       "/run/postgresql" = {
         hostPath = "/run/postgresql";