diff --git a/docker-compose.yml b/docker-compose.yml
index 4572acbf..0d5e2583 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,244 +1,251 @@
 version: '3'
 services:
   coturn:
     build:
       context: ./docker/coturn/
     container_name: kolab-coturn
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /tmp/turnserver.pid)"
       timeout: 5s
       retries: 30
     environment:
       - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
       - TURN_LISTEN_PORT=3478
       - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
     hostname: sturn.mgmt.com
     image: kolab-coturn
     network_mode: host
     restart: on-failure
     tty: true
   kolab:
     build:
       context: ./docker/kolab/
     container_name: kolab
     privileged: true
     depends_on:
       mariadb:
         condition: service_healthy
     extra_hosts:
       - "kolab.mgmt.com:127.0.0.1"
     environment:
       - DB_HOST=${DB_HOST}
       - DB_ROOT_PASSWORD=Welcome2KolabSystems
       - DB_HKCCP_DATABASE=${DB_DATABASE}
       - DB_HKCCP_USERNAME=${DB_USERNAME}
       - DB_HKCCP_PASSWORD=${DB_PASSWORD}
       - DB_KOLAB_DATABASE=kolab
       - DB_KOLAB_USERNAME=kolab
       - DB_KOLAB_PASSWORD=Welcome2KolabSystems
       - DB_RC_USERNAME=roundcube
       - DB_RC_PASSWORD=Welcome2KolabSystems
       - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?err}
       - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
       - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?err}
       - IMAP_HOST=127.0.0.1
       - IMAP_PORT=11993
       - MAIL_HOST=127.0.0.1
       - MAIL_PORT=10587
     healthcheck:
       interval: 10s
       test: test -f /tmp/kolab-init.done
       timeout: 5s
       retries: 30
     hostname: kolab.mgmt.com
     image: kolab
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./ext/:/src/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
       - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
       - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
       - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
       - ./docker/certs/kolab.hosted.com.chain.pem:/etc/pki/tls/certs/kolab.hosted.com.chain.pem
       - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
       - ./docker/kolab/utils:/root/utils:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   mariadb:
     container_name: kolab-mariadb
     environment:
-      MYSQL_ROOT_PASSWORD: Welcome2KolabSystems
-      TZ: "+02:00"
+      - MARIADB_ROOT_PASSWORD=Welcome2KolabSystems
+      - TZ="+02:00"
+      - DB_HKCCP_DATABASE=${DB_DATABASE}
+      - DB_HKCCP_USERNAME=${DB_USERNAME}
+      - DB_HKCCP_PASSWORD=${DB_PASSWORD}
     healthcheck:
       interval: 10s
       test: test -e /var/run/mysqld/mysqld.sock
       timeout: 5s
       retries: 30
-    image: mariadb
-    network_mode: host
+    image: mariadb:latest
+    volumes:
+      - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
+      - mariadb:/var/lib/mysql
   haproxy:
     build:
       context: ./docker/haproxy/
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /var/run/haproxy.pid)"
       timeout: 5s
       retries: 30
     container_name: kolab-haproxy
     hostname: haproxy.hosted.com
     image: kolab-haproxy
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./docker/certs/:/etc/certs/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
   pdns:
     build:
       context: ./docker/pdns/
     container_name: kolab-pdns
     depends_on:
       mariadb:
         condition: service_healthy
     healthcheck:
       interval: 10s
       test: "systemctl status pdns || exit 1"
       timeout: 5s
       retries: 30
     hostname: pdns
     image: apheleia/kolab-pdns
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   proxy:
     build:
       context: ./docker/proxy/
       args:
         APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err}
         SSL_CERTIFICATE: ${PROXY_SSL_CERTIFICATE:?err}
         SSL_CERTIFICATE_KEY: ${PROXY_SSL_CERTIFICATE_KEY:?err}
     healthcheck:
       interval: 10s
       test: "kill -0 $$(cat /run/nginx.pid)"
       timeout: 5s
       retries: 30
     container_name: kolab-proxy
     hostname: ${APP_WEBSITE_DOMAIN:?err}
     image: kolab-proxy
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./docker/certs/:/etc/certs/:ro
       - /etc/letsencrypt/:/etc/letsencrypt/:ro
   redis:
     build:
       context: ./docker/redis/
     healthcheck:
       interval: 10s
       test: "redis-cli ping || exit 1"
       timeout: 5s
       retries: 30
     container_name: kolab-redis
     hostname: redis
     image: redis
     network_mode: host
     volumes:
       - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
   swoole:
     build:
       context: ./docker/swoole/
     container_name: kolab-swoole
     image: apheleia/swoole:4.8.x
   webapp:
     build:
       context: ./docker/webapp/
     container_name: kolab-webapp
     image: kolab-webapp
     healthcheck:
       interval: 10s
       test: "/src/kolabsrc/artisan octane:status || exit 1"
       timeout: 5s
       retries: 30
     depends_on:
       kolab:
         condition: service_healthy
     network_mode: host
     volumes:
       - ./src:/src/kolabsrc.orig:ro
   tests:
     build:
       context: ./docker/tests/
     container_name: kolab-tests
     image: kolab-tests
     depends_on:
       kolab:
         condition: service_healthy
     network_mode: host
     volumes:
       - ./src:/src/kolabsrc.orig:ro
   worker:
     build:
       context: ./docker/worker/
     container_name: kolab-worker
     depends_on:
       - kolab
     hostname: worker
     image: kolab-worker
     network_mode: host
     tmpfs:
       - /run
       - /tmp
       - /var/run
       - /var/tmp
     tty: true
     volumes:
       - ./src:/home/worker/src.orig:ro
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
   meet:
     build:
       context: ./docker/meet/
     healthcheck:
       interval: 10s
       test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://localhost:12443/meetmedia/api/health || exit 1"
       timeout: 5s
       retries: 30
     environment:
       - WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
       - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
       - LISTENING_HOST=0.0.0.0
       - LISTENING_PORT=12443
       - TURN_SERVER=${MEET_TURN_SERVER}
       - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
       - AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
       - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
       - WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
       - SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
       - SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
     network_mode: host
     container_name: kolab-meet
     image: kolab-meet
     volumes:
       - ./meet/server:/src/meet/:ro
       - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
       - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
+volumes:
+  mariadb:
diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
index c9963115..09077860 100755
--- a/docker/kolab/kolab-init.sh
+++ b/docker/kolab/kolab-init.sh
@@ -1,38 +1,37 @@
 #!/bin/bash
 
 if [ -d "/etc/dirsrv/slapd-kolab/" ]; then
     exit 0
 fi
 
 cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl
 
 pushd /root/utils/
 
 ./01-reverse-etc-hosts.sh && echo "01 done"
 ./02-write-my.cnf.sh && echo "02 done"
 ./03-setup-kolab.sh && echo "03 done"
 ./04-reset-mysql-kolab-password.sh && echo "04 done"
 ./05-replace-localhost.sh && echo "05 done"
-./06-mysql-for-kolabdev.sh && echo "06 done"
 ./07-adjust-base-dns.sh && echo "07 done"
 ./08-disable-amavisd.sh && echo "08 done"
 ./09-enable-debugging.sh && echo "09 done"
 ./10-change-port-numbers.sh && echo "10 done"
 ./10-reset-kolab-service-password.sh && echo "10 done"
 ./11-reset-cyrus-admin-password.sh && echo "11 done"
 ./12-create-hosted-kolab-service.sh && echo "12 done"
 ./13-create-ou-domains.sh && echo "13 done"
 ./14-create-management-domain.sh && echo "14 done"
 ./15-create-hosted-domain.sh && echo "15 done"
 ./16-remove-cn-kolab-cn-config.sh && echo "16 done"
 ./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done"
 ./18-adjust-kolab-conf.sh && echo "18 done"
 ./19-turn-on-vlv-in-roundcube.sh && echo "19 done"
 ./20-add-alias-attribute-index.sh && echo "20 done"
 ./21-adjust-postfix-config.sh && echo "21 done"
 # FIXME we can only create the resource once the owner exists
 #./22-create-resource.sh && echo "22 done"
 ./23-patch-system.sh && echo "23 done"
 ./24-roundcubeconfig.sh && echo "24 done"
 
 touch /tmp/kolab-init.done
diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh
deleted file mode 100755
index 7100d89a..00000000
--- a/docker/kolab/utils/06-mysql-for-kolabdev.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
-    -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE};"
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
-    -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';"
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
-    -e "FLUSH PRIVILEGES;"
-
diff --git a/docker/mariadb/mysql-init/80-add-users.sh b/docker/mariadb/mysql-init/80-add-users.sh
deleted file mode 100644
index 4b81c9b4..00000000
--- a/docker/mariadb/mysql-init/80-add-users.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-create_arbitrary_users() {
-
-  # Do not care what option is compulsory here, just create what is specified
-  log_info "Creating user specified by (${2}) ..."
-mysql $mysql_flags <<EOSQL
-    CREATE USER '${2}'@'${4}' IDENTIFIED BY '${3}';
-EOSQL
-
-  log_info "Granting privileges to user ${2} for ${1} ..."
-mysql $mysql_flags <<EOSQL
-      GRANT ALL ON \`${1}\`.* TO '${2}'@'${4}' ;
-      FLUSH PRIVILEGES ;
-EOSQL
-}
-
-DB_NO=1
-while [[ ${DB_NO} -ne 0 ]]; do
-    DB_CUR="DB_${DB_NO}"
-    if [[ -n $(eval echo '${!'${DB_CUR}'*}') ]]; then
-        NAME="${DB_CUR}_NAME"
-        USER="${DB_CUR}_USER"
-        PASS="${DB_CUR}_PASS"
-        HOST="${DB_CUR}_HOST"
-        create_arbitrary_users ${!NAME} ${!USER} ${!PASS:-Welcome2KolabSystems} ${!HOST:-127.0.0.1} || true
-        let "DB_NO+=1"
-    else
-        DB_NO=0
-    fi
-done
diff --git a/docker/mariadb/mysql-init/81-update-root-user.sh b/docker/mariadb/mysql-init/81-update-root-user.sh
deleted file mode 100644
index 1a0df852..00000000
--- a/docker/mariadb/mysql-init/81-update-root-user.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [ ! -v ${MYSQL_ROOT_PASSWORD} ]; then
-  log_info "Update root user for host 127.0.0.1 ..."
-mysql $mysql_flags <<EOSQL
-  UPDATE mysql.user SET Password = PASSWORD('${MYSQL_ROOT_PASSWORD}') WHERE User = 'root' AND Host = '127.0.0.1';
-  FLUSH PRIVILEGES; 
-EOSQL
-fi
-
diff --git a/docker/mariadb/mysql-init/setup.sh b/docker/mariadb/mysql-init/setup.sh
new file mode 100755
index 00000000..46053215
--- /dev/null
+++ b/docker/mariadb/mysql-init/setup.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF
+CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE};
+GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';
+FLUSH PRIVILEGES;
+EOF