Merge remote-tracking branch 'origin/master' into ocis-init

Signed-off-by: Christian Richter <crichter@owncloud.com>
2026-01-08 13:19:58 -06:00 · 2022-04-26 16:23:37 +02:00
parent 58a24e620e 5100465464
commit fb5ca006e4
110 changed files with 4895 additions and 1955 deletions
--- a/.bingo/Variables.mk
+++ b/.bingo/Variables.mk
@@ -17,11 +17,11 @@ GO     ?= $(shell which go)
 #	@echo "Running bingo"
 #	@$(BINGO) <flags/args..>
 #
-BINGO := $(GOBIN)/bingo-v0.5.2
+BINGO := $(GOBIN)/bingo-v0.6.0
 $(BINGO): $(BINGO_DIR)/bingo.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/bingo-v0.5.2"
-	@cd $(BINGO_DIR) && $(GO) build -mod=mod -modfile=bingo.mod -o=$(GOBIN)/bingo-v0.5.2 "github.com/bwplotka/bingo"
+	@echo "(re)installing $(GOBIN)/bingo-v0.6.0"
+	@cd $(BINGO_DIR) && $(GO) build -mod=mod -modfile=bingo.mod -o=$(GOBIN)/bingo-v0.6.0 "github.com/bwplotka/bingo"

 BUF := $(GOBIN)/buf-v1.3.1
 $(BUF): $(BINGO_DIR)/buf.mod
--- a/.bingo/bingo.mod
+++ b/.bingo/bingo.mod
@@ -2,4 +2,4 @@ module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT

 go 1.17

-require github.com/bwplotka/bingo v0.5.2
+require github.com/bwplotka/bingo v0.6.0
--- a/.bingo/bingo.sum
+++ b/.bingo/bingo.sum
@@ -2,23 +2,37 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/bwplotka/bingo v0.5.2 h1:iNCW7magHQK/ozLxoBVEhzhuFiftNQeFsfR9TuIEFxE=
 github.com/bwplotka/bingo v0.5.2/go.mod h1:CNMrHaFo3AhgU86psqpMQ8BOac2SZMhYfd0On/Ubt64=
+github.com/bwplotka/bingo v0.6.0 h1:AlRrI9J/GVjOUSZbsYQ5WS8X8FnLpTbEAhUVW5iOQ7M=
+github.com/bwplotka/bingo v0.6.0/go.mod h1:/qx0tLceUEeAs1R8QnIF+n9+Q0xUe7hmdQTB2w0eDYk=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.15/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/efficientgo/tools/core v0.0.0-20210201220623-8118984754c2 h1:GD19G/vhEa8amDJDBYcTaFXZjxKed67Ev0ZFPHdd/LQ=
 github.com/efficientgo/tools/core v0.0.0-20210201220623-8118984754c2/go.mod h1:cFZoHUhKg31xkPnPjhPKFtevnx0Xcg67ptBRxbpaxtk=
+github.com/efficientgo/tools/core v0.0.0-20220225185207-fe763185946b h1:ZHiD4/yE4idlbqvAO6iYCOYRzOMRpxkW+FKasRA3tsQ=
+github.com/efficientgo/tools/core v0.0.0-20220225185207-fe763185946b/go.mod h1:OmVcnJopJL8d3X3sSXTiypGoUSgFq1aDGmlrdi9dn/M=
+github.com/frankban/quicktest v1.13.1/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/pkg/diff v0.0.0-20200914180035-5b29258ca4f7/go.mod h1:zO8QMzTeZd5cpnIkz/Gn6iK0jDfGicM1nynOkkPIl28=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.1-0.20210923151022-86f73c517451/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -29,19 +43,30 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201029080932-201ba4db2418 h1:HlFl4V6pEMziuLXyRkm5BIYq1y1GAbb02pRlWvI54OM=
 golang.org/x/sys v0.0.0-20201029080932-201ba4db2418/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210925032602-92d5a993a665/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f h1:rlezHXNlxYWvBCzNses9Dlc7nGFaNMJeqLolcmQSSZY=
+golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407 h1:5zh5atpUEdIc478E/ebrIaHLKcfVvG6dL/fGv7BcMoM=
 golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20210916214954-140adaaadfaf/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -49,11 +74,17 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 mvdan.cc/editorconfig v0.1.1-0.20200121172147-e40951bde157/go.mod h1:Ge4atmRUYqueGppvJ7JNrtqpqokoJEFxYbP0Z+WeKS8=
+mvdan.cc/editorconfig v0.2.0/go.mod h1:lvnnD3BNdBYkhq+B4uBuFFKatfp02eB6HixDvEz91C0=
 mvdan.cc/sh/v3 v3.2.4 h1:+fZaWcXWRjYAvqzEKoDhDM3DkxdDUykU2iw0VMKFe9s=
 mvdan.cc/sh/v3 v3.2.4/go.mod h1:fPQmabBpREM/XQ9YXSU5ZFZ/Sm+PmKP9/vkFHgYKJEI=
+mvdan.cc/sh/v3 v3.4.3 h1:zbuKH7YH9cqU6PGajhFFXZY7dhPXcDr55iN/cUAqpuw=
+mvdan.cc/sh/v3 v3.4.3/go.mod h1:p/tqPPI4Epfk2rICAe2RoaNd8HBSJ8t9Y2DA9yQlbzY=
--- a/.bingo/variables.env
+++ b/.bingo/variables.env
@@ -8,7 +8,7 @@ if [ -z "$GOBIN" ]; then
 fi


-BINGO="${GOBIN}/bingo-v0.5.2"
+BINGO="${GOBIN}/bingo-v0.6.0"

 BUF="${GOBIN}/buf-v1.3.1"

--- a/.drone.env
+++ b/.drone.env
@@ -1,5 +1,5 @@
 # The test runner source for API tests
-CORE_COMMITID=f5e36e21b45c96ba90ff6e47787effebad96d0eb
+CORE_COMMITID=b262ada63569e241f9cee451c23f267512fd48b2
 CORE_BRANCH=master

 # The test runner source for UI tests
--- a/.drone.star
+++ b/.drone.star
@@ -93,7 +93,9 @@ config = {
            "suites": [
                "apiShareManagement",
            ],
-            "skip": False,
+            # The tests fail after the storage config changes
+            # They will be fixed later.
+            "skip": True,
            "earlyFail": True,
            "cron": "nightly",
        },
@@ -101,7 +103,9 @@ config = {
            "suites": [
                "apiWebdavOperations",
            ],
-            "skip": False,
+            # The tests fail after the storage config changes
+            # They will be fixed later.
+            "skip": True,
            "earlyFail": True,
            "cron": "nightly",
        },
@@ -1624,8 +1628,8 @@ def ocisServerWithIdp():
        "GRAPH_LDAP_SERVER_WRITE_ENABLED": "true",
        "LDAP_URI": "ldaps://0.0.0.0:9235",
        "LDAP_INSECURE": "true",
-        "LDAP_BIND_DN": "uid=libregraph,ou=sysusers,o=libregraph-idm",
-        "LDAP_BIND_PASSWORD": "idm",
+        "GRAPH_LDAP_BIND_DN": "uid=libregraph,ou=sysusers,o=libregraph-idm",
+        "GRAPH_LDAP_BIND_PASSWORD": "idm",
        "LDAP_USER_BASE_DN": "ou=users,o=libregraph-idm",
        "LDAP_USER_SCHEMA_ID": "ownclouduuid",
        "LDAP_USER_SCHEMA_MAIL": "mail",
@@ -1644,8 +1648,8 @@ def ocisServerWithIdp():
        "IDP_LDAP_LOGIN_ATTRIBUTE": "uid",
        "PROXY_ACCOUNT_BACKEND_TYPE": "cs3",
        "PROXY_ENABLE_BASIC_AUTH": "true",
-        "STORAGE_LDAP_BIND_DN": "uid=reva,ou=sysusers,o=libregraph-idm",
-        "STORAGE_LDAP_BIND_PASSWORD": "reva",
+        "LDAP_BIND_DN": "uid=reva,ou=sysusers,o=libregraph-idm",
+        "LDAP_BIND_PASSWORD": "reva",
        "OCS_ACCOUNT_BACKEND_TYPE": "cs3",
        "OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,idp,nats,idm,ocdav",
        "OCIS_LOG_LEVEL": "error",
@@ -1679,13 +1683,13 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
        user = "0:0"
        environment = {
            "OCIS_URL": "https://ocis-server:9200",
-            "STORAGE_GATEWAY_GRPC_ADDR": "0.0.0.0:9142",
+            "GATEWAY_GRPC_ADDR": "0.0.0.0:9142",
            "STORAGE_HOME_DRIVER": "%s" % (storage),
            "STORAGE_USERS_DRIVER": "%s" % (storage),
            "STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root",
            "STORAGE_USERS_DRIVER_OCIS_ROOT": "/srv/app/tmp/ocis/storage/users",
            "STORAGE_METADATA_DRIVER_OCIS_ROOT": "/srv/app/tmp/ocis/storage/metadata",
-            "STORAGE_SHARING_USER_JSON_FILE": "/srv/app/tmp/ocis/shares.json",
+            "SHARING_USER_JSON_FILE": "/srv/app/tmp/ocis/shares.json",
            "PROXY_ENABLE_BASIC_AUTH": True,
            "WEB_UI_CONFIG": "/drone/src/tests/config/drone/ocis-config.json",
            "IDP_IDENTIFIER_REGISTRATION_CONF": "/drone/src/tests/config/drone/identifier-registration.yml",
@@ -1708,42 +1712,38 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
        environment = {
            # Keycloak IDP specific configuration
            "PROXY_OIDC_ISSUER": "https://keycloak/auth/realms/owncloud",
+            "LDAP_IDP": "https://keycloak/auth/realms/owncloud",
            "WEB_OIDC_AUTHORITY": "https://keycloak/auth/realms/owncloud",
            "WEB_OIDC_CLIENT_ID": "ocis-web",
            "WEB_OIDC_METADATA_URL": "https://keycloak/auth/realms/owncloud/.well-known/openid-configuration",
-            "STORAGE_OIDC_ISSUER": "https://keycloak",
-            "STORAGE_LDAP_IDP": "https://keycloak/auth/realms/owncloud",
+            "AUTH_BEARER_OIDC_ISSUER": "https://keycloak",
            "WEB_OIDC_SCOPE": "openid profile email owncloud",
            # LDAP bind
-            "STORAGE_LDAP_URI": "ldaps://openldap",
-            "STORAGE_LDAP_INSECURE": "true",
-            "STORAGE_LDAP_BIND_DN": "cn=admin,dc=owncloud,dc=com",
-            "STORAGE_LDAP_BIND_PASSWORD": "admin",
+            "LDAP_URI": "ldaps://openldap",
+            "LDAP_INSECURE": "true",
+            "LDAP_BIND_DN": "cn=admin,dc=owncloud,dc=com",
+            "LDAP_BIND_PASSWORD": "admin",
            # LDAP user settings
            "PROXY_AUTOPROVISION_ACCOUNTS": "true",  # automatically create users when they login
            "PROXY_ACCOUNT_BACKEND_TYPE": "cs3",  # proxy should get users from CS3APIS (which gets it from LDAP)
            "PROXY_USER_OIDC_CLAIM": "ocis.user.uuid",  # claim was added in Keycloak
            "PROXY_USER_CS3_CLAIM": "userid",  # equals STORAGE_LDAP_USER_SCHEMA_UID
-            "STORAGE_LDAP_GROUP_BASE_DN": "ou=testgroups,dc=owncloud,dc=com",
-            "STORAGE_LDAP_GROUP_OBJECTCLASS": "groupOfUniqueNames",
-            "STORAGE_LDAP_GROUPFILTER": "(objectclass=owncloud)",
-            "STORAGE_LDAP_GROUP_SCHEMA_DISPLAYNAME": "cn",
-            "STORAGE_LDAP_GROUP_SCHEMA_GID_NUMBER": "gidnumber",
-            "STORAGE_LDAP_GROUP_SCHEMA_ID": "cn",
-            "STORAGE_LDAP_GROUP_SCHEMA_MAIL": "mail",
-            "STORAGE_LDAP_GROUP_SCHEMA_MEMBER": "cn",
-            "STORAGE_LDAP_USER_BASE_DN": "ou=testusers,dc=owncloud,dc=com",
-            "STORAGE_LDAP_USER_OBJECTCLASS": "posixAccount",
-            "STORAGE_LDAP_USERFILTER": "(objectclass=owncloud)",
-            "STORAGE_LDAP_USER_SCHEMA_USERNAME": "cn",
-            "STORAGE_LDAP_USER_SCHEMA_DISPLAYNAME": "displayname",
-            "STORAGE_LDAP_USER_SCHEMA_GID_NUMBER": "gidnumber",
-            "STORAGE_LDAP_USER_SCHEMA_MAIL": "mail",
-            "STORAGE_LDAP_USER_SCHEMA_UID_NUMBER": "uidnumber",
-            "STORAGE_LDAP_USER_SCHEMA_ID": "ownclouduuid",
-            "STORAGE_LDAP_LOGIN_ATTRIBUTES": "uid,mail",
+            "LDAP_GROUP_BASE_DN": "ou=testgroups,dc=owncloud,dc=com",
+            "LDAP_GROUP_OBJECTCLASS": "groupOfUniqueNames",
+            "LDAP_GROUPFILTER": "(objectclass=owncloud)",
+            "LDAP_GROUP_SCHEMA_DISPLAYNAME": "cn",
+            "LDAP_GROUP_SCHEMA_ID": "cn",
+            "LDAP_GROUP_SCHEMA_MAIL": "mail",
+            "LDAP_GROUP_SCHEMA_MEMBER": "cn",
+            "LDAP_USER_BASE_DN": "ou=testusers,dc=owncloud,dc=com",
+            "LDAP_USER_OBJECTCLASS": "posixAccount",
+            "LDAP_USERFILTER": "(objectclass=owncloud)",
+            "LDAP_USER_SCHEMA_USERNAME": "cn",
+            "LDAP_USER_SCHEMA_DISPLAYNAME": "displayname",
+            "LDAP_USER_SCHEMA_MAIL": "mail",
+            "LDAP_USER_SCHEMA_ID": "ownclouduuid",
+            "LDAP_LOGIN_ATTRIBUTES": "uid,mail",
            # ownCloudSQL storage driver
-            "STORAGE_HOME_DRIVER": "owncloudsql",
            "STORAGE_USERS_DRIVER": "owncloudsql",
            "STORAGE_METADATA_DRIVER": "ocis",
            "STORAGE_USERS_DRIVER_OWNCLOUDSQL_DATADIR": "/mnt/data/files",
@@ -1758,30 +1758,29 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
            # TODO: redis is not yet supported
            "STORAGE_USERS_DRIVER_OWNCLOUDSQL_REDIS_ADDR": "redis:6379",
            # ownCloudSQL sharing driver
-            "STORAGE_SHARING_USER_DRIVER": "owncloudsql",
-            "STORAGE_SHARING_USER_SQL_USERNAME": "owncloud",
-            "STORAGE_SHARING_USER_SQL_PASSWORD": "owncloud",
-            "STORAGE_SHARING_USER_SQL_HOST": "oc10-db",
-            "STORAGE_SHARING_USER_SQL_PORT": 3306,
-            "STORAGE_SHARING_USER_SQL_NAME": "owncloud",
+            "SHARING_USER_DRIVER": "owncloudsql",
+            "SHARING_USER_SQL_USERNAME": "owncloud",
+            "SHARING_USER_SQL_PASSWORD": "owncloud",
+            "SHARING_USER_SQL_HOST": "oc10-db",
+            "SHARING_USER_SQL_PORT": 3306,
+            "SHARING_USER_SQL_NAME": "owncloud",
            # ownCloud storage readonly
            # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
            "OCIS_STORAGE_READ_ONLY": "false",
            # General oCIS config
            # OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
            "OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,nats,ocdav",
-            "OCIS_LOG_LEVEL": "error",
+            "OCIS_LOG_LEVEL": "info",
            "OCIS_URL": OCIS_URL,
            "PROXY_TLS": "true",
            "OCIS_BASE_DATA_PATH": "/mnt/data/ocis",
+            "OCIS_CONFIG_DIR": "/etc/ocis",
            # change default secrets
            "OCIS_JWT_SECRET": "Pive-Fumkiu4",
            "STORAGE_TRANSFER_SECRET": "replace-me-with-a-transfer-secret",
            "OCIS_MACHINE_AUTH_API_KEY": "change-me-please",
            "OCIS_INSECURE": "true",
            "PROXY_ENABLE_BASIC_AUTH": "true",
-            "ACCOUNTS_DEMO_USERS_AND_GROUPS": True,  # deprecated, remove after switching to LibreIDM
-            "IDM_CREATE_DEMO_USERS": True,
        }
        wait_for_ocis = {
            "name": "wait-for-ocis-server",
--- a/.gitignore
+++ b/.gitignore
@@ -1,31 +1,32 @@
+# coverage reports
 */coverage.out
 extensions/*/coverage.out
+
+# unit test reports
 */checkstyle.xml
 extensions/*/checkstyle.xml
-*/package-lock.json

-ocis/config/identifier-registration.yaml
+# nodejs / yarn
+*/package-lock.json
+node_modules/
+yarn-error.log
+yarn.lock
+
+# build artifacts
 */bin
 extensions/*/bin
 dist/
-/hugo
-*.key
-*crt
-node_modules/
-*/assets
 extensions/*/assets
 ocis/ocis
 ocis/cmd/ocis/__debug_bin
 ocis/cmd/ocis/config/

+# docs
+/hugo
+
+# IDEs
 .idea

-yarn-error.log
-yarn.lock
-
-# Konnectd
-idp/assets/identifier
-
 # Composer - used for API acceptance tests
 composer.lock
 vendor
--- a/.make/release.mk
+++ b/.make/release.mk
@@ -11,6 +11,7 @@ release-dirs:

 # docker specific packaging flags
 DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis"
+DOCKER_LDFLAGS += -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathType=path" -X "$(OCIS_REPO)/ocis-pkg/config/defaults.BaseConfigPathValue=/etc/ocis"

 release-linux-docker-amd64: release-dirs
 	GOOS=linux \
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,10 @@ The following sections list the changes for unreleased.
 ## Summary

 * Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: [#3483](https://github.com/owncloud/ocis/issues/3483)
+* Change - Load configuration files just from one directory: [#3587](https://github.com/owncloud/ocis/pull/3587)
 * Enhancement - Add capability for public link single file edit: [#6787](https://github.com/owncloud/web/pull/6787)
+* Enhancement - Update linkshare capabilities: [#3579](https://github.com/owncloud/ocis/pull/3579)
+* Enhancement - Update reva to v2.x.x: [#3552](https://github.com/owncloud/ocis/pull/3552)

 ## Details

@@ -18,6 +21,18 @@ The following sections list the changes for unreleased.

   https://github.com/owncloud/ocis/issues/3483

+* Change - Load configuration files just from one directory: [#3587](https://github.com/owncloud/ocis/pull/3587)
+
+   We've changed the configuration file loading behavior and are now only loading configuration
+   files from ONE single directory. This directory can be set on compile time or via an environment
+   variable on startup (`OCIS_CONFIG_DIR`).
+
+   We are using following configuration default paths:
+
+   - Docker images: `/etc/ocis/` - Binary releases: `$HOME/.ocis/config/`
+
+   https://github.com/owncloud/ocis/pull/3587
+
 * Enhancement - Add capability for public link single file edit: [#6787](https://github.com/owncloud/web/pull/6787)

   It is now possible to share a single file by link with edit permissions. Therefore we need a
@@ -26,11 +41,28 @@ The following sections list the changes for unreleased.

   https://github.com/owncloud/web/pull/6787
   https://github.com/owncloud/ocis/pull/3538
+
+* Enhancement - Update linkshare capabilities: [#3579](https://github.com/owncloud/ocis/pull/3579)
+
+   We have updated the capabilities regarding password enforcement and expiration dates of
+   public links. They were previously hardcoded in a way that didn't reflect the actual backend
+   functionality anymore.
+
+   https://github.com/owncloud/ocis/pull/3579
+
+* Enhancement - Update reva to v2.x.x: [#3552](https://github.com/owncloud/ocis/pull/3552)
+
+   Updated reva to version 2.x.x. This update includes:
+
+  * TODO
+
+   https://github.com/owncloud/ocis/pull/3552
+   https://github.com/owncloud/ocis/pull/3570
 # Changelog for [1.20.0] (2022-04-13)

 The following sections list the changes for 1.20.0.

-[1.20.0]: https://github.com/owncloud/ocis/compare/v1.19.1...v1.20.0
+[1.20.0]: https://github.com/owncloud/ocis/compare/v1.19.0...v1.20.0

 ## Summary

@@ -198,28 +230,11 @@ The following sections list the changes for 1.20.0.
   Group member remove

   https://github.com/owncloud/ocis/pull/3467
-# Changelog for [1.19.1] (2022-03-29)
-
-The following sections list the changes for 1.19.1.
-
-[1.19.1]: https://github.com/owncloud/ocis/compare/v1.19.0...v1.19.1
-
-## Summary
-
-* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419)
-
-## Details
-
-* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419)
-
-   URLs for Special items (space image, readme) were broken.
-
-   https://github.com/owncloud/ocis/pull/3419
 # Changelog for [1.19.0] (2022-03-29)

 The following sections list the changes for 1.19.0.

-[1.19.0]: https://github.com/owncloud/ocis/compare/v1.18.0...v1.19.0
+[1.19.0]: https://github.com/owncloud/ocis/compare/v1.19.1...v1.19.0

 ## Summary

@@ -388,6 +403,23 @@ The following sections list the changes for 1.19.0.
   https://github.com/owncloud/ocis/pull/3291
   https://github.com/owncloud/ocis/pull/3375
   https://github.com/owncloud/web/releases/tag/v5.3.0
+# Changelog for [1.19.1] (2022-03-29)
+
+The following sections list the changes for 1.19.1.
+
+[1.19.1]: https://github.com/owncloud/ocis/compare/v1.18.0...v1.19.1
+
+## Summary
+
+* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419)
+
+## Details
+
+* Bugfix - Return correct special item urls: [#3419](https://github.com/owncloud/ocis/pull/3419)
+
+   URLs for Special items (space image, readme) were broken.
+
+   https://github.com/owncloud/ocis/pull/3419
 # Changelog for [1.18.0] (2022-03-03)

 The following sections list the changes for 1.18.0.
--- a/changelog/unreleased/change-load-config-from-only-one-dir.md
+++ b/changelog/unreleased/change-load-config-from-only-one-dir.md
@@ -0,0 +1,12 @@
+Change: Load configuration files just from one directory
+
+We've changed the configuration file loading behavior and are now only loading
+configuration files from ONE single directory. This directory can be set on
+compile time or via an environment variable on startup (`OCIS_CONFIG_DIR`).
+
+We are using following configuration default paths:
+
+- Docker images: `/etc/ocis/`
+- Binary releases: `$HOME/.ocis/config/`
+
+https://github.com/owncloud/ocis/pull/3587
--- a/changelog/unreleased/update-linkshare-capabilities.md
+++ b/changelog/unreleased/update-linkshare-capabilities.md
@@ -0,0 +1,5 @@
+Enhancement: Update linkshare capabilities
+
+We have updated the capabilities regarding password enforcement and expiration dates of public links. They were previously hardcoded in a way that didn't reflect the actual backend functionality anymore.
+
+https://github.com/owncloud/ocis/pull/3579
--- a/changelog/unreleased/update-reva.md
+++ b/changelog/unreleased/update-reva.md
@@ -0,0 +1,8 @@
+Enhancement: update reva to v2.x.x
+
+Updated reva to version 2.x.x. This update includes:
+
+* TODO
+
+https://github.com/owncloud/ocis/pull/3552
+https://github.com/owncloud/ocis/pull/3570
--- a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh
+++ b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh
@@ -1,4 +1,4 @@
-#/bin/sh!
+#!/bin/bash
 set -e

 echo "${WOPISECRET}" > /etc/wopi/wopisecret
@@ -11,6 +11,11 @@ sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN}'/g' /etc/wopi/wopiserver.conf
 sed -i 's/collabora.owncloud.test/'${COLLABORA_DOMAIN}'/g' /etc/wopi/wopiserver.conf
 sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf

+
+if [ "$WOPISERVER_INSECURE" == "true" ]; then
+    sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
+fi
+
 touch /var/log/wopi/wopiserver.log

 /app/wopiserver.py &
--- a/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist
+++ b/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist
@@ -1,27 +1,23 @@
 #
+# This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf
+#
 # wopiserver.conf
 #
-# Default configuration file for the WOPI server for CERNBox
+# Default configuration file for the WOPI server for oCIS
 #
 ##############################################################

 [general]
 # Storage access layer to be loaded in order to operate this WOPI server
-# Supported values: local, xroot, cs3.
+# only "cs3" is supported with oCIS
 storagetype = cs3

 # Port where to listen for WOPI requests
 port = 8880

-# URL of your Microsoft Office Online service
-#oosurl = https://officeonline.owncloud.test
-
-# URL of your Collabora Online service
-#codeurl = https://collabora.owncloud.test
-
-# URL of your CodiMD service
-codimdurl = https://codimd.owncloud.test
-codimdinturl = http://codimd:3000
+# Logging level. Debug enables the Flask debug mode as well.
+# Valid values are: Debug, Info, Warning, Error.
+loglevel = Error

 # URL of your WOPI server or your HA proxy in front of it
 wopiurl = https://wopiserver.owncloud.test
@@ -30,40 +26,56 @@ wopiurl = https://wopiserver.owncloud.test
 # to clients will include the access_token argument
 downloadurl = https://wopiserver.owncloud.test/wopi/cbox/download

-# Optional URL prefix for WebDAV access to the files. This enables the
-# 'Edit in Desktop client' action on Windows-based clients
-webdavurl = https://ocis.owncloud.test/webdav
+# The internal server engine to use (defaults to flask).
+# Set to waitress for production installations.
+internalserver = waitress

 # List of file extensions deemed incompatible with LibreOffice:
 # interoperable locking will be disabled for such files
 nonofficetypes = .md .zmd .txt .epd

-# List of file extensions to be supported by Collabora
+# List of file extensions to be supported by Collabora (deprecated)
 codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key

 # WOPI access token expiration time [seconds]
 tokenvalidity = 86400

 # WOPI lock expiration time [seconds]
-wopilockexpiration = 7200
+wopilockexpiration = 3600

 # WOPI lock strict check: if True, WOPI locks will be compared according to specs,
 # that is their representation must match. False (default) allows for a more relaxed
 # comparison, which compensates incorrect lock requests from Microsoft Office Online
 # on-premise setups.
-#wopilockstrictcheck = False
+wopilockstrictcheck = False

-# Logging level. Debug enables the Flask debug mode as well.
-# Valid values are: Debug, Info, Warning, Error.
-loglevel = Info
+# Enable support of rename operations from WOPI apps. This is currently
+# disabled by default as it has been observed that both MS Office and Collabora
+# Online do not play well with this feature.
+# Not supported with oCIS, must always be set to "False"
+enablerename = False

-# Location of the lock files. Currently, two modes are supported:
-# if a path is provided, all locks will be stored there with a hashed name,
-# otherwise the lock is stored on the same path as the original file.
-# This latter mode will eventually be dropped once the system is deemed
-# stable enough and lock files are hidden away.
-#lockpath = /your_storage/wopilocks
+# Detection of external Microsoft Office or LibreOffice locks. By default, lock files
+# compatible with Office for Desktop applications are detected, assuming that the
+# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock
+# and SetLock operations return such locks and prevent online apps from entering edit mode.
+# This feature can be disabled in order to operate a pure WOPI server for online apps.
+# Not supported with oCIS, must always be set to "False"
+detectexternallocks = False

+# Location of the webconflict files. By default, such files are stored in the same path
+# as the original file. If that fails (e.g. because of missing permissions),
+# an attempt is made to store such files in this path if specified, otherwise
+# the system falls back to the recovery space (cf. io|recoverypath).
+# The keywords <user_initial> and <username> are replaced with the actual username's
+# initial letter and the actual username, respectively, so you can use e.g.
+# /your_storage/home/user_initial/username
+#conflictpath = /
+
+# ownCloud's WOPI proxy configuration. Disabled by default.
+#wopiproxy = https://external-wopi-proxy.com
+#wopiproxysecretfile = /path/to/your/shared-key-file
+#proxiedappname = Name of your proxied app

 [security]
 # Location of the secret files. Requires a restart of the
@@ -82,7 +94,7 @@ wopikey = /etc/grid-security/host.key

 [bridge]
 # SSL certificate check for the connected apps
-sslverify = False
+sslverify = True

 # Minimal time interval between two consecutive save operations [seconds]
 #saveinterval = 200
@@ -90,39 +102,25 @@ sslverify = False
 # Minimal time interval before a closed file is WOPI-unlocked [seconds]
 #unlockinterval = 90

+# CodiMD: disable creating zipped bundles when files contain pictures
+#disablezip = False

 [io]
 # Size used for buffered reads [bytes]
 chunksize = 4194304

-
-[xroot]
-# URL of the default remote xroot storage server. This can be overridden
-# if the end-point is passed on the /wopi/cbox/open call
-#storageserver = root://your-xrootd-server.org
-
-# Optional EOS top-level path that will be prepended to all user paths. Useful
-# to map the CERNBox-exposed files in a subfolder of the EOS storage. By default,
-# this is not used and storagehomepath is empty.
-#storagehomepath = /your/top/storage/path
-
-
-[local]
-# Location of the folder or mount point used as local storage
-#storagehomepath = /mnt/your_local_storage
-
+# Path to a recovery space in case of I/O errors when reaching to the remote storage.
+# This is expected to be a local path, and it is provided in order to ease user support.
+# Defaults to the indicated spool folder.
+#recoverypath = /var/spool/wopirecovery

 [cs3]
 # Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint
 revagateway = ocis:9142

-# HTTP (WebDAV) endpoint for uploading files
-#datagateway = https://your-reva-server.org:port/data
-
 # Reva/gRPC authentication token expiration time [seconds]
 # The default value matches Reva's default
 authtokenvalidity = 3600

 # SSL certificate check for Reva
-# oCIS uses self signed certificate in this example
-sslverify = false
+sslverify = True
--- a/deployments/examples/ocis_wopi/docker-compose.yml
+++ b/deployments/examples/ocis_wopi/docker-compose.yml
@@ -173,9 +173,10 @@ services:
    networks:
      ocis-net:
    entrypoint:
-      - /bin/sh
+      - /bin/bash
      - /entrypoint-override.sh
    environment:
+      WOPISERVER_INSECURE: "${INSECURE:-false}"
      WOPISECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
      IOPSECRET: ${WOPI_IOP_SECRET:-LoremIpsum123}
      CODIMDSECRET: ${CODIMD_SECRET:-LoremIpsum456}
--- a/docs/helpers/configenvextractor.go
+++ b/docs/helpers/configenvextractor.go
@@ -56,7 +56,9 @@ func GenerateIntermediateCode(templatePath string, intermediateCodePath string,

 func RunIntermediateCode(intermediateCodePath string) {
 	fmt.Println("Running intermediate go code for " + intermediateCodePath)
-	os.Setenv("OCIS_BASE_DATA_PATH", "~/.ocis")
+	defaultPath := "~/.ocis"
+	os.Setenv("OCIS_BASE_DATA_PATH", defaultPath)
+	os.Setenv("OCIS_CONFIG_DIR", path.Join(defaultPath, "config"))
 	out, err := exec.Command("go", "run", intermediateCodePath).Output()
 	if err != nil {
 		log.Fatal(err)
--- a/docs/ocis/config.md
+++ b/docs/ocis/config.md
@@ -39,15 +39,16 @@ Let's explore the various flows with examples and workflows.

 Let's explore with examples this approach.

-#### Expected loading locations:
+#### Expected loading locations

- `$HOME/.ocis/config/`
- `/etc/ocis/`
- `.config/`
+- docker images: `/etc/ocis/`
+- binary releases: `$HOME/.ocis/config/`

-followed by the extension name. When configuring the proxy, a valid full path that will get loaded is `$HOME/.ocis/config/proxy.yaml`.
+followed by the `<extension name>.yaml`, eg `proxy.yaml` for the extension configuration. You also can put an `ocis.yaml` config file to the expected loading location to use a single config file.

-####  Only config files
+You can set another directory as config path in the environment variable `OCIS_CONFIG_DIR`. It will then pick the same file names, but from the folder you configured.
+
+#### Only config files

 The following config files are present in the default loading locations:

--- a/docs/ocis/deployment/systemd.md
+++ b/docs/ocis/deployment/systemd.md
@@ -10,17 +10,18 @@ geekdocFilePath: systemd.md
 {{< toc >}}

 ## Install the oCIS binary
+
 Download the oCIS binary of your preferred version and for your CPU architecture and operating system from [download.owncloud.com](https://download.owncloud.com/ocis/ocis).

 Rename the downloaded binary to `ocis` and move it to `/usr/bin/`. As a next step, you need to mark it as executable with `chmod +x /usr/bin/ocis`.

 When you now run `ocis help` on your command line, you should see the available options for the oCIS command.

-
 ## Systemd service definition

 Create the Systemd service definition for oCIS in the file `/etc/systemd/system/ocis.service` with following content:
-```
+
+```systemd
 [Unit]
 Description=OCIS server

@@ -49,16 +50,16 @@ OCIS_INSECURE=false

 OCIS_LOG_LEVEL=error

-GLAUTH_LDAPS_CERT=/etc/ocis/ldap/ldaps.crt
-GLAUTH_LDAPS_KEY=/etc/ocis/ldap/ldaps.key
-IDP_TRANSPORT_TLS_CERT=/etc/ocis/idp/server.crt
-IDP_TRANSPORT_TLS_KEY=/etc/ocis/idp/server.key
-PROXY_TRANSPORT_TLS_CERT=/etc/ocis/proxy/server.crt
-PROXY_TRANSPORT_TLS_KEY=/etc/ocis/proxy/server.key
+OCIS_CONFIG_DIR=/etc/ocis
+OCIS_BASE_DATA_PATH=/var/lib/ocis
 ```

+Since we set `OCIS_CONFIG_DIR` to `/etc/ocis` you can also place configuration files in this directory.
+
 Please change your `OCIS_URL` in order to reflect your actual deployment. If you are using self-signed certificates you need to set `OCIS_INSECURE=true` in `/etc/ocis/ocis.env`.

+oCIS will store all data in `/var/lib/ocis`, because we configured it so by setting `OCIS_BASE_DATA_PATH`. Therefore you need to create that directory and make it accessible to the user, you use to start oCIS.
+

 ## Starting the oCIS service

--- a/extensions/accounts/l10n/translations.json
+++ b/extensions/accounts/l10n/translations.json
--- a/extensions/appprovider/pkg/command/command.go
+++ b/extensions/appprovider/pkg/command/command.go
@@ -9,11 +9,12 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -23,12 +24,15 @@ func AppProvider(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "app-provider",
 		Usage: "start appprovider for providing apps",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-app-provider")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -51,10 +55,12 @@ func AppProvider(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.AppProvider.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -66,7 +72,7 @@ func AppProvider(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.AppProvider.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -80,38 +86,36 @@ func appProviderConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]

 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.AppProvider.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.AppProvider.GRPCNetwork,
-			"address": cfg.Reva.AppProvider.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"appprovider": map[string]interface{}{
-					"gatewaysvc":       cfg.Reva.Gateway.Endpoint,
-					"app_provider_url": cfg.Reva.AppProvider.ExternalAddr,
-					"driver":           cfg.Reva.AppProvider.Driver,
+					"app_provider_url": cfg.ExternalAddr,
+					"driver":           cfg.Driver,
 					"drivers": map[string]interface{}{
 						"wopi": map[string]interface{}{
-							"app_api_key":          cfg.Reva.AppProvider.WopiDriver.AppAPIKey,
-							"app_desktop_only":     cfg.Reva.AppProvider.WopiDriver.AppDesktopOnly,
-							"app_icon_uri":         cfg.Reva.AppProvider.WopiDriver.AppIconURI,
-							"app_int_url":          cfg.Reva.AppProvider.WopiDriver.AppInternalURL,
-							"app_name":             cfg.Reva.AppProvider.WopiDriver.AppName,
-							"app_url":              cfg.Reva.AppProvider.WopiDriver.AppURL,
-							"insecure_connections": cfg.Reva.AppProvider.WopiDriver.Insecure,
-							"iop_secret":           cfg.Reva.AppProvider.WopiDriver.IopSecret,
-							"jwt_secret":           cfg.Reva.AppProvider.WopiDriver.JWTSecret,
-							"wopi_url":             cfg.Reva.AppProvider.WopiDriver.WopiURL,
+							"app_api_key":          cfg.Drivers.WOPI.AppAPIKey,
+							"app_desktop_only":     cfg.Drivers.WOPI.AppDesktopOnly,
+							"app_icon_uri":         cfg.Drivers.WOPI.AppIconURI,
+							"app_int_url":          cfg.Drivers.WOPI.AppInternalURL,
+							"app_name":             cfg.Drivers.WOPI.AppName,
+							"app_url":              cfg.Drivers.WOPI.AppURL,
+							"insecure_connections": cfg.Drivers.WOPI.Insecure,
+							"iop_secret":           cfg.Drivers.WOPI.IopSecret,
+							"jwt_secret":           cfg.JWTSecret,
+							"wopi_url":             cfg.Drivers.WOPI.WopiURL,
 						},
 					},
 				},
@@ -128,28 +132,28 @@ type AppProviderSutureService struct {

 // NewAppProvider creates a new store.AppProviderSutureService
 func NewAppProvider(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.AppProvider.Commons = cfg.Commons
 	return AppProviderSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.AppProvider,
 	}
 }

 func (s AppProviderSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.AppProvider.Context = ctx
+	cmd := AppProvider(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := AppProvider(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if AppProvider(s.cfg).Before != nil {
-		if err := AppProvider(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := AppProvider(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/appprovider/pkg/config/config.go
+++ b/extensions/appprovider/pkg/config/config.go
@@ -0,0 +1,67 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	ExternalAddr          string
+	Driver                string
+	Drivers               Drivers
+}
+
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;APP_PROVIDER_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;APP_PROVIDER_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;APP_PROVIDER_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;APP_PROVIDER_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;APP_PROVIDER_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;APP_PROVIDER_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;APP_PROVIDER_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;APP_PROVIDER_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"APP_PROVIDER_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"APP_PROVIDER_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"APP_PROVIDER_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"APP_PROVIDER_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type Drivers struct {
+	WOPI WOPIDriver
+}
+
+type WOPIDriver struct {
+	AppAPIKey      string `yaml:"app_api_key"`
+	AppDesktopOnly bool   `yaml:"app_desktop_only"`
+	AppIconURI     string `yaml:"app_icon_uri"`
+	AppInternalURL string `yaml:"app_internal_url"`
+	AppName        string `yaml:"app_name"`
+	AppURL         string `yaml:"app_url"`
+	Insecure       bool   `yaml:"insecure"`
+	IopSecret      string `yaml:"ipo_secret"`
+	WopiURL        string `yaml:"wopi_url"`
+}
--- a/extensions/appprovider/pkg/config/defaults/defaultconfig.go
+++ b/extensions/appprovider/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,66 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9165",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9164",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "appprovider",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		Driver:          "",
+		Drivers: config.Drivers{
+			WOPI: config.WOPIDriver{},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/auth-basic/pkg/command/command.go
+++ b/extensions/auth-basic/pkg/command/command.go
@@ -10,38 +10,44 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/ldap"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )

-// AuthBasic is the entrypoint for the auth-basic command.
+// Command is the entrypoint for the auth-basic command.
 func AuthBasic(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "auth-basic",
 		Usage: "start authprovider for basic auth",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-auth-basic")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()

 			// pre-create folders
-			if cfg.Reva.AuthProvider.Driver == "json" && cfg.Reva.AuthProvider.JSON != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.AuthProvider.JSON), os.FileMode(0700)); err != nil {
+			if cfg.AuthProvider == "json" && cfg.AuthProviders.JSON.File != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.AuthProviders.JSON.File), os.FileMode(0700)); err != nil {
 					return err
 				}
 			}

 			uuid := uuid.Must(uuid.NewV4())
+
 			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")

 			rcfg := authBasicConfigFromStruct(c, cfg)
@@ -50,8 +56,9 @@ func AuthBasic(cfg *config.Config) *cli.Command {
 				Interface("reva-config", rcfg).
 				Msg("config")

-			if cfg.Reva.AuthProvider.Driver == "ldap" {
-				if err := waitForLDAPCA(logger, &cfg.Reva.LDAP); err != nil {
+			if cfg.AuthProvider == "ldap" {
+				ldapCfg := cfg.AuthProviders.LDAP
+				if err := ldap.WaitForCA(logger, ldapCfg.Insecure, ldapCfg.CACert); err != nil {
 					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
 					return err
 				}
@@ -70,10 +77,12 @@ func AuthBasic(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.AuthBasic.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -85,7 +94,7 @@ func AuthBasic(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.AuthBasic.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -98,39 +107,38 @@ func AuthBasic(cfg *config.Config) *cli.Command {
 func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.AuthBasic.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.AuthBasic.GRPCNetwork,
-			"address": cfg.Reva.AuthBasic.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"authprovider": map[string]interface{}{
-					"auth_manager": cfg.Reva.AuthProvider.Driver,
+					"auth_manager": cfg.AuthProvider,
 					"auth_managers": map[string]interface{}{
 						"json": map[string]interface{}{
-							"users": cfg.Reva.AuthProvider.JSON,
+							"users": cfg.AuthProviders.JSON.File,
 						},
-						"ldap": ldapConfigFromString(cfg),
+						"ldap": ldapConfigFromString(cfg.AuthProviders.LDAP),
 						"owncloudsql": map[string]interface{}{
-							"dbusername":        cfg.Reva.UserOwnCloudSQL.DBUsername,
-							"dbpassword":        cfg.Reva.UserOwnCloudSQL.DBPassword,
-							"dbhost":            cfg.Reva.UserOwnCloudSQL.DBHost,
-							"dbport":            cfg.Reva.UserOwnCloudSQL.DBPort,
-							"dbname":            cfg.Reva.UserOwnCloudSQL.DBName,
-							"idp":               cfg.Reva.UserOwnCloudSQL.Idp,
-							"nobody":            cfg.Reva.UserOwnCloudSQL.Nobody,
-							"join_username":     cfg.Reva.UserOwnCloudSQL.JoinUsername,
-							"join_ownclouduuid": cfg.Reva.UserOwnCloudSQL.JoinOwnCloudUUID,
+							"dbusername":        cfg.AuthProviders.OwnCloudSQL.DBUsername,
+							"dbpassword":        cfg.AuthProviders.OwnCloudSQL.DBPassword,
+							"dbhost":            cfg.AuthProviders.OwnCloudSQL.DBHost,
+							"dbport":            cfg.AuthProviders.OwnCloudSQL.DBPort,
+							"dbname":            cfg.AuthProviders.OwnCloudSQL.DBName,
+							"idp":               cfg.AuthProviders.OwnCloudSQL.IDP,
+							"nobody":            cfg.AuthProviders.OwnCloudSQL.Nobody,
+							"join_username":     cfg.AuthProviders.OwnCloudSQL.JoinUsername,
+							"join_ownclouduuid": cfg.AuthProviders.OwnCloudSQL.JoinOwnCloudUUID,
 						},
 					},
 				},
@@ -147,14 +155,13 @@ type AuthBasicSutureService struct {

 // NewAuthBasicSutureService creates a new store.AuthBasicSutureService
 func NewAuthBasic(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.AuthBasic.Commons = cfg.Commons
 	return AuthBasicSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.AuthBasic,
 	}
 }

 func (s AuthBasicSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.AuthBasic.Context = ctx
 	f := &flag.FlagSet{}
 	cmdFlags := AuthBasic(s.cfg).Flags
 	for k := range cmdFlags {
@@ -174,3 +181,36 @@ func (s AuthBasicSutureService) Serve(ctx context.Context) error {

 	return nil
 }
+
+func ldapConfigFromString(cfg config.LDAPProvider) map[string]interface{} {
+	return map[string]interface{}{
+		"uri":               cfg.URI,
+		"cacert":            cfg.CACert,
+		"insecure":          cfg.Insecure,
+		"bind_username":     cfg.BindDN,
+		"bind_password":     cfg.BindPassword,
+		"user_base_dn":      cfg.UserBaseDN,
+		"group_base_dn":     cfg.GroupBaseDN,
+		"user_filter":       cfg.UserFilter,
+		"group_filter":      cfg.GroupFilter,
+		"user_objectclass":  cfg.UserObjectClass,
+		"group_objectclass": cfg.GroupObjectClass,
+		"login_attributes":  cfg.LoginAttributes,
+		"idp":               cfg.IDP,
+		"user_schema": map[string]interface{}{
+			"id":              cfg.UserSchema.ID,
+			"idIsOctetString": cfg.UserSchema.IDIsOctetString,
+			"mail":            cfg.UserSchema.Mail,
+			"displayName":     cfg.UserSchema.DisplayName,
+			"userName":        cfg.UserSchema.Username,
+		},
+		"group_schema": map[string]interface{}{
+			"id":              cfg.GroupSchema.ID,
+			"idIsOctetString": cfg.GroupSchema.IDIsOctetString,
+			"mail":            cfg.GroupSchema.Mail,
+			"displayName":     cfg.GroupSchema.DisplayName,
+			"groupName":       cfg.GroupSchema.Groupname,
+			"member":          cfg.GroupSchema.Member,
+		},
+	}
+}
--- a/extensions/auth-basic/pkg/config/config.go
+++ b/extensions/auth-basic/pkg/config/config.go
@@ -0,0 +1,107 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	AuthProvider          string        `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
+	AuthProviders         AuthProviders `yaml:"auth_providers"`
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_BASIC_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_BASIC_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_BASIC_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_BASIC_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_BASIC_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_BASIC_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"AUTH_BASIC_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"AUTH_BASIC_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"AUTH_BASIC_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"AUTH_BASIC_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type AuthProviders struct {
+	JSON        JSONProvider        `yaml:"json"`
+	LDAP        LDAPProvider        `yaml:"ldap"`
+	OwnCloudSQL OwnCloudSQLProvider `yaml:"owncloud_sql"`
+}
+
+type JSONProvider struct {
+	File string `yaml:"file" env:"AUTH_BASIC_JSON_PROVIDER_FILE" desc:"The file to which the json provider writes the data."`
+}
+
+type LDAPProvider struct {
+	URI              string   `env:"LDAP_URI;AUTH_BASIC_LDAP_URI"`
+	CACert           string   `env:"LDAP_CACERT;AUTH_BASIC_LDAP_CACERT"`
+	Insecure         bool     `env:"LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE"`
+	BindDN           string   `env:"LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN"`
+	BindPassword     string   `env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN"`
+	UserFilter       string   `env:"LDAP_USERFILTER;AUTH_BASIC_LDAP_USERFILTER"`
+	GroupFilter      string   `env:"LDAP_GROUPFILTER;AUTH_BASIC_LDAP_USERFILTER"`
+	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;AUTH_BASIC_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;AUTH_BASIC_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;AUTH_BASIC_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string   `env:"OCIS_URL;AUTH_BASIC_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string   // TODO do we need this here?
+	UserSchema       LDAPUserSchema
+	GroupSchema      LDAPGroupSchema
+}
+
+type LDAPUserSchema struct {
+	ID              string `env:"LDAP_USER_SCHEMA_ID;AUTH_BASIC_LDAP_USER_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_USER_SCHEMA_MAIL;AUTH_BASIC_LDAP_USER_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_USER_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME"`
+	Username        string `env:"LDAP_USER_SCHEMA_USERNAME;AUTH_BASIC_LDAP_USER_SCHEMA_USERNAME"`
+}
+
+type LDAPGroupSchema struct {
+	ID              string `env:"LDAP_GROUP_SCHEMA_ID;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;AUTH_BASIC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_GROUP_SCHEMA_MAIL;AUTH_BASIC_LDAP_GROUP_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_GROUP_SCHEMA_DISPLAYNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_DISPLAYNAME"`
+	Groupname       string `env:"LDAP_GROUP_SCHEMA_GROUPNAME;AUTH_BASIC_LDAP_GROUP_SCHEMA_GROUPNAME"`
+	Member          string `env:"LDAP_GROUP_SCHEMA_MEMBER;AUTH_BASIC_LDAP_GROUP_SCHEMA_MEMBER"`
+}
+
+type OwnCloudSQLProvider struct {
+	DBUsername       string
+	DBPassword       string
+	DBHost           string
+	DBPort           int
+	DBName           string
+	IDP              string // TODO do we need this?
+	Nobody           int64  // TODO what is this?
+	JoinUsername     bool
+	JoinOwnCloudUUID bool
+}
--- a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go
+++ b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,108 @@
+package defaults
+
+import (
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9147",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9146",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "auth-basic",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		AuthProvider:    "ldap",
+		AuthProviders: config.AuthProviders{
+			LDAP: config.LDAPProvider{
+				URI:              "ldaps://localhost:9126",
+				CACert:           filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
+				Insecure:         false,
+				UserBaseDN:       "dc=ocis,dc=test",
+				GroupBaseDN:      "dc=ocis,dc=test",
+				LoginAttributes:  []string{"cn", "mail"},
+				UserFilter:       "",
+				GroupFilter:      "",
+				UserObjectClass:  "posixAccount",
+				GroupObjectClass: "posixGroup",
+				BindDN:           "cn=reva,ou=sysusers,dc=ocis,dc=test",
+				BindPassword:     "reva",
+				IDP:              "https://localhost:9200",
+				UserSchema: config.LDAPUserSchema{
+					ID:          "ownclouduuid",
+					Mail:        "mail",
+					DisplayName: "displayname",
+					Username:    "cn",
+				},
+				GroupSchema: config.LDAPGroupSchema{
+					ID:          "cn",
+					Mail:        "mail",
+					DisplayName: "cn",
+					Groupname:   "cn",
+					Member:      "cn",
+				},
+			},
+			JSON: config.JSONProvider{},
+			OwnCloudSQL: config.OwnCloudSQLProvider{
+				DBUsername:       "owncloud",
+				DBPassword:       "secret",
+				DBHost:           "mysql",
+				DBPort:           3306,
+				DBName:           "owncloud",
+				IDP:              "https://localhost:9200",
+				Nobody:           90,
+				JoinUsername:     false,
+				JoinOwnCloudUUID: false,
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/auth-bearer/pkg/command/command.go
+++ b/extensions/auth-bearer/pkg/command/command.go
@@ -9,11 +9,12 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -23,12 +24,15 @@ func AuthBearer(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "auth-bearer",
 		Usage: "start authprovider for bearer auth",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-auth-bearer")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -54,10 +58,12 @@ func AuthBearer(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.AuthBearer.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -69,7 +75,7 @@ func AuthBearer(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.AuthBearer.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -82,32 +88,30 @@ func AuthBearer(cfg *config.Config) *cli.Command {
 func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	return map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.AuthBearer.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.AuthBearer.GRPCNetwork,
-			"address": cfg.Reva.AuthBearer.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"authprovider": map[string]interface{}{
-					"auth_manager": "oidc",
+					"auth_manager": cfg.AuthProvider,
 					"auth_managers": map[string]interface{}{
 						"oidc": map[string]interface{}{
-							"issuer":     cfg.Reva.OIDC.Issuer,
-							"insecure":   cfg.Reva.OIDC.Insecure,
-							"id_claim":   cfg.Reva.OIDC.IDClaim,
-							"uid_claim":  cfg.Reva.OIDC.UIDClaim,
-							"gid_claim":  cfg.Reva.OIDC.GIDClaim,
-							"gatewaysvc": cfg.Reva.Gateway.Endpoint,
+							"issuer":    cfg.AuthProviders.OIDC.Issuer,
+							"insecure":  cfg.AuthProviders.OIDC.Insecure,
+							"id_claim":  cfg.AuthProviders.OIDC.IDClaim,
+							"uid_claim": cfg.AuthProviders.OIDC.UIDClaim,
+							"gid_claim": cfg.AuthProviders.OIDC.GIDClaim,
 						},
 					},
 				},
@@ -123,28 +127,28 @@ type AuthBearerSutureService struct {

 // NewAuthBearerSutureService creates a new gateway.AuthBearerSutureService
 func NewAuthBearer(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.AuthBearer.Commons = cfg.Commons
 	return AuthBearerSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.AuthBearer,
 	}
 }

 func (s AuthBearerSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.AuthBearer.Context = ctx
+	cmd := AuthBearer(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := AuthBearer(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if AuthBearer(s.cfg).Before != nil {
-		if err := AuthBearer(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := AuthBearer(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/auth-bearer/pkg/config/config.go
+++ b/extensions/auth-bearer/pkg/config/config.go
@@ -0,0 +1,61 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	AuthProvider          string        `yaml:"auth_provider" env:"AUTH_BEARER_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
+	AuthProviders         AuthProviders `yaml:"auth_providers"`
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_BEARER_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_BEARER_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_BEARER_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_BEARER_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_BEARER_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_BEARER_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_BEARER_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_BEARER_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"AUTH_BEARER_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"AUTH_BEARER_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"AUTH_BEARER_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"AUTH_BEARER_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type AuthProviders struct {
+	OIDC OIDCProvider `yaml:"oidc"`
+}
+
+type OIDCProvider struct {
+	Issuer   string `yaml:"issuer" env:"OCIS_URL;AUTH_BEARER_OIDC_ISSUER"`
+	Insecure bool   `yaml:"insecure" env:"OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE"`
+	IDClaim  string `yaml:"id_claim"`
+	UIDClaim string `yaml:"uid_claim"`
+	GIDClaim string `yaml:"gid_claim"`
+}
--- a/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go
+++ b/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,70 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9149",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9148",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "auth-bearer",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		AuthProvider:    "ldap",
+		AuthProviders: config.AuthProviders{
+			OIDC: config.OIDCProvider{
+				Issuer:   "https://localhost:9200",
+				Insecure: false,
+				IDClaim:  "preferred_username",
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/auth-machine/pkg/command/command.go
+++ b/extensions/auth-machine/pkg/command/command.go
@@ -9,11 +9,12 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -23,12 +24,15 @@ func AuthMachine(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "auth-machine",
 		Usage: "start authprovider for machine auth",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-auth-machine")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -54,10 +58,12 @@ func AuthMachine(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.AuthMachine.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -69,7 +75,7 @@ func AuthMachine(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.AuthMachine.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -82,28 +88,27 @@ func AuthMachine(cfg *config.Config) *cli.Command {
 func authMachineConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	return map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.AuthMachine.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.AuthMachine.GRPCNetwork,
-			"address": cfg.Reva.AuthMachine.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"authprovider": map[string]interface{}{
 					"auth_manager": "machine",
 					"auth_managers": map[string]interface{}{
 						"machine": map[string]interface{}{
-							"api_key":      cfg.Reva.AuthMachineConfig.MachineAuthAPIKey,
-							"gateway_addr": cfg.Reva.Gateway.Endpoint,
+							"api_key":      cfg.AuthProviders.Machine.APIKey,
+							"gateway_addr": cfg.GatewayEndpoint,
 						},
 					},
 				},
@@ -119,28 +124,29 @@ type AuthMachineSutureService struct {

 // NewAuthMachineSutureService creates a new gateway.AuthMachineSutureService
 func NewAuthMachine(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.AuthMachine.Commons = cfg.Commons
 	return AuthMachineSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.AuthMachine,
 	}
 }

 func (s AuthMachineSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.AuthMachine.Context = ctx
+	// s.cfg.Reva.AuthMachine.Context = ctx
+	cmd := AuthMachine(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := AuthMachine(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if AuthMachine(s.cfg).Before != nil {
-		if err := AuthMachine(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := AuthMachine(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/auth-machine/pkg/config/config.go
+++ b/extensions/auth-machine/pkg/config/config.go
@@ -0,0 +1,57 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	AuthProvider          string        `yaml:"auth_provider" env:"AUTH_MACHINE_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
+	AuthProviders         AuthProviders `yaml:"auth_providers"`
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_MACHINE_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_MACHINE_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_MACHINE_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_MACHINE_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_MACHINE_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_MACHINE_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_MACHINE_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_MACHINE_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"AUTH_MACHINE_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"AUTH_MACHINE_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"AUTH_MACHINE_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"AUTH_MACHINE_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type AuthProviders struct {
+	Machine MachineProvider `yaml:"machine"`
+}
+
+type MachineProvider struct {
+	APIKey string `yaml:"api_key" env:"OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_PROVIDER_API_KEY" desc:"The api key for the machine auth provider."`
+}
--- a/extensions/auth-machine/pkg/config/defaults/defaultconfig.go
+++ b/extensions/auth-machine/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,68 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9167",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9166",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "auth-machine",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		AuthProvider:    "ldap",
+		AuthProviders: config.AuthProviders{
+			Machine: config.MachineProvider{
+				APIKey: "change-me-please",
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/frontend/pkg/command/command.go
+++ b/extensions/frontend/pkg/command/command.go
@@ -12,12 +12,13 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/frontend/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis-pkg/conversions"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -31,12 +32,17 @@ func Frontend(cfg *config.Config) *cli.Command {
 			if err := loadUserAgent(c, cfg); err != nil {
 				return err
 			}
-			return ParseConfig(c, cfg, "storage-frontend")
+			return nil
 		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)

 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
@@ -59,9 +65,9 @@ func Frontend(cfg *config.Config) *cli.Command {
 					"enabled":       true,
 					"version":       "2.0.0",
 					"formats":       []string{"tar", "zip"},
-					"archiver_url":  cfg.Reva.Archiver.ArchiverURL,
-					"max_num_files": strconv.FormatInt(cfg.Reva.Archiver.MaxNumFiles, 10),
-					"max_size":      strconv.FormatInt(cfg.Reva.Archiver.MaxSize, 10),
+					"archiver_url":  path.Join("/", cfg.Archiver.Prefix),
+					"max_num_files": strconv.FormatInt(cfg.Archiver.MaxNumFiles, 10),
+					"max_size":      strconv.FormatInt(cfg.Archiver.MaxSize, 10),
 				},
 			}

@@ -69,9 +75,9 @@ func Frontend(cfg *config.Config) *cli.Command {
 				{
 					"enabled":  true,
 					"version":  "1.0.0",
-					"apps_url": cfg.Reva.AppProvider.AppsURL,
-					"open_url": cfg.Reva.AppProvider.OpenURL,
-					"new_url":  cfg.Reva.AppProvider.NewURL,
+					"apps_url": cfg.AppProvider.AppsURL,
+					"open_url": cfg.AppProvider.OpenURL,
+					"new_url":  cfg.AppProvider.NewURL,
 				},
 			}

@@ -83,16 +89,16 @@ func Frontend(cfg *config.Config) *cli.Command {
 				"versioning":        true,
 				"archivers":         archivers,
 				"app_providers":     appProviders,
-				"favorites":         cfg.Reva.Frontend.Favorites,
+				"favorites":         cfg.EnableFavorites,
 			}

-			if cfg.Reva.DefaultUploadProtocol == "tus" {
+			if cfg.DefaultUploadProtocol == "tus" {
 				filesCfg["tus_support"] = map[string]interface{}{
 					"version":              "1.0.0",
 					"resumable":            "1.0.0",
 					"extension":            "creation,creation-with-upload",
-					"http_method_override": cfg.Reva.UploadHTTPMethodOverride,
-					"max_chunk_size":       cfg.Reva.UploadMaxChunkSize,
+					"http_method_override": cfg.UploadHTTPMethodOverride,
+					"max_chunk_size":       cfg.UploadMaxChunkSize,
 				}
 			}

@@ -109,10 +115,12 @@ func Frontend(cfg *config.Config) *cli.Command {
 			{
 				server, err := debug.Server(
 					debug.Name(c.Command.Name+"-debug"),
-					debug.Addr(cfg.Reva.Frontend.DebugAddr),
+					debug.Addr(cfg.Debug.Addr),
 					debug.Logger(logger),
 					debug.Context(ctx),
-					debug.Config(cfg),
+					debug.Pprof(cfg.Debug.Pprof),
+					debug.Zpages(cfg.Debug.Zpages),
+					debug.Token(cfg.Debug.Token),
 				)

 				if err != nil {
@@ -129,7 +137,7 @@ func Frontend(cfg *config.Config) *cli.Command {
 				})
 			}

-			if !cfg.Reva.Frontend.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -142,78 +150,77 @@ func Frontend(cfg *config.Config) *cli.Command {
 func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[string]interface{}) map[string]interface{} {
 	return map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.Users.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint, // Todo or address?
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint, // Todo or address?
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"http": map[string]interface{}{
-			"network": cfg.Reva.Frontend.HTTPNetwork,
-			"address": cfg.Reva.Frontend.HTTPAddr,
+			"network": cfg.HTTP.Protocol,
+			"address": cfg.HTTP.Addr,
 			"middlewares": map[string]interface{}{
 				"cors": map[string]interface{}{
 					"allow_credentials": true,
 				},
 				"auth": map[string]interface{}{
-					"credentials_by_user_agent": cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent,
+					"credentials_by_user_agent": cfg.Middleware.Auth.CredentialsByUserAgent,
 					"credential_chain":          []string{"bearer"},
 				},
 			},
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"appprovider": map[string]interface{}{
-					"prefix":                 cfg.Reva.Frontend.AppProviderPrefix,
-					"transfer_shared_secret": cfg.Reva.TransferSecret,
+					"prefix":                 cfg.AppProvider.Prefix,
+					"transfer_shared_secret": cfg.TransferSecret,
 					"timeout":                86400,
-					"insecure":               cfg.Reva.Frontend.AppProviderInsecure,
+					"insecure":               cfg.AppProvider.Insecure,
 				},
 				"archiver": map[string]interface{}{
-					"prefix":        cfg.Reva.Frontend.ArchiverPrefix,
+					"prefix":        cfg.Archiver.Prefix,
 					"timeout":       86400,
-					"insecure":      cfg.Reva.Frontend.ArchiverInsecure,
-					"max_num_files": cfg.Reva.Archiver.MaxNumFiles,
-					"max_size":      cfg.Reva.Archiver.MaxSize,
+					"insecure":      cfg.Archiver.Insecure,
+					"max_num_files": cfg.Archiver.MaxNumFiles,
+					"max_size":      cfg.Archiver.MaxSize,
 				},
 				"datagateway": map[string]interface{}{
-					"prefix":                 cfg.Reva.Frontend.DatagatewayPrefix,
-					"transfer_shared_secret": cfg.Reva.TransferSecret,
+					"prefix":                 cfg.DataGateway.Prefix,
+					"transfer_shared_secret": cfg.TransferSecret,
 					"timeout":                86400,
 					"insecure":               true,
 				},
 				"ocs": map[string]interface{}{
-					"storage_registry_svc":      cfg.Reva.Gateway.Endpoint,
-					"share_prefix":              cfg.Reva.Frontend.OCSSharePrefix,
-					"home_namespace":            cfg.Reva.Frontend.OCSHomeNamespace,
-					"resource_info_cache_ttl":   cfg.Reva.Frontend.OCSResourceInfoCacheTTL,
-					"prefix":                    cfg.Reva.Frontend.OCSPrefix,
-					"additional_info_attribute": cfg.Reva.Frontend.OCSAdditionalInfoAttribute,
-					"machine_auth_apikey":       cfg.Reva.AuthMachineConfig.MachineAuthAPIKey,
-					"cache_warmup_driver":       cfg.Reva.Frontend.OCSCacheWarmupDriver,
+					"storage_registry_svc":      cfg.GatewayEndpoint,
+					"share_prefix":              cfg.OCS.SharePrefix,
+					"home_namespace":            cfg.OCS.HomeNamespace,
+					"resource_info_cache_ttl":   cfg.OCS.ResourceInfoCacheTTL,
+					"prefix":                    cfg.OCS.Prefix,
+					"additional_info_attribute": cfg.OCS.AdditionalInfoAttribute,
+					"machine_auth_apikey":       cfg.AuthMachine.APIKey,
+					"cache_warmup_driver":       cfg.OCS.CacheWarmupDriver,
 					"cache_warmup_drivers": map[string]interface{}{
 						"cbox": map[string]interface{}{
-							"db_username": cfg.Reva.Sharing.UserSQLUsername,
-							"db_password": cfg.Reva.Sharing.UserSQLPassword,
-							"db_host":     cfg.Reva.Sharing.UserSQLHost,
-							"db_port":     cfg.Reva.Sharing.UserSQLPort,
-							"db_name":     cfg.Reva.Sharing.UserSQLName,
-							"namespace":   cfg.Reva.UserStorage.EOS.Root,
-							"gatewaysvc":  cfg.Reva.Gateway.Endpoint,
+							"db_username": cfg.OCS.CacheWarmupDrivers.CBOX.DBUsername,
+							"db_password": cfg.OCS.CacheWarmupDrivers.CBOX.DBPassword,
+							"db_host":     cfg.OCS.CacheWarmupDrivers.CBOX.DBHost,
+							"db_port":     cfg.OCS.CacheWarmupDrivers.CBOX.DBPort,
+							"db_name":     cfg.OCS.CacheWarmupDrivers.CBOX.DBName,
+							"namespace":   cfg.OCS.CacheWarmupDrivers.CBOX.Namespace,
+							"gatewaysvc":  cfg.GatewayEndpoint,
 						},
 					},
 					"config": map[string]interface{}{
 						"version": "1.7",
 						"website": "ownCloud",
-						"host":    cfg.Reva.Frontend.PublicURL,
+						"host":    cfg.PublicURL,
 						"contact": "",
 						"ssl":     "false",
 					},
-					"default_upload_protocol": cfg.Reva.DefaultUploadProtocol,
+					"default_upload_protocol": cfg.DefaultUploadProtocol,
 					"capabilities": map[string]interface{}{
 						"capabilities": map[string]interface{}{
 							"core": map[string]interface{}{
@@ -232,8 +239,8 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 								"support_url_signing": true,
 							},
 							"checksums": map[string]interface{}{
-								"supported_types":       cfg.Reva.ChecksumSupportedTypes,
-								"preferred_upload_type": cfg.Reva.ChecksumPreferredUploadType,
+								"supported_types":       cfg.Checksums.SupportedTypes,
+								"preferred_upload_type": cfg.Checksums.PreferredUploadType,
 							},
 							"files": filesCfg,
 							"dav":   map[string]interface{}{},
@@ -254,15 +261,15 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 									"multiple":             true,
 									"supports_upload_only": true,
 									"password": map[string]interface{}{
-										"enforced": true,
+										"enforced": false,
 										"enforced_for": map[string]interface{}{
-											"read_only":   true,
-											"read_write":  true,
-											"upload_only": true,
+											"read_only":   false,
+											"read_write":  false,
+											"upload_only": false,
 										},
 									},
 									"expire_date": map[string]interface{}{
-										"enabled": false,
+										"enabled": true,
 									},
 									"can_edit": true,
 								},
@@ -287,7 +294,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 							},
 							"spaces": map[string]interface{}{
 								"version": "0.0.1",
-								"enabled": cfg.Reva.Frontend.ProjectSpaces,
+								"enabled": cfg.EnableProjectSpaces,
 							},
 						},
 						"version": map[string]interface{}{
@@ -313,7 +320,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 // have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied
 // in reverse for each individual part
 func loadUserAgent(c *cli.Context, cfg *config.Config) error {
-	cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
+	cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
 	locks := c.StringSlice("user-agent-whitelist-lock-in")

 	for _, v := range locks {
@@ -323,7 +330,7 @@ func loadUserAgent(c *cli.Context, cfg *config.Config) error {
 			return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v)
 		}

-		cfg.Reva.Frontend.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
+		cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
 	}

 	return nil
@@ -336,28 +343,29 @@ type FrontendSutureService struct {

 // NewFrontend creates a new frontend.FrontendSutureService
 func NewFrontend(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.Frontend.Commons = cfg.Commons
 	return FrontendSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.Frontend,
 	}
 }

 func (s FrontendSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Frontend.Context = ctx
+	// s.cfg.Reva.Frontend.Context = ctx
+	cmd := Frontend(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := Frontend(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if Frontend(s.cfg).Before != nil {
-		if err := Frontend(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := Frontend(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/frontend/pkg/config/config.go
+++ b/extensions/frontend/pkg/config/config.go
@@ -0,0 +1,130 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	HTTP HTTPConfig `yaml:"http"`
+
+	// JWTSecret used to verify reva access token
+	JWTSecret             string `yaml:"jwt_secret"`
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+
+	EnableFavorites          bool `yaml:"favorites"`
+	EnableProjectSpaces      bool
+	UploadMaxChunkSize       int    `yaml:"upload_max_chunk_size"`
+	UploadHTTPMethodOverride string `yaml:"upload_http_method_override"`
+	DefaultUploadProtocol    string `yaml:"default_upload_protocol"`
+	TransferSecret           string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"`
+	PublicURL                string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"`
+
+	Archiver    Archiver
+	AppProvider AppProvider
+	DataGateway DataGateway
+	OCS         OCS
+	AuthMachine AuthMachine
+	Checksums   Checksums
+
+	Middleware Middleware
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;FRONTEND_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;FRONTEND_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;FRONTEND_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;FRONTEND_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;FRONTEND_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;FRONTEND_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"FRONTEND_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"FRONTEND_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"FRONTEND_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"FRONTEND_DEBUG_ZPAGES"`
+}
+
+type HTTPConfig struct {
+	Addr     string `yaml:"addr" env:"FRONTEND_HTTP_ADDR" desc:"The address of the http service."`
+	Protocol string `yaml:"protocol" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."`
+	Prefix   string `yaml:"prefix"`
+}
+
+// Middleware configures reva middlewares.
+type Middleware struct {
+	Auth Auth `yaml:"auth"`
+}
+
+// Auth configures reva http auth middleware.
+type Auth struct {
+	CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agenr"`
+}
+
+type Archiver struct {
+	MaxNumFiles int64 `yaml:"max_num_files"`
+	MaxSize     int64 `yaml:"max_size"`
+	Prefix      string
+	Insecure    bool `env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"`
+}
+
+type AppProvider struct {
+	ExternalAddr string `yaml:"external_addr"`
+	Driver       string `yaml:"driver"`
+	// WopiDriver   WopiDriver `yaml:"wopi_driver"`
+	AppsURL  string `yaml:"apps_url"`
+	OpenURL  string `yaml:"open_url"`
+	NewURL   string `yaml:"new_url"`
+	Prefix   string
+	Insecure bool `env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"`
+}
+
+type DataGateway struct {
+	Prefix string
+}
+
+type OCS struct {
+	Prefix                  string `yaml:"prefix"`
+	SharePrefix             string `yaml:"share_prefix"`
+	HomeNamespace           string `yaml:"home_namespace"`
+	AdditionalInfoAttribute string `yaml:"additional_info_attribute"`
+	ResourceInfoCacheTTL    int    `yaml:"resource_info_cache_ttl"`
+	CacheWarmupDriver       string `yaml:"cache_warmup_driver"`
+	CacheWarmupDrivers      CacheWarmupDrivers
+}
+
+type CacheWarmupDrivers struct {
+	CBOX CBOXDriver
+}
+
+type CBOXDriver struct {
+	DBUsername string
+	DBPassword string
+	DBHost     string
+	DBPort     int
+	DBName     string
+	Namespace  string
+}
+
+type AuthMachine struct {
+	APIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
+}
+
+type Checksums struct {
+	SupportedTypes      []string `yaml:"supported_types"`
+	PreferredUploadType string   `yaml:"preferred_upload_type"`
+}
--- a/extensions/frontend/pkg/config/defaults/defaultconfig.go
+++ b/extensions/frontend/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,103 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/frontend/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9141",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		HTTP: config.HTTPConfig{
+			Addr:     "127.0.0.1:9140",
+			Protocol: "tcp",
+			Prefix:   "",
+		},
+		Service: config.Service{
+			Name: "frontend",
+		},
+		GatewayEndpoint:          "127.0.0.1:9142",
+		JWTSecret:                "Pive-Fumkiu4",
+		PublicURL:                "https://localhost:9200",
+		EnableFavorites:          false,
+		EnableProjectSpaces:      true,
+		UploadMaxChunkSize:       1e+8,
+		UploadHTTPMethodOverride: "",
+		DefaultUploadProtocol:    "tus",
+		TransferSecret:           "replace-me-with-a-transfer-secret",
+		Checksums: config.Checksums{
+			SupportedTypes:      []string{"sha1", "md5", "adler32"},
+			PreferredUploadType: "",
+		},
+		AppProvider: config.AppProvider{
+			Prefix:   "",
+			Insecure: false,
+		},
+		Archiver: config.Archiver{
+			Insecure:    false,
+			Prefix:      "archiver",
+			MaxNumFiles: 10000,
+			MaxSize:     1073741824,
+		},
+		DataGateway: config.DataGateway{
+			Prefix: "data",
+		},
+		OCS: config.OCS{
+			Prefix:                  "ocs",
+			SharePrefix:             "/Shares",
+			HomeNamespace:           "/users/{{.Id.OpaqueId}}",
+			CacheWarmupDriver:       "",
+			AdditionalInfoAttribute: "{{.Mail}}",
+			ResourceInfoCacheTTL:    0,
+		},
+		AuthMachine: config.AuthMachine{
+			APIKey: "change-me-please",
+		},
+		Middleware: config.Middleware{
+			Auth: config.Auth{
+				CredentialsByUserAgent: map[string]string{},
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/gateway/pkg/command/command.go
+++ b/extensions/gateway/pkg/command/command.go
@@ -13,14 +13,13 @@ import (
 	"github.com/gofrs/uuid"
 	"github.com/mitchellh/mapstructure"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/gateway/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
 	"github.com/owncloud/ocis/extensions/storage/pkg/service/external"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis-pkg/log"
-	"github.com/owncloud/ocis/ocis-pkg/shared"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/owncloud/ocis/ocis-pkg/version"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
@@ -32,19 +31,21 @@ func Gateway(cfg *config.Config) *cli.Command {
 		Name:  "gateway",
 		Usage: "start gateway",
 		Before: func(c *cli.Context) error {
-			if err := ParseConfig(c, cfg, "storage-gateway"); err != nil {
-				return err
-			}
-
-			if cfg.Reva.DataGateway.PublicURL == "" {
-				cfg.Reva.DataGateway.PublicURL = strings.TrimRight(cfg.Reva.Frontend.PublicURL, "/") + "/data"
+			if cfg.DataGatewayPublicURL == "" {
+				cfg.DataGatewayPublicURL = strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data"
 			}

 			return nil
 		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			uuid := uuid.Must(uuid.NewV4())
@@ -62,7 +63,7 @@ func Gateway(cfg *config.Config) *cli.Command {
 					ctx,
 					"com.owncloud.storage",
 					uuid.String(),
-					cfg.Reva.Gateway.GRPCAddr,
+					cfg.GRPC.Addr,
 					version.String,
 					logger,
 				)
@@ -87,10 +88,12 @@ func Gateway(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.Gateway.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -102,7 +105,7 @@ func Gateway(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.Gateway.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -115,56 +118,55 @@ func Gateway(cfg *config.Config) *cli.Command {
 func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logger) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.Users.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.Gateway.GRPCNetwork,
-			"address": cfg.Reva.Gateway.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"gateway": map[string]interface{}{
 					// registries is located on the gateway
-					"authregistrysvc":    cfg.Reva.Gateway.Endpoint,
-					"storageregistrysvc": cfg.Reva.Gateway.Endpoint,
-					"appregistrysvc":     cfg.Reva.Gateway.Endpoint,
+					"authregistrysvc":    cfg.GatewayEndpoint,
+					"storageregistrysvc": cfg.GatewayEndpoint,
+					"appregistrysvc":     cfg.GatewayEndpoint,
 					// user metadata is located on the users services
-					"preferencessvc":   cfg.Reva.Users.Endpoint,
-					"userprovidersvc":  cfg.Reva.Users.Endpoint,
-					"groupprovidersvc": cfg.Reva.Groups.Endpoint,
-					"permissionssvc":   cfg.Reva.Permissions.Endpoint,
+					"preferencessvc":   cfg.UsersEndpoint,
+					"userprovidersvc":  cfg.UsersEndpoint,
+					"groupprovidersvc": cfg.GroupsEndpoint,
+					"permissionssvc":   cfg.PermissionsEndpoint,
 					// sharing is located on the sharing service
-					"usershareprovidersvc":          cfg.Reva.Sharing.Endpoint,
-					"publicshareprovidersvc":        cfg.Reva.Sharing.Endpoint,
-					"ocmshareprovidersvc":           cfg.Reva.Sharing.Endpoint,
-					"commit_share_to_storage_grant": cfg.Reva.Gateway.CommitShareToStorageGrant,
-					"commit_share_to_storage_ref":   cfg.Reva.Gateway.CommitShareToStorageRef,
-					"share_folder":                  cfg.Reva.Gateway.ShareFolder, // ShareFolder is the location where to create shares in the recipient's storage provider.
+					"usershareprovidersvc":          cfg.SharingEndpoint,
+					"publicshareprovidersvc":        cfg.SharingEndpoint,
+					"ocmshareprovidersvc":           cfg.SharingEndpoint,
+					"commit_share_to_storage_grant": cfg.CommitShareToStorageGrant,
+					"commit_share_to_storage_ref":   cfg.CommitShareToStorageRef,
+					"share_folder":                  cfg.ShareFolder, // ShareFolder is the location where to create shares in the recipient's storage provider.
 					// other
-					"disable_home_creation_on_login": cfg.Reva.Gateway.DisableHomeCreationOnLogin,
-					"datagateway":                    cfg.Reva.DataGateway.PublicURL,
-					"transfer_shared_secret":         cfg.Reva.TransferSecret,
-					"transfer_expires":               cfg.Reva.TransferExpires,
-					"home_mapping":                   cfg.Reva.Gateway.HomeMapping,
-					"etag_cache_ttl":                 cfg.Reva.Gateway.EtagCacheTTL,
+					"disable_home_creation_on_login": cfg.DisableHomeCreationOnLogin,
+					"datagateway":                    cfg.DataGatewayPublicURL,
+					"transfer_shared_secret":         cfg.TransferSecret,
+					"transfer_expires":               cfg.TransferExpires,
+					"home_mapping":                   cfg.HomeMapping,
+					"etag_cache_ttl":                 cfg.EtagCacheTTL,
 				},
 				"authregistry": map[string]interface{}{
 					"driver": "static",
 					"drivers": map[string]interface{}{
 						"static": map[string]interface{}{
 							"rules": map[string]interface{}{
-								"basic":        cfg.Reva.AuthBasic.Endpoint,
-								"bearer":       cfg.Reva.AuthBearer.Endpoint,
-								"machine":      cfg.Reva.AuthMachine.Endpoint,
-								"publicshares": cfg.Reva.StoragePublicLink.Endpoint,
+								"basic":        cfg.AuthBasicEndpoint,
+								"bearer":       cfg.AuthBearerEndpoint,
+								"machine":      cfg.AuthMachineEndpoint,
+								"publicshares": cfg.StoragePublicLinkEndpoint,
 							},
 						},
 					},
@@ -178,7 +180,7 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
 					},
 				},
 				"storageregistry": map[string]interface{}{
-					"driver": cfg.Reva.StorageRegistry.Driver,
+					"driver": cfg.StorageRegistry.Driver,
 					"drivers": map[string]interface{}{
 						"spaces": map[string]interface{}{
 							"providers": spacesProviders(cfg, logger),
@@ -194,20 +196,20 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
 func spacesProviders(cfg *config.Config, logger log.Logger) map[string]map[string]interface{} {

 	// if a list of rules is given it overrides the generated rules from below
-	if len(cfg.Reva.StorageRegistry.Rules) > 0 {
+	if len(cfg.StorageRegistry.Rules) > 0 {
 		rules := map[string]map[string]interface{}{}
-		for i := range cfg.Reva.StorageRegistry.Rules {
-			parts := strings.SplitN(cfg.Reva.StorageRegistry.Rules[i], "=", 2)
+		for i := range cfg.StorageRegistry.Rules {
+			parts := strings.SplitN(cfg.StorageRegistry.Rules[i], "=", 2)
 			rules[parts[0]] = map[string]interface{}{"address": parts[1]}
 		}
 		return rules
 	}

 	// check if the rules have to be read from a json file
-	if cfg.Reva.StorageRegistry.JSON != "" {
-		data, err := ioutil.ReadFile(cfg.Reva.StorageRegistry.JSON)
+	if cfg.StorageRegistry.JSON != "" {
+		data, err := ioutil.ReadFile(cfg.StorageRegistry.JSON)
 		if err != nil {
-			logger.Error().Err(err).Msg("Failed to read storage registry rules from JSON file: " + cfg.Reva.StorageRegistry.JSON)
+			logger.Error().Err(err).Msg("Failed to read storage registry rules from JSON file: " + cfg.StorageRegistry.JSON)
 			return nil
 		}
 		var rules map[string]map[string]interface{}
@@ -220,7 +222,7 @@ func spacesProviders(cfg *config.Config, logger log.Logger) map[string]map[strin

 	// generate rules based on default config
 	return map[string]map[string]interface{}{
-		cfg.Reva.StorageUsers.Endpoint: {
+		cfg.StorageUsersEndpoint: {
 			"spaces": map[string]interface{}{
 				"personal": map[string]interface{}{
 					"mount_point":   "/users",
@@ -232,7 +234,7 @@ func spacesProviders(cfg *config.Config, logger log.Logger) map[string]map[strin
 				},
 			},
 		},
-		cfg.Reva.StorageShares.Endpoint: {
+		cfg.StorageSharesEndpoint: {
 			"spaces": map[string]interface{}{
 				"virtual": map[string]interface{}{
 					// The root of the share jail is mounted here
@@ -251,7 +253,7 @@ func spacesProviders(cfg *config.Config, logger log.Logger) map[string]map[strin
 			},
 		},
 		// public link storage returns the mount id of the actual storage
-		cfg.Reva.StoragePublicLink.Endpoint: {
+		cfg.StoragePublicLinkEndpoint: {
 			"spaces": map[string]interface{}{
 				"grant": map[string]interface{}{
 					"mount_point": ".",
@@ -281,10 +283,10 @@ func mimetypes(cfg *config.Config, logger log.Logger) []map[string]interface{} {
 	var m []map[string]interface{}

 	// load default app mimetypes from a json file
-	if cfg.Reva.AppRegistry.MimetypesJSON != "" {
-		data, err := ioutil.ReadFile(cfg.Reva.AppRegistry.MimetypesJSON)
+	if cfg.AppRegistry.MimetypesJSON != "" {
+		data, err := ioutil.ReadFile(cfg.AppRegistry.MimetypesJSON)
 		if err != nil {
-			logger.Error().Err(err).Msg("Failed to read app registry mimetypes from JSON file: " + cfg.Reva.AppRegistry.MimetypesJSON)
+			logger.Error().Err(err).Msg("Failed to read app registry mimetypes from JSON file: " + cfg.AppRegistry.MimetypesJSON)
 			return nil
 		}
 		if err = json.Unmarshal(data, &mimetypes); err != nil {
@@ -385,56 +387,30 @@ type GatewaySutureService struct {

 // NewGatewaySutureService creates a new gateway.GatewaySutureService
 func NewGateway(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.Gateway.Commons = cfg.Commons
 	return GatewaySutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.Gateway,
 	}
 }

 func (s GatewaySutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Gateway.Context = ctx
+	cmd := Gateway(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := Gateway(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if Gateway(s.cfg).Before != nil {
-		if err := Gateway(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := Gateway(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

 	return nil
 }
-
-// ParseConfig loads accounts configuration from known paths.
-func ParseConfig(c *cli.Context, cfg *config.Config, storageExtension string) error {
-	conf, err := ociscfg.BindSourcesToStructs(storageExtension, cfg)
-	if err != nil {
-		return err
-	}
-
-	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
-	if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
-		cfg.Log = &shared.Log{
-			Level:  cfg.Commons.Log.Level,
-			Pretty: cfg.Commons.Log.Pretty,
-			Color:  cfg.Commons.Log.Color,
-			File:   cfg.Commons.Log.File,
-		}
-	} else if cfg.Log == nil {
-		cfg.Log = &shared.Log{}
-	}
-
-	// load all env variables relevant to the config in the current context.
-	conf.LoadOSEnv(config.GetEnv(cfg), false)
-
-	bindings := config.StructMappings(cfg)
-	return ociscfg.BindEnv(conf, bindings)
-}
--- a/extensions/gateway/pkg/config/config.go
+++ b/extensions/gateway/pkg/config/config.go
@@ -0,0 +1,82 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+
+	CommitShareToStorageGrant  bool
+	CommitShareToStorageRef    bool
+	ShareFolder                string
+	DisableHomeCreationOnLogin bool
+	TransferSecret             string `env:"STORAGE_TRANSFER_SECRET"`
+	TransferExpires            int
+	HomeMapping                string
+	EtagCacheTTL               int
+
+	UsersEndpoint             string
+	GroupsEndpoint            string
+	PermissionsEndpoint       string
+	SharingEndpoint           string
+	DataGatewayPublicURL      string
+	FrontendPublicURL         string `env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL"`
+	AuthBasicEndpoint         string
+	AuthBearerEndpoint        string
+	AuthMachineEndpoint       string
+	StoragePublicLinkEndpoint string
+	StorageUsersEndpoint      string
+	StorageSharesEndpoint     string
+
+	StorageRegistry StorageRegistry
+	AppRegistry     AppRegistry
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GATEWAY_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;GATEWAY_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;GATEWAY_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;GATEWAY_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;GATEWAY_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;GATEWAY_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;GATEWAY_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;GATEWAY_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"GATEWAY_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"GATEWAY_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"GATEWAY_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"GATEWAY_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type StorageRegistry struct {
+	Driver string
+	Rules  []string
+	JSON   string
+}
+
+type AppRegistry struct {
+	MimetypesJSON string
+}
--- a/extensions/gateway/pkg/config/defaults/defaultconfig.go
+++ b/extensions/gateway/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,92 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/gateway/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9143",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9142",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "gateway",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+
+		CommitShareToStorageGrant:  true,
+		CommitShareToStorageRef:    true,
+		ShareFolder:                "Shares",
+		DisableHomeCreationOnLogin: true,
+		TransferSecret:             "replace-me-with-a-transfer-secret",
+		TransferExpires:            24 * 60 * 60,
+		HomeMapping:                "",
+		EtagCacheTTL:               0,
+
+		UsersEndpoint:             "localhost:9144",
+		GroupsEndpoint:            "localhost:9160",
+		PermissionsEndpoint:       "localhost:9191",
+		SharingEndpoint:           "localhost:9150",
+		DataGatewayPublicURL:      "",
+		FrontendPublicURL:         "https://localhost:9200",
+		AuthBasicEndpoint:         "localhost:9146",
+		AuthBearerEndpoint:        "localhost:9148",
+		AuthMachineEndpoint:       "localhost:9166",
+		StoragePublicLinkEndpoint: "localhost:9178",
+		StorageUsersEndpoint:      "localhost:9157",
+		StorageSharesEndpoint:     "localhost:9154",
+
+		StorageRegistry: config.StorageRegistry{
+			Driver: "spaces",
+			JSON:   "",
+		},
+		AppRegistry: config.AppRegistry{
+			MimetypesJSON: "",
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/glauth/pkg/config/defaults/defaultconfig.go
+++ b/extensions/glauth/pkg/config/defaults/defaultconfig.go
@@ -86,5 +86,5 @@ func EnsureDefaults(cfg *config.Config) {
 }

 func Sanitize(cfg *config.Config) {
-	// nothing to santizie here atm
+	// nothing to sanitize here atm
 }
--- a/extensions/storage/pkg/command/groups.go
+++ b/extensions/storage/pkg/command/groups.go
@@ -10,11 +10,13 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/group/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/ldap"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -24,19 +26,22 @@ func Groups(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "groups",
 		Usage: "start groups service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-groups")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()

 			// pre-create folders
-			if cfg.Reva.Groups.Driver == "json" && cfg.Reva.Groups.JSON != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.Groups.JSON), os.FileMode(0700)); err != nil {
+			if cfg.Driver == "json" && cfg.Drivers.JSON.File != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.Drivers.JSON.File), os.FileMode(0700)); err != nil {
 					return err
 				}
 			}
@@ -46,8 +51,8 @@ func Groups(cfg *config.Config) *cli.Command {

 			rcfg := groupsConfigFromStruct(c, cfg)

-			if cfg.Reva.Groups.Driver == "ldap" {
-				if err := waitForLDAPCA(logger, &cfg.Reva.LDAP); err != nil {
+			if cfg.Driver == "ldap" {
+				if err := ldap.WaitForCA(logger, cfg.Drivers.LDAP.Insecure, cfg.Drivers.LDAP.CACert); err != nil {
 					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
 					return err
 				}
@@ -70,10 +75,12 @@ func Groups(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.Groups.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -85,7 +92,7 @@ func Groups(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.Groups.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -98,40 +105,39 @@ func Groups(cfg *config.Config) *cli.Command {
 func groupsConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	return map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.Groups.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.Groups.GRPCNetwork,
-			"address": cfg.Reva.Groups.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"groupprovider": map[string]interface{}{
-					"driver": cfg.Reva.Groups.Driver,
+					"driver": cfg.Driver,
 					"drivers": map[string]interface{}{
 						"json": map[string]interface{}{
-							"groups": cfg.Reva.Groups.JSON,
+							"groups": cfg.Drivers.JSON.File,
 						},
-						"ldap": ldapConfigFromString(cfg),
+						"ldap": ldapConfigFromString(cfg.Drivers.LDAP),
 						"rest": map[string]interface{}{
-							"client_id":                      cfg.Reva.UserGroupRest.ClientID,
-							"client_secret":                  cfg.Reva.UserGroupRest.ClientSecret,
-							"redis_address":                  cfg.Reva.UserGroupRest.RedisAddress,
-							"redis_username":                 cfg.Reva.UserGroupRest.RedisUsername,
-							"redis_password":                 cfg.Reva.UserGroupRest.RedisPassword,
-							"group_members_cache_expiration": cfg.Reva.Groups.GroupMembersCacheExpiration,
-							"id_provider":                    cfg.Reva.UserGroupRest.IDProvider,
-							"api_base_url":                   cfg.Reva.UserGroupRest.APIBaseURL,
-							"oidc_token_endpoint":            cfg.Reva.UserGroupRest.OIDCTokenEndpoint,
-							"target_api":                     cfg.Reva.UserGroupRest.TargetAPI,
+							"client_id":                      cfg.Drivers.REST.ClientID,
+							"client_secret":                  cfg.Drivers.REST.ClientSecret,
+							"redis_address":                  cfg.Drivers.REST.RedisAddr,
+							"redis_username":                 cfg.Drivers.REST.RedisUsername,
+							"redis_password":                 cfg.Drivers.REST.RedisPassword,
+							"group_members_cache_expiration": cfg.GroupMembersCacheExpiration,
+							"id_provider":                    cfg.Drivers.REST.IDProvider,
+							"api_base_url":                   cfg.Drivers.REST.APIBaseURL,
+							"oidc_token_endpoint":            cfg.Drivers.REST.OIDCTokenEndpoint,
+							"target_api":                     cfg.Drivers.REST.TargetAPI,
 						},
 					},
 				},
@@ -147,14 +153,14 @@ type GroupSutureService struct {

 // NewGroupProviderSutureService creates a new storage.GroupProvider
 func NewGroupProvider(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.Group.Commons = cfg.Commons
 	return GroupSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.Group,
 	}
 }

 func (s GroupSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Groups.Context = ctx
+	// s.cfg.Reva.Groups.Context = ctx
 	f := &flag.FlagSet{}
 	cmdFlags := Groups(s.cfg).Flags
 	for k := range cmdFlags {
@@ -174,3 +180,36 @@ func (s GroupSutureService) Serve(ctx context.Context) error {

 	return nil
 }
+
+func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} {
+	return map[string]interface{}{
+		"uri":               cfg.URI,
+		"cacert":            cfg.CACert,
+		"insecure":          cfg.Insecure,
+		"bind_username":     cfg.BindDN,
+		"bind_password":     cfg.BindPassword,
+		"user_base_dn":      cfg.UserBaseDN,
+		"group_base_dn":     cfg.GroupBaseDN,
+		"user_filter":       cfg.UserFilter,
+		"group_filter":      cfg.GroupFilter,
+		"user_objectclass":  cfg.UserObjectClass,
+		"group_objectclass": cfg.GroupObjectClass,
+		"login_attributes":  cfg.LoginAttributes,
+		"idp":               cfg.IDP,
+		"user_schema": map[string]interface{}{
+			"id":              cfg.UserSchema.ID,
+			"idIsOctetString": cfg.UserSchema.IDIsOctetString,
+			"mail":            cfg.UserSchema.Mail,
+			"displayName":     cfg.UserSchema.DisplayName,
+			"userName":        cfg.UserSchema.Username,
+		},
+		"group_schema": map[string]interface{}{
+			"id":              cfg.GroupSchema.ID,
+			"idIsOctetString": cfg.GroupSchema.IDIsOctetString,
+			"mail":            cfg.GroupSchema.Mail,
+			"displayName":     cfg.GroupSchema.DisplayName,
+			"groupName":       cfg.GroupSchema.Groupname,
+			"member":          cfg.GroupSchema.Member,
+		},
+	}
+}
--- a/extensions/group/pkg/config/config.go
+++ b/extensions/group/pkg/config/config.go
@@ -0,0 +1,121 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret                   string
+	GatewayEndpoint             string
+	SkipUserGroupsInToken       bool
+	GroupMembersCacheExpiration int
+	Driver                      string
+	Drivers                     Drivers
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GROUPS_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;GROUPS_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;GROUPS_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;GROUPS_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;GROUPS_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;GROUPS_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;GROUPS_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;GROUPS_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"GROUPS_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"GROUPS_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"GROUPS_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"GROUPS_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type Drivers struct {
+	JSON        JSONDriver
+	LDAP        LDAPDriver
+	OwnCloudSQL OwnCloudSQLDriver
+	REST        RESTProvider
+}
+
+type JSONDriver struct {
+	File string
+}
+type LDAPDriver struct {
+	URI              string   `env:"LDAP_URI;GROUPS_LDAP_URI"`
+	CACert           string   `env:"LDAP_CACERT;GROUPS_LDAP_CACERT"`
+	Insecure         bool     `env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE"`
+	BindDN           string   `env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN"`
+	BindPassword     string   `env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN"`
+	UserFilter       string   `env:"LDAP_USERFILTER;GROUPS_LDAP_USERFILTER"`
+	GroupFilter      string   `env:"LDAP_GROUPFILTER;GROUPS_LDAP_USERFILTER"`
+	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;GROUPS_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;GROUPS_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;GROUPS_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string   `env:"OCIS_URL;GROUPS_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string   // TODO do we need this here?
+	UserSchema       LDAPUserSchema
+	GroupSchema      LDAPGroupSchema
+}
+
+type LDAPUserSchema struct {
+	ID              string `env:"LDAP_USER_SCHEMA_ID;GROUPS_LDAP_USER_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_USER_SCHEMA_MAIL;GROUPS_LDAP_USER_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_USER_SCHEMA_DISPLAYNAME;GROUPS_LDAP_USER_SCHEMA_DISPLAYNAME"`
+	Username        string `env:"LDAP_USER_SCHEMA_USERNAME;GROUPS_LDAP_USER_SCHEMA_USERNAME"`
+}
+
+type LDAPGroupSchema struct {
+	ID              string `env:"LDAP_GROUP_SCHEMA_ID;GROUPS_LDAP_GROUP_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;GROUPS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_GROUP_SCHEMA_MAIL;GROUPS_LDAP_GROUP_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_GROUP_SCHEMA_DISPLAYNAME;GROUPS_LDAP_GROUP_SCHEMA_DISPLAYNAME"`
+	Groupname       string `env:"LDAP_GROUP_SCHEMA_GROUPNAME;GROUPS_LDAP_GROUP_SCHEMA_GROUPNAME"`
+	Member          string `env:"LDAP_GROUP_SCHEMA_MEMBER;GROUPS_LDAP_GROUP_SCHEMA_MEMBER"`
+}
+
+type OwnCloudSQLDriver struct {
+	DBUsername         string
+	DBPassword         string
+	DBHost             string
+	DBPort             int
+	DBName             string
+	IDP                string // TODO do we need this?
+	Nobody             int64  // TODO what is this?
+	JoinUsername       bool
+	JoinOwnCloudUUID   bool
+	EnableMedialSearch bool
+}
+
+type RESTProvider struct {
+	ClientID          string
+	ClientSecret      string
+	RedisAddr         string
+	RedisUsername     string
+	RedisPassword     string
+	IDProvider        string
+	APIBaseURL        string
+	OIDCTokenEndpoint string
+	TargetAPI         string
+}
--- a/extensions/group/pkg/config/defaults/defaultconfig.go
+++ b/extensions/group/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,113 @@
+package defaults
+
+import (
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/group/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9161",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9160",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "user",
+		},
+		GroupMembersCacheExpiration: 5,
+		GatewayEndpoint:             "127.0.0.1:9142",
+		JWTSecret:                   "Pive-Fumkiu4",
+		Driver:                      "ldap",
+		Drivers: config.Drivers{
+			LDAP: config.LDAPDriver{
+				URI:              "ldaps://localhost:9126",
+				CACert:           filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
+				Insecure:         false,
+				UserBaseDN:       "dc=ocis,dc=test",
+				GroupBaseDN:      "dc=ocis,dc=test",
+				LoginAttributes:  []string{"cn", "mail"},
+				UserFilter:       "",
+				GroupFilter:      "",
+				UserObjectClass:  "posixAccount",
+				GroupObjectClass: "posixGroup",
+				BindDN:           "cn=reva,ou=sysusers,dc=ocis,dc=test",
+				BindPassword:     "reva",
+				IDP:              "https://localhost:9200",
+				UserSchema: config.LDAPUserSchema{
+					ID:          "ownclouduuid",
+					Mail:        "mail",
+					DisplayName: "displayname",
+					Username:    "cn",
+				},
+				GroupSchema: config.LDAPGroupSchema{
+					ID:          "cn",
+					Mail:        "mail",
+					DisplayName: "cn",
+					Groupname:   "cn",
+					Member:      "cn",
+				},
+			},
+			JSON: config.JSONDriver{},
+			OwnCloudSQL: config.OwnCloudSQLDriver{
+				DBUsername:         "owncloud",
+				DBPassword:         "secret",
+				DBHost:             "mysql",
+				DBPort:             3306,
+				DBName:             "owncloud",
+				IDP:                "https://localhost:9200",
+				Nobody:             90,
+				JoinUsername:       false,
+				JoinOwnCloudUUID:   false,
+				EnableMedialSearch: false,
+			},
+			REST: config.RESTProvider{
+				RedisAddr: "localhost:6379",
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/ocdav/pkg/command/ocdav.go
+++ b/extensions/ocdav/pkg/command/ocdav.go
@@ -0,0 +1,171 @@
+package command
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"strings"
+
+	"github.com/cs3org/reva/v2/pkg/micro/ocdav"
+	"github.com/oklog/run"
+	"github.com/owncloud/ocis/extensions/ocdav/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
+	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/conversions"
+	"github.com/owncloud/ocis/ocis-pkg/log"
+	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// OCDav is the entrypoint for the ocdav command.
+// TODO move ocdav cmd to a separate service
+func OCDav(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:  "ocdav",
+		Usage: "start ocdav service",
+		Before: func(c *cli.Context) error {
+			if err := loadUserAgent(c, cfg); err != nil {
+				return err
+			}
+			return nil
+		},
+		Action: func(c *cli.Context) error {
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
+
+			gr := run.Group{}
+			ctx, cancel := context.WithCancel(context.Background())
+			//metrics     = metrics.New()
+
+			defer cancel()
+
+			gr.Add(func() error {
+				s, err := ocdav.Service(
+					ocdav.Context(ctx),
+					ocdav.Logger(logger.Logger),
+					ocdav.Address(cfg.HTTP.Addr),
+					ocdav.FilesNamespace(cfg.FilesNamespace),
+					ocdav.WebdavNamespace(cfg.WebdavNamespace),
+					ocdav.SharesNamespace(cfg.SharesNamespace),
+					ocdav.Timeout(cfg.Timeout),
+					ocdav.Insecure(cfg.Insecure),
+					ocdav.PublicURL(cfg.PublicURL),
+					ocdav.Prefix(cfg.HTTP.Prefix),
+					ocdav.GatewaySvc(cfg.GatewayEndpoint),
+					ocdav.JWTSecret(cfg.JWTSecret),
+					// ocdav.FavoriteManager() // FIXME needs a proper persistence implementation
+					// ocdav.LockSystem(), // will default to the CS3 lock system
+					// ocdav.TLSConfig() // tls config for the http server
+				)
+				if err != nil {
+					return err
+				}
+
+				return s.Run()
+			}, func(err error) {
+				logger.Info().Err(err).Str("server", c.Command.Name).Msg("Shutting down server")
+				cancel()
+			})
+
+			{
+				server, err := debug.Server(
+					debug.Name(c.Command.Name+"-debug"),
+					debug.Addr(cfg.Debug.Addr),
+					debug.Logger(logger),
+					debug.Context(ctx),
+					debug.Pprof(cfg.Debug.Pprof),
+					debug.Zpages(cfg.Debug.Zpages),
+					debug.Token(cfg.Debug.Token),
+				)
+
+				if err != nil {
+					logger.Info().
+						Err(err).
+						Str("server", "debug").
+						Msg("Failed to initialize server")
+
+					return err
+				}
+
+				gr.Add(server.ListenAndServe, func(_ error) {
+					cancel()
+				})
+			}
+
+			if !cfg.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// OCDavSutureService allows for the ocdav command to be embedded and supervised by a suture supervisor tree.
+type OCDavSutureService struct {
+	cfg *config.Config
+}
+
+// NewOCDav creates a new ocdav.OCDavSutureService
+func NewOCDav(cfg *ociscfg.Config) suture.Service {
+	cfg.OCDav.Commons = cfg.Commons
+	return OCDavSutureService{
+		cfg: cfg.OCDav,
+	}
+}
+
+func (s OCDavSutureService) Serve(ctx context.Context) error {
+	// s.cfg.Reva.Frontend.Context = ctx
+	cmd := OCDav(s.cfg)
+	f := &flag.FlagSet{}
+	cmdFlags := cmd.Flags
+	for k := range cmdFlags {
+		if err := cmdFlags[k].Apply(f); err != nil {
+			return err
+		}
+	}
+	cliCtx := cli.NewContext(nil, f, nil)
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
+			return err
+		}
+	}
+	if err := cmd.Action(cliCtx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of
+// "user-agent":"challenge" locks in for Reva.
+// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e:
+// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
+// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent
+// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we
+// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied
+// in reverse for each individual part
+func loadUserAgent(c *cli.Context, cfg *config.Config) error {
+	cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
+	locks := c.StringSlice("user-agent-whitelist-lock-in")
+
+	for _, v := range locks {
+		vv := conversions.Reverse(v)
+		parts := strings.SplitN(vv, ":", 2)
+		if len(parts) != 2 {
+			return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v)
+		}
+
+		cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
+	}
+
+	return nil
+}
--- a/extensions/ocdav/pkg/config/config.go
+++ b/extensions/ocdav/pkg/config/config.go
@@ -0,0 +1,71 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	HTTP HTTPConfig `yaml:"http"`
+
+	// JWTSecret used to verify reva access token
+	JWTSecret             string `yaml:"jwt_secret"`
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+
+	WebdavNamespace string `yaml:"webdav_namespace"`
+	FilesNamespace  string `yaml:"files_namespace"`
+	SharesNamespace string `yaml:"shares_namespace"`
+	// PublicURL used to redirect /s/{token} URLs to
+	PublicURL string `yaml:"public_url" env:"OCIS_URL;OCDAV_PUBLIC_URL"`
+
+	// Insecure certificates allowed when making requests to the gateway
+	Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;OCDAV_INSECURE"`
+	// Timeout in seconds when making requests to the gateway
+	Timeout    int64 `yaml:"timeout"`
+	Middleware Middleware
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;OCDAV_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;OCDAV_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;OCDAV_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;OCDAV_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;OCDAV_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;OCDAV_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;OCDAV_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;OCDAV_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"OCDAV_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"OCDAV_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"OCDAV_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"OCDAV_DEBUG_ZPAGES"`
+}
+
+type HTTPConfig struct {
+	Addr     string `yaml:"addr" env:"OCDAV_HTTP_ADDR" desc:"The address of the http service."`
+	Protocol string `yaml:"protocol" env:"OCDAV_HTTP_PROTOCOL" desc:"The transport protocol of the http service."`
+	Prefix   string `yaml:"prefix"`
+}
+
+// Middleware configures reva middlewares.
+type Middleware struct {
+	Auth Auth `yaml:"auth"`
+}
+
+// Auth configures reva http auth middleware.
+type Auth struct {
+	CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agenr"`
+}
--- a/extensions/ocdav/pkg/config/defaults/defaultconfig.go
+++ b/extensions/ocdav/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,74 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/ocdav/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9163",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		HTTP: config.HTTPConfig{
+			Addr:     "127.0.0.1:0", // :0 to pick any free local port
+			Protocol: "tcp",
+			Prefix:   "",
+		},
+		Service: config.Service{
+			Name: "ocdav",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		WebdavNamespace: "/users/{{.Id.OpaqueId}}",
+		FilesNamespace:  "/users/{{.Id.OpaqueId}}",
+		SharesNamespace: "/Shares",
+		PublicURL:       "https://localhost:9200",
+		Insecure:        false,
+		Timeout:         84300,
+		Middleware: config.Middleware{
+			Auth: config.Auth{
+				CredentialsByUserAgent: map[string]string{},
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/settings/l10n/translations.json
+++ b/extensions/settings/l10n/translations.json
--- a/extensions/settings/package.json
+++ b/extensions/settings/package.json
@@ -67,7 +67,7 @@
    "nightwatch": "1.7.11",
    "nightwatch-api": "3.0.2",
    "nightwatch-vrt": "^0.2.10",
-    "node-fetch": "^2.6.1",
+    "node-fetch": "^2.6.7",
    "qs": "^6.10.3",
    "rimraf": "^3.0.0",
    "rollup": "^2.70.1",
--- a/extensions/settings/yarn.lock
+++ b/extensions/settings/yarn.lock
@@ -5846,9 +5846,9 @@ mz@^2.7.0:
    thenify-all "^1.0.0"

 nanoid@^3.1.23:
-  version "3.1.25"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.25.tgz#09ca32747c0e543f0e1814b7d3793477f9c8e152"
-  integrity sha512-rdwtIXaXCLFAQbnfqDRnI6jaRHp9fTcYBjtFKE8eezcZ7LuLjhUaQGNeMXf1HmRoCH32CLz6XwX0TtxEOS/A3Q==
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.2.tgz#c89622fafb4381cd221421c69ec58547a1eec557"
+  integrity sha512-CuHBogktKwpm5g2sRgv83jEy2ijFzBwMoYA60orPDR7ynsLijJDqgsi4RDGj3OJpy3Ieb+LYwiRmIOGyytgITA==

 native-request@^1.0.5:
  version "1.0.9"
@@ -5943,10 +5943,10 @@ node-environment-flags@1.0.5:
    object.getownpropertydescriptors "^2.0.3"
    semver "^5.7.0"

-node-fetch@^2.6.1:
-  version "2.6.5"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.5.tgz#42735537d7f080a7e5f78b6c549b7146be1742fd"
-  integrity sha512-mmlIVHJEu5rnIxgEgez6b9GgWXbkZj5YZ7fx+2r94a2E+Uirsp6HsPTPlomfdHtpt/B0cdKviwkoaM6pyvUOpQ==
+node-fetch@^2.6.7:
+  version "2.6.7"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
  dependencies:
    whatwg-url "^5.0.0"

--- a/extensions/sharing/pkg/command/command.go
+++ b/extensions/sharing/pkg/command/command.go
@@ -0,0 +1,238 @@
+package command
+
+import (
+	"context"
+	"flag"
+	"os"
+	"path"
+	"path/filepath"
+
+	"github.com/owncloud/ocis/ocis-pkg/log"
+	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
+
+	"github.com/cs3org/reva/v2/cmd/revad/runtime"
+	"github.com/gofrs/uuid"
+	"github.com/oklog/run"
+	"github.com/owncloud/ocis/extensions/sharing/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
+	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// Sharing is the entrypoint for the sharing command.
+func Sharing(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:  "sharing",
+		Usage: "start sharing service",
+		Action: func(c *cli.Context) error {
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
+			gr := run.Group{}
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			// precreate folders
+			if cfg.UserSharingDriver == "json" && cfg.UserSharingDrivers.JSON.File != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.UserSharingDrivers.JSON.File), os.FileMode(0700)); err != nil {
+					return err
+				}
+			}
+			if cfg.PublicSharingDriver == "json" && cfg.PublicSharingDrivers.JSON.File != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.PublicSharingDrivers.JSON.File), os.FileMode(0700)); err != nil {
+					return err
+				}
+			}
+
+			uuid := uuid.Must(uuid.NewV4())
+			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
+
+			rcfg := sharingConfigFromStruct(c, cfg)
+
+			gr.Add(func() error {
+				runtime.RunWithOptions(
+					rcfg,
+					pidFile,
+					runtime.WithLogger(&logger.Logger),
+				)
+				return nil
+			}, func(_ error) {
+				logger.Info().
+					Str("server", c.Command.Name).
+					Msg("Shutting down server")
+
+				cancel()
+			})
+
+			debug, err := debug.Server(
+				debug.Name(c.Command.Name+"-debug"),
+				debug.Addr(cfg.Debug.Addr),
+				debug.Logger(logger),
+				debug.Context(ctx),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
+			)
+
+			if err != nil {
+				logger.Info().Err(err).Str("server", c.Command.Name+"-debug").Msg("Failed to initialize server")
+				return err
+			}
+
+			gr.Add(debug.ListenAndServe, func(_ error) {
+				cancel()
+			})
+
+			if !cfg.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// sharingConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
+func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
+	rcfg := map[string]interface{}{
+		"core": map[string]interface{}{
+			"tracing_enabled":      cfg.Tracing.Enabled,
+			"tracing_endpoint":     cfg.Tracing.Endpoint,
+			"tracing_collector":    cfg.Tracing.Collector,
+			"tracing_service_name": c.Command.Name,
+		},
+		"shared": map[string]interface{}{
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
+		},
+		"grpc": map[string]interface{}{
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
+			// TODO build services dynamically
+			"services": map[string]interface{}{
+				"usershareprovider": map[string]interface{}{
+					"driver": cfg.UserSharingDriver,
+					"drivers": map[string]interface{}{
+						"json": map[string]interface{}{
+							"file":         cfg.UserSharingDrivers.JSON.File,
+							"gateway_addr": cfg.GatewayEndpoint,
+						},
+						"sql": map[string]interface{}{ // cernbox sql
+							"db_username":                   cfg.UserSharingDrivers.SQL.DBUsername,
+							"db_password":                   cfg.UserSharingDrivers.SQL.DBPassword,
+							"db_host":                       cfg.UserSharingDrivers.SQL.DBHost,
+							"db_port":                       cfg.UserSharingDrivers.SQL.DBPort,
+							"db_name":                       cfg.UserSharingDrivers.SQL.DBName,
+							"password_hash_cost":            cfg.UserSharingDrivers.SQL.PasswordHashCost,
+							"enable_expired_shares_cleanup": cfg.UserSharingDrivers.SQL.EnableExpiredSharesCleanup,
+							"janitor_run_interval":          cfg.UserSharingDrivers.SQL.JanitorRunInterval,
+						},
+						"oc10-sql": map[string]interface{}{
+							"storage_mount_id": cfg.UserSharingDrivers.SQL.UserStorageMountID,
+							"db_username":      cfg.UserSharingDrivers.SQL.DBUsername,
+							"db_password":      cfg.UserSharingDrivers.SQL.DBPassword,
+							"db_host":          cfg.UserSharingDrivers.SQL.DBHost,
+							"db_port":          cfg.UserSharingDrivers.SQL.DBPort,
+							"db_name":          cfg.UserSharingDrivers.SQL.DBName,
+						},
+						"cs3": map[string]interface{}{
+							"provider_addr":       cfg.UserSharingDrivers.CS3.ProviderAddr,
+							"service_user_id":     cfg.UserSharingDrivers.CS3.ServiceUserID,
+							"service_user_idp":    cfg.UserSharingDrivers.CS3.ServiceUserIDP,
+							"machine_auth_apikey": cfg.UserSharingDrivers.CS3.MachineAuthAPIKey,
+						},
+					},
+				},
+				"publicshareprovider": map[string]interface{}{
+					"driver": cfg.PublicSharingDriver,
+					"drivers": map[string]interface{}{
+						"json": map[string]interface{}{
+							"file":         cfg.PublicSharingDrivers.JSON.File,
+							"gateway_addr": cfg.GatewayEndpoint,
+						},
+						"sql": map[string]interface{}{
+							"db_username":                   cfg.PublicSharingDrivers.SQL.DBUsername,
+							"db_password":                   cfg.PublicSharingDrivers.SQL.DBPassword,
+							"db_host":                       cfg.PublicSharingDrivers.SQL.DBHost,
+							"db_port":                       cfg.PublicSharingDrivers.SQL.DBPort,
+							"db_name":                       cfg.PublicSharingDrivers.SQL.DBName,
+							"password_hash_cost":            cfg.PublicSharingDrivers.SQL.PasswordHashCost,
+							"enable_expired_shares_cleanup": cfg.PublicSharingDrivers.SQL.EnableExpiredSharesCleanup,
+							"janitor_run_interval":          cfg.PublicSharingDrivers.SQL.JanitorRunInterval,
+						},
+						"oc10-sql": map[string]interface{}{
+							"storage_mount_id":              cfg.PublicSharingDrivers.SQL.UserStorageMountID,
+							"db_username":                   cfg.PublicSharingDrivers.SQL.DBUsername,
+							"db_password":                   cfg.PublicSharingDrivers.SQL.DBPassword,
+							"db_host":                       cfg.PublicSharingDrivers.SQL.DBHost,
+							"db_port":                       cfg.PublicSharingDrivers.SQL.DBPort,
+							"db_name":                       cfg.PublicSharingDrivers.SQL.DBName,
+							"password_hash_cost":            cfg.PublicSharingDrivers.SQL.PasswordHashCost,
+							"enable_expired_shares_cleanup": cfg.PublicSharingDrivers.SQL.EnableExpiredSharesCleanup,
+							"janitor_run_interval":          cfg.PublicSharingDrivers.SQL.JanitorRunInterval,
+						},
+						"cs3": map[string]interface{}{
+							"provider_addr":       cfg.PublicSharingDrivers.CS3.ProviderAddr,
+							"service_user_id":     cfg.PublicSharingDrivers.CS3.ServiceUserID,
+							"service_user_idp":    cfg.PublicSharingDrivers.CS3.ServiceUserIDP,
+							"machine_auth_apikey": cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey,
+						},
+					},
+				},
+			},
+			"interceptors": map[string]interface{}{
+				"eventsmiddleware": map[string]interface{}{
+					"group":     "sharing",
+					"type":      "nats",
+					"address":   cfg.Events.Addr,
+					"clusterID": cfg.Events.ClusterID,
+				},
+			},
+		},
+	}
+	return rcfg
+}
+
+// SharingSutureService allows for the storage-sharing command to be embedded and supervised by a suture supervisor tree.
+type SharingSutureService struct {
+	cfg *config.Config
+}
+
+// NewSharingSutureService creates a new store.SharingSutureService
+func NewSharing(cfg *ociscfg.Config) suture.Service {
+	cfg.Sharing.Commons = cfg.Commons
+	return SharingSutureService{
+		cfg: cfg.Sharing,
+	}
+}
+
+func (s SharingSutureService) Serve(ctx context.Context) error {
+	// s.cfg.Reva.Sharing.Context = ctx
+	cmd := Sharing(s.cfg)
+	f := &flag.FlagSet{}
+	cmdFlags := cmd.Flags
+	for k := range cmdFlags {
+		if err := cmdFlags[k].Apply(f); err != nil {
+			return err
+		}
+	}
+	cliCtx := cli.NewContext(nil, f, nil)
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
+			return err
+		}
+	}
+	if err := cmd.Action(cliCtx); err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/extensions/sharing/pkg/config/config.go
+++ b/extensions/sharing/pkg/config/config.go
@@ -0,0 +1,115 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	UserSharingDriver     string
+	UserSharingDrivers    UserSharingDrivers
+	PublicSharingDriver   string
+	PublicSharingDrivers  PublicSharingDrivers
+	Events                Events
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;SHARING_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;SHARING_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;SHARING_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;SHARING_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;SHARING_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;SHARING_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;SHARING_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;SHARING_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"SHARING_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"SHARING_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"SHARING_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"SHARING_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type UserSharingDrivers struct {
+	JSON UserSharingJSONDriver
+	SQL  UserSharingSQLDriver
+	CS3  UserSharingCS3Driver
+}
+
+type UserSharingJSONDriver struct {
+	File string `env:"SHARING_USER_JSON_FILE"`
+}
+
+type UserSharingSQLDriver struct {
+	DBUsername                 string `env:"SHARING_USER_SQL_USERNAME"`
+	DBPassword                 string `env:"SHARING_USER_SQL_PASSWORD"`
+	DBHost                     string `env:"SHARING_USER_SQL_HOST"`
+	DBPort                     int    `env:"SHARING_USER_SQL_PORT"`
+	DBName                     string `env:"SHARING_USER_SQL_NAME"`
+	PasswordHashCost           int
+	EnableExpiredSharesCleanup bool
+	JanitorRunInterval         int
+	UserStorageMountID         string
+}
+
+type UserSharingCS3Driver struct {
+	ProviderAddr      string
+	ServiceUserID     string
+	ServiceUserIDP    string `env:"OCIS_URL;SHARING_CS3_SERVICE_USER_IDP"`
+	MachineAuthAPIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
+}
+
+type PublicSharingDrivers struct {
+	JSON PublicSharingJSONDriver
+	SQL  PublicSharingSQLDriver
+	CS3  PublicSharingCS3Driver
+}
+
+type PublicSharingJSONDriver struct {
+	File string
+}
+
+type PublicSharingSQLDriver struct {
+	DBUsername                 string
+	DBPassword                 string
+	DBHost                     string
+	DBPort                     int
+	DBName                     string
+	PasswordHashCost           int
+	EnableExpiredSharesCleanup bool
+	JanitorRunInterval         int
+	UserStorageMountID         string
+}
+
+type PublicSharingCS3Driver struct {
+	ProviderAddr      string
+	ServiceUserID     string
+	ServiceUserIDP    string
+	MachineAuthAPIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
+}
+
+type Events struct {
+	Addr      string
+	ClusterID string
+}
--- a/extensions/sharing/pkg/config/defaults/defaultconfig.go
+++ b/extensions/sharing/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,111 @@
+package defaults
+
+import (
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/sharing/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9151",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9150",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "sharing",
+		},
+		GatewayEndpoint:   "127.0.0.1:9142",
+		JWTSecret:         "Pive-Fumkiu4",
+		UserSharingDriver: "json",
+		UserSharingDrivers: config.UserSharingDrivers{
+			JSON: config.UserSharingJSONDriver{
+				File: filepath.Join(defaults.BaseDataPath(), "storage", "shares.json"),
+			},
+			SQL: config.UserSharingSQLDriver{
+				DBUsername:                 "",
+				DBPassword:                 "",
+				DBHost:                     "",
+				DBPort:                     1433,
+				DBName:                     "",
+				PasswordHashCost:           11,
+				EnableExpiredSharesCleanup: true,
+				JanitorRunInterval:         60,
+			},
+			CS3: config.UserSharingCS3Driver{
+				ProviderAddr:   "127.0.0.1:9215",
+				ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+				ServiceUserIDP: "https://localhost:9200",
+			},
+		},
+		PublicSharingDriver: "json",
+		PublicSharingDrivers: config.PublicSharingDrivers{
+			JSON: config.PublicSharingJSONDriver{
+				File: filepath.Join(defaults.BaseDataPath(), "storage", "publicshares.json"),
+			},
+			SQL: config.PublicSharingSQLDriver{
+				DBUsername:                 "",
+				DBPassword:                 "",
+				DBHost:                     "",
+				DBPort:                     1433,
+				DBName:                     "",
+				PasswordHashCost:           11,
+				EnableExpiredSharesCleanup: true,
+				JanitorRunInterval:         60,
+			},
+			CS3: config.PublicSharingCS3Driver{
+				ProviderAddr:   "127.0.0.1:9215",
+				ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+				ServiceUserIDP: "https://localhost:9200",
+			},
+		},
+		Events: config.Events{
+			Addr:      "127.0.0.1:9233",
+			ClusterID: "ocis-cluster",
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/storage-metadata/pkg/command/command.go
+++ b/extensions/storage-metadata/pkg/command/command.go
@@ -6,16 +6,16 @@ import (
 	"os"
 	"path"

+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"

 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/command/storagedrivers"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage-metadata/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
 	"github.com/owncloud/ocis/extensions/storage/pkg/service/external"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis-pkg/version"
 	"github.com/thejerf/suture/v4"
@@ -27,22 +27,25 @@ import (
 // It provides a ocis-specific storage store metadata (shares,account,settings...)
 func StorageMetadata(cfg *config.Config) *cli.Command {
 	return &cli.Command{
-		Name:  "storage-metadata",
-		Usage: "start storage-metadata service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-metadata")
-		},
+		Name:     "storage-metadata",
+		Usage:    "start storage-metadata service",
 		Category: "extensions",
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)

 			gr := run.Group{}
 			ctx, cancel := func() (context.Context, context.CancelFunc) {
-				if cfg.Reva.StorageMetadata.Context == nil {
+				if cfg.Context == nil {
 					return context.WithCancel(context.Background())
 				}
-				return context.WithCancel(cfg.Reva.StorageMetadata.Context)
+				return context.WithCancel(cfg.Context)
 			}()

 			defer cancel()
@@ -67,10 +70,12 @@ func StorageMetadata(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.StorageMetadata.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -89,7 +94,7 @@ func StorageMetadata(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.StorageMetadata.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -97,7 +102,7 @@ func StorageMetadata(cfg *config.Config) *cli.Command {
 				ctx,
 				"com.owncloud.storage.metadata",
 				uuid.Must(uuid.NewV4()).String(),
-				cfg.Reva.StorageMetadata.GRPCAddr,
+				cfg.GRPC.Addr,
 				version.String,
 				logger,
 			); err != nil {
@@ -113,43 +118,42 @@ func StorageMetadata(cfg *config.Config) *cli.Command {
 func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.StorageMetadata.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.StorageMetadata.GRPCNetwork,
-			"address": cfg.Reva.StorageMetadata.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			"interceptors": map[string]interface{}{
 				"log": map[string]interface{}{},
 			},
 			"services": map[string]interface{}{
 				"storageprovider": map[string]interface{}{
-					"driver":          cfg.Reva.StorageMetadata.Driver,
-					"drivers":         storagedrivers.MetadataDrivers(cfg),
-					"data_server_url": cfg.Reva.StorageMetadata.DataServerURL,
-					"tmp_folder":      cfg.Reva.StorageMetadata.TempFolder,
+					"driver":          cfg.Driver,
+					"drivers":         config.MetadataDrivers(cfg),
+					"data_server_url": cfg.DataServerURL,
+					"tmp_folder":      cfg.TempFolder,
 				},
 			},
 		},
 		"http": map[string]interface{}{
-			"network": cfg.Reva.StorageMetadata.HTTPNetwork,
-			"address": cfg.Reva.StorageMetadata.HTTPAddr,
+			"network": cfg.HTTP.Protocol,
+			"address": cfg.HTTP.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"dataprovider": map[string]interface{}{
 					"prefix":      "data",
-					"driver":      cfg.Reva.StorageMetadata.Driver,
-					"drivers":     storagedrivers.MetadataDrivers(cfg),
+					"driver":      cfg.Driver,
+					"drivers":     config.MetadataDrivers(cfg),
 					"timeout":     86400,
-					"insecure":    cfg.Reva.StorageMetadata.DataProvider.Insecure,
+					"insecure":    cfg.DataProviderInsecure,
 					"disable_tus": true,
 				},
 			},
@@ -165,14 +169,14 @@ type MetadataSutureService struct {

 // NewSutureService creates a new storagemetadata.SutureService
 func NewStorageMetadata(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.StorageMetadata.Commons = cfg.Commons
 	return MetadataSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.StorageMetadata,
 	}
 }

 func (s MetadataSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.StorageMetadata.Context = ctx
+	s.cfg.Context = ctx
 	f := &flag.FlagSet{}
 	cmdFlags := StorageMetadata(s.cfg).Flags
 	for k := range cmdFlags {
--- a/extensions/storage-metadata/pkg/config/config.go
+++ b/extensions/storage-metadata/pkg/config/config.go
@@ -0,0 +1,147 @@
+package config
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/ocis-pkg/shared"
+)
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+	HTTP HTTPConfig `yaml:"http"`
+
+	Context               context.Context
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	Driver                string  `yaml:"driver" env:"STORAGE_METADATA_DRIVER" desc:"The driver which should be used by the service"`
+	Drivers               Drivers `yaml:"drivers"`
+	DataServerURL         string
+	TempFolder            string
+	DataProviderInsecure  bool `env:"OCIS_INSECURE;STORAGE_METADATA_DATAPROVIDER_INSECURE"`
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_METADATA_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_METADATA_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_METADATA_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_METADATA_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_METADATA_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_METADATA_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_METADATA_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"STORAGE_METADATA_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"STORAGE_METADATA_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"STORAGE_METADATA_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"STORAGE_METADATA_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type HTTPConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type Drivers struct {
+	EOS   EOSDriver
+	Local LocalDriver
+	OCIS  OCISDriver
+	S3    S3Driver
+	S3NG  S3NGDriver
+}
+
+type EOSDriver struct {
+	// Root is the absolute path to the location of the data
+	Root string `yaml:"root"`
+	// ShadowNamespace for storing shadow data
+	ShadowNamespace string `yaml:"shadow_namespace"`
+	// UploadsNamespace for storing upload data
+	UploadsNamespace string `yaml:"uploads_namespace"`
+	// Location of the eos binary.
+	// Default is /usr/bin/eos.
+	EosBinary string `yaml:"eos_binary"`
+	// Location of the xrdcopy binary.
+	// Default is /usr/bin/xrdcopy.
+	XrdcopyBinary string `yaml:"xrd_copy_binary"`
+	// URL of the Master EOS MGM.
+	// Default is root://eos-example.org
+	MasterURL string `yaml:"master_url"`
+	// URL of the Slave EOS MGM.
+	// Default is root://eos-example.org
+	SlaveURL string `yaml:"slave_url"`
+	// Location on the local fs where to store reads.
+	// Defaults to os.TempDir()
+	CacheDirectory string `yaml:"cache_directory"`
+	// SecProtocol specifies the xrootd security protocol to use between the server and EOS.
+	SecProtocol string `yaml:"sec_protocol"`
+	// Keytab specifies the location of the keytab to use to authenticate to EOS.
+	Keytab string `yaml:"keytab"`
+	// SingleUsername is the username to use when SingleUserMode is enabled
+	SingleUsername string `yaml:"single_username"`
+	// Enables logging of the commands executed
+	// Defaults to false
+	EnableLogging bool `yaml:"enable_logging"`
+	// ShowHiddenSysFiles shows internal EOS files like
+	// .sys.v# and .sys.a# files.
+	ShowHiddenSysFiles bool `yaml:"shadow_hidden_files"`
+	// ForceSingleUserMode will force connections to EOS to use SingleUsername
+	ForceSingleUserMode bool `yaml:"force_single_user_mode"`
+	// UseKeyTabAuth changes will authenticate requests by using an EOS keytab.
+	UseKeytab bool `yaml:"user_keytab"`
+	// gateway service to use for uid lookups
+	GatewaySVC string `yaml:"gateway_svc"`
+	GRPCURI    string
+	UserLayout string
+}
+
+type LocalDriver struct {
+	// Root is the absolute path to the location of the data
+	Root string `yaml:"root"`
+}
+
+type OCISDriver struct {
+	// Root is the absolute path to the location of the data
+	Root                string `yaml:"root" env:"STORAGE_METADATA_DRIVER_OCIS_ROOT"`
+	UserLayout          string
+	PermissionsEndpoint string
+}
+
+type S3Driver struct {
+	Region    string `yaml:"region"`
+	AccessKey string `yaml:"access_key"`
+	SecretKey string `yaml:"secret_key"`
+	Endpoint  string `yaml:"endpoint"`
+	Bucket    string `yaml:"bucket"`
+}
+
+type S3NGDriver struct {
+	// Root is the absolute path to the location of the data
+	Root                string `yaml:"root"`
+	UserLayout          string
+	PermissionsEndpoint string
+	Region              string `yaml:"region"`
+	AccessKey           string `yaml:"access_key"`
+	SecretKey           string `yaml:"secret_key"`
+	Endpoint            string `yaml:"endpoint"`
+	Bucket              string `yaml:"bucket"`
+}
--- a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,112 @@
+package defaults
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/storage-metadata/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9217",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9215",
+			Protocol: "tcp",
+		},
+		HTTP: config.HTTPConfig{
+			Addr:     "127.0.0.1:9216",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "storage-metadata",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		TempFolder:      filepath.Join(defaults.BaseDataPath(), "tmp", "metadata"),
+		DataServerURL:   "http://localhost:9216/data",
+		Driver:          "ocis",
+		Drivers: config.Drivers{
+			EOS: config.EOSDriver{
+				Root:                "/eos/dockertest/reva",
+				UserLayout:          "{{substr 0 1 .Username}}/{{.Username}}",
+				ShadowNamespace:     "",
+				UploadsNamespace:    "",
+				EosBinary:           "/usr/bin/eos",
+				XrdcopyBinary:       "/usr/bin/xrdcopy",
+				MasterURL:           "root://eos-mgm1.eoscluster.cern.ch:1094",
+				GRPCURI:             "",
+				SlaveURL:            "root://eos-mgm1.eoscluster.cern.ch:1094",
+				CacheDirectory:      os.TempDir(),
+				EnableLogging:       false,
+				ShowHiddenSysFiles:  false,
+				ForceSingleUserMode: false,
+				UseKeytab:           false,
+				SecProtocol:         "",
+				Keytab:              "",
+				SingleUsername:      "",
+				GatewaySVC:          "127.0.0.1:9142",
+			},
+			Local: config.LocalDriver{
+				Root: filepath.Join(defaults.BaseDataPath(), "storage", "local", "metadata"),
+			},
+			S3: config.S3Driver{
+				Region: "default",
+			},
+			S3NG: config.S3NGDriver{
+				Root:                filepath.Join(defaults.BaseDataPath(), "storage", "metadata"),
+				UserLayout:          "{{.Id.OpaqueId}}",
+				Region:              "default",
+				PermissionsEndpoint: "127.0.0.1:9191",
+			},
+			OCIS: config.OCISDriver{
+				Root:                filepath.Join(defaults.BaseDataPath(), "storage", "metadata"),
+				UserLayout:          "{{.Id.OpaqueId}}",
+				PermissionsEndpoint: "127.0.0.1:9191",
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/storage-metadata/pkg/config/metadata.go
+++ b/extensions/storage-metadata/pkg/config/metadata.go
@@ -0,0 +1,75 @@
+package config
+
+func MetadataDrivers(cfg *Config) map[string]interface{} {
+	return map[string]interface{}{
+		"eos": map[string]interface{}{
+			"namespace":              cfg.Drivers.EOS.Root,
+			"shadow_namespace":       cfg.Drivers.EOS.ShadowNamespace,
+			"uploads_namespace":      cfg.Drivers.EOS.UploadsNamespace,
+			"eos_binary":             cfg.Drivers.EOS.EosBinary,
+			"xrdcopy_binary":         cfg.Drivers.EOS.XrdcopyBinary,
+			"master_url":             cfg.Drivers.EOS.MasterURL,
+			"slave_url":              cfg.Drivers.EOS.SlaveURL,
+			"cache_directory":        cfg.Drivers.EOS.CacheDirectory,
+			"sec_protocol":           cfg.Drivers.EOS.SecProtocol,
+			"keytab":                 cfg.Drivers.EOS.Keytab,
+			"single_username":        cfg.Drivers.EOS.SingleUsername,
+			"enable_logging":         cfg.Drivers.EOS.EnableLogging,
+			"show_hidden_sys_files":  cfg.Drivers.EOS.ShowHiddenSysFiles,
+			"force_single_user_mode": cfg.Drivers.EOS.ForceSingleUserMode,
+			"use_keytab":             cfg.Drivers.EOS.UseKeytab,
+			"gatewaysvc":             cfg.Drivers.EOS.GatewaySVC,
+			"enable_home":            false,
+		},
+		"eosgrpc": map[string]interface{}{
+			"namespace":              cfg.Drivers.EOS.Root,
+			"shadow_namespace":       cfg.Drivers.EOS.ShadowNamespace,
+			"eos_binary":             cfg.Drivers.EOS.EosBinary,
+			"xrdcopy_binary":         cfg.Drivers.EOS.XrdcopyBinary,
+			"master_url":             cfg.Drivers.EOS.MasterURL,
+			"master_grpc_uri":        cfg.Drivers.EOS.GRPCURI,
+			"slave_url":              cfg.Drivers.EOS.SlaveURL,
+			"cache_directory":        cfg.Drivers.EOS.CacheDirectory,
+			"sec_protocol":           cfg.Drivers.EOS.SecProtocol,
+			"keytab":                 cfg.Drivers.EOS.Keytab,
+			"single_username":        cfg.Drivers.EOS.SingleUsername,
+			"user_layout":            cfg.Drivers.EOS.UserLayout,
+			"enable_logging":         cfg.Drivers.EOS.EnableLogging,
+			"show_hidden_sys_files":  cfg.Drivers.EOS.ShowHiddenSysFiles,
+			"force_single_user_mode": cfg.Drivers.EOS.ForceSingleUserMode,
+			"use_keytab":             cfg.Drivers.EOS.UseKeytab,
+			"enable_home":            false,
+			"gatewaysvc":             cfg.Drivers.EOS.GatewaySVC,
+		},
+		"local": map[string]interface{}{
+			"root": cfg.Drivers.Local.Root,
+		},
+		"ocis": map[string]interface{}{
+			"root":                cfg.Drivers.OCIS.Root,
+			"user_layout":         cfg.Drivers.OCIS.UserLayout,
+			"treetime_accounting": false,
+			"treesize_accounting": false,
+			"permissionssvc":      cfg.Drivers.OCIS.PermissionsEndpoint,
+		},
+		"s3": map[string]interface{}{
+			"region":     cfg.Drivers.S3.Region,
+			"access_key": cfg.Drivers.S3.AccessKey,
+			"secret_key": cfg.Drivers.S3.SecretKey,
+			"endpoint":   cfg.Drivers.S3.Endpoint,
+			"bucket":     cfg.Drivers.S3.Bucket,
+		},
+		"s3ng": map[string]interface{}{
+			"root":                cfg.Drivers.S3NG.Root,
+			"enable_home":         false,
+			"user_layout":         cfg.Drivers.S3NG.UserLayout,
+			"treetime_accounting": false,
+			"treesize_accounting": false,
+			"permissionssvc":      cfg.Drivers.S3NG.PermissionsEndpoint,
+			"s3.region":           cfg.Drivers.S3NG.Region,
+			"s3.access_key":       cfg.Drivers.S3NG.AccessKey,
+			"s3.secret_key":       cfg.Drivers.S3NG.SecretKey,
+			"s3.endpoint":         cfg.Drivers.S3NG.Endpoint,
+			"s3.bucket":           cfg.Drivers.S3NG.Bucket,
+		},
+	}
+}
--- a/extensions/storage-publiclink/pkg/command/storagepubliclink.go
+++ b/extensions/storage-publiclink/pkg/command/storagepubliclink.go
@@ -9,11 +9,12 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -21,15 +22,18 @@ import (
 // StoragePublicLink is the entrypoint for the reva-storage-public-link command.
 func StoragePublicLink(cfg *config.Config) *cli.Command {
 	return &cli.Command{
-		Name:  "storage-public-link",
-		Usage: "start storage-public-link service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-public-link")
-		},
+		Name:     "storage-public-link",
+		Usage:    "start storage-public-link service",
 		Category: "extensions",
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -54,10 +58,12 @@ func StoragePublicLink(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.StoragePublicLink.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -69,7 +75,7 @@ func StoragePublicLink(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.StoragePublicLink.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -82,33 +88,32 @@ func StoragePublicLink(cfg *config.Config) *cli.Command {
 func storagePublicLinkConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.StoragePublicLink.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.StoragePublicLink.GRPCNetwork,
-			"address": cfg.Reva.StoragePublicLink.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			"interceptors": map[string]interface{}{
 				"log": map[string]interface{}{},
 			},
 			"services": map[string]interface{}{
 				"publicstorageprovider": map[string]interface{}{
-					"mount_id":     cfg.Reva.StoragePublicLink.MountID,
-					"gateway_addr": cfg.Reva.Gateway.Endpoint,
+					"mount_id":     cfg.StorageProvider.MountID,
+					"gateway_addr": cfg.StorageProvider.GatewayEndpoint,
 				},
 				"authprovider": map[string]interface{}{
 					"auth_manager": "publicshares",
 					"auth_managers": map[string]interface{}{
 						"publicshares": map[string]interface{}{
-							"gateway_addr": cfg.Reva.Gateway.Endpoint,
+							"gateway_addr": cfg.AuthProvider.GatewayEndpoint,
 						},
 					},
 				},
@@ -125,28 +130,29 @@ type StoragePublicLinkSutureService struct {

 // NewStoragePublicLinkSutureService creates a new storage.StoragePublicLinkSutureService
 func NewStoragePublicLink(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.StoragePublicLink.Commons = cfg.Commons
 	return StoragePublicLinkSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.StoragePublicLink,
 	}
 }

 func (s StoragePublicLinkSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.StoragePublicLink.Context = ctx
+	// s.cfg.Reva.StoragePublicLink.Context = ctx
+	cmd := StoragePublicLink(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := StoragePublicLink(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if StoragePublicLink(s.cfg).Before != nil {
-		if err := StoragePublicLink(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := StoragePublicLink(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/storage-publiclink/pkg/config/config.go
+++ b/extensions/storage-publiclink/pkg/config/config.go
@@ -0,0 +1,63 @@
+package config
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/ocis-pkg/shared"
+)
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	Context               context.Context
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	AuthProvider          AuthProvider
+	StorageProvider       StorageProvider
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_METADATA_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_METADATA_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_METADATA_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_METADATA_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_METADATA_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_METADATA_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_METADATA_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"STORAGE_METADATA_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"STORAGE_METADATA_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"STORAGE_METADATA_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"STORAGE_METADATA_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type AuthProvider struct {
+	GatewayEndpoint string
+}
+
+type StorageProvider struct {
+	MountID         string
+	GatewayEndpoint string
+}
--- a/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,69 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9179",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9178",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "storage-publiclink",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		AuthProvider: config.AuthProvider{
+			GatewayEndpoint: "127.0.0.1:9142",
+		},
+		StorageProvider: config.StorageProvider{
+			MountID:         "7993447f-687f-490d-875c-ac95e89a62a4",
+			GatewayEndpoint: "127.0.0.1:9142",
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/storage-shares/pkg/command/command.go
+++ b/extensions/storage-shares/pkg/command/command.go
@@ -6,14 +6,15 @@ import (
 	"os"
 	"path"

+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"

 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage-shares/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
@@ -24,14 +25,15 @@ func StorageShares(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "storage-shares",
 		Usage: "start storage-shares service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-shares")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
-
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -58,10 +60,12 @@ func StorageShares(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.StorageShares.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -73,7 +77,7 @@ func StorageShares(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.StorageShares.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -86,29 +90,27 @@ func StorageShares(cfg *config.Config) *cli.Command {
 func storageSharesConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.StorageShares.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.StorageShares.GRPCNetwork,
-			"address": cfg.Reva.StorageShares.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			"services": map[string]interface{}{
 				"sharesstorageprovider": map[string]interface{}{
-					"usershareprovidersvc": cfg.Reva.Sharing.Endpoint,
-					"gateway_addr":         cfg.Reva.Gateway.Endpoint,
+					"usershareprovidersvc": cfg.SharesProviderEndpoint,
 				},
 			},
 		},
 	}
-	if cfg.Reva.StorageShares.ReadOnly {
+	if cfg.ReadOnly {
 		gcfg := rcfg["grpc"].(map[string]interface{})
 		gcfg["interceptors"] = map[string]interface{}{
 			"readonly": map[string]interface{}{},
@@ -124,28 +126,29 @@ type StorageSharesSutureService struct {

 // NewStorageShares creates a new storage.StorageSharesSutureService
 func NewStorageShares(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.StorageShares.Commons = cfg.Commons
 	return StorageSharesSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.StorageShares,
 	}
 }

 func (s StorageSharesSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.StorageShares.Context = ctx
+	// s.cfg.Reva.StorageShares.Context = ctx
+	cmd := StorageShares(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := StorageShares(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if StorageShares(s.cfg).Before != nil {
-		if err := StorageShares(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := StorageShares(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/storage-shares/pkg/config/config.go
+++ b/extensions/storage-shares/pkg/config/config.go
@@ -0,0 +1,60 @@
+package config
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/ocis-pkg/shared"
+)
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+	HTTP HTTPConfig `yaml:"http"`
+
+	Context                context.Context
+	JWTSecret              string
+	GatewayEndpoint        string
+	SkipUserGroupsInToken  bool
+	ReadOnly               bool
+	SharesProviderEndpoint string
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_METADATA_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_METADATA_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_METADATA_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_METADATA_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_METADATA_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_METADATA_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_METADATA_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"STORAGE_METADATA_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"STORAGE_METADATA_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"STORAGE_METADATA_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"STORAGE_METADATA_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type HTTPConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
--- a/extensions/storage-shares/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage-shares/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,68 @@
+package defaults
+
+import (
+	"github.com/owncloud/ocis/extensions/storage-shares/pkg/config"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9156",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9154",
+			Protocol: "tcp",
+		},
+		HTTP: config.HTTPConfig{
+			Addr:     "127.0.0.1:9155",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "storage-metadata",
+		},
+		GatewayEndpoint:        "127.0.0.1:9142",
+		JWTSecret:              "Pive-Fumkiu4",
+		ReadOnly:               false,
+		SharesProviderEndpoint: "localhost:9150",
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/storage-users/pkg/command/command.go
+++ b/extensions/storage-users/pkg/command/command.go
@@ -9,12 +9,12 @@ import (
 	"github.com/cs3org/reva/v2/cmd/revad/runtime"
 	"github.com/gofrs/uuid"
 	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/command/storagedrivers"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage-users/pkg/config"
 	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
 	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/thejerf/suture/v4"
 	"github.com/urfave/cli/v2"
 )
@@ -24,17 +24,17 @@ func StorageUsers(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "storage-users",
 		Usage: "start storage-users service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-userprovider")
-		},
 		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
-
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
 			gr := run.Group{}
 			ctx, cancel := context.WithCancel(context.Background())
-
 			defer cancel()

 			uuid := uuid.Must(uuid.NewV4())
@@ -59,10 +59,12 @@ func StorageUsers(cfg *config.Config) *cli.Command {

 			debugServer, err := debug.Server(
 				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.StorageUsers.DebugAddr),
+				debug.Addr(cfg.Debug.Addr),
 				debug.Logger(logger),
 				debug.Context(ctx),
-				debug.Config(cfg),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
 			)

 			if err != nil {
@@ -74,7 +76,7 @@ func StorageUsers(cfg *config.Config) *cli.Command {
 				cancel()
 			})

-			if !cfg.Reva.StorageUsers.Supervised {
+			if !cfg.Supervised {
 				sync.Trap(&gr, cancel)
 			}

@@ -87,57 +89,56 @@ func StorageUsers(cfg *config.Config) *cli.Command {
 func storageUsersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
 	rcfg := map[string]interface{}{
 		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.StorageUsers.MaxCPUs,
 			"tracing_enabled":      cfg.Tracing.Enabled,
 			"tracing_endpoint":     cfg.Tracing.Endpoint,
 			"tracing_collector":    cfg.Tracing.Collector,
 			"tracing_service_name": c.Command.Name,
 		},
 		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
 		},
 		"grpc": map[string]interface{}{
-			"network": cfg.Reva.StorageUsers.GRPCNetwork,
-			"address": cfg.Reva.StorageUsers.GRPCAddr,
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"storageprovider": map[string]interface{}{
-					"driver":             cfg.Reva.StorageUsers.Driver,
-					"drivers":            storagedrivers.UserDrivers(cfg),
-					"mount_id":           cfg.Reva.StorageUsers.MountID,
-					"expose_data_server": cfg.Reva.StorageUsers.ExposeDataServer,
-					"data_server_url":    cfg.Reva.StorageUsers.DataServerURL,
-					"tmp_folder":         cfg.Reva.StorageUsers.TempFolder,
+					"driver":             cfg.Driver,
+					"drivers":            config.UserDrivers(cfg),
+					"mount_id":           cfg.MountID,
+					"expose_data_server": cfg.ExposeDataServer,
+					"data_server_url":    cfg.DataServerURL,
+					"tmp_folder":         cfg.TempFolder,
 				},
 			},
 			"interceptors": map[string]interface{}{
 				"eventsmiddleware": map[string]interface{}{
 					"group":     "sharing",
 					"type":      "nats",
-					"address":   cfg.Reva.Sharing.Events.Address,
-					"clusterID": cfg.Reva.Sharing.Events.ClusterID,
+					"address":   cfg.Events.Addr,
+					"clusterID": cfg.Events.ClusterID,
 				},
 			},
 		},
 		"http": map[string]interface{}{
-			"network": cfg.Reva.StorageUsers.HTTPNetwork,
-			"address": cfg.Reva.StorageUsers.HTTPAddr,
+			"network": cfg.HTTP.Protocol,
+			"address": cfg.HTTP.Addr,
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"dataprovider": map[string]interface{}{
-					"prefix":      cfg.Reva.StorageUsers.HTTPPrefix,
-					"driver":      cfg.Reva.StorageUsers.Driver,
-					"drivers":     storagedrivers.UserDrivers(cfg),
+					"prefix":      cfg.HTTP.Prefix,
+					"driver":      cfg.Driver,
+					"drivers":     config.UserDrivers(cfg),
 					"timeout":     86400,
-					"insecure":    cfg.Reva.StorageUsers.DataProvider.Insecure,
+					"insecure":    cfg.DataProviderInsecure,
 					"disable_tus": false,
 				},
 			},
 		},
 	}
-	if cfg.Reva.StorageUsers.ReadOnly {
+	if cfg.ReadOnly {
 		gcfg := rcfg["grpc"].(map[string]interface{})
 		gcfg["interceptors"] = map[string]interface{}{
 			"readonly": map[string]interface{}{},
@@ -153,28 +154,29 @@ type StorageUsersSutureService struct {

 // NewStorageUsersSutureService creates a new storage.StorageUsersSutureService
 func NewStorageUsers(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
+	cfg.StorageUsers.Commons = cfg.Commons
 	return StorageUsersSutureService{
-		cfg: cfg.Storage,
+		cfg: cfg.StorageUsers,
 	}
 }

 func (s StorageUsersSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.StorageUsers.Context = ctx
+	// s.cfg.Reva.StorageUsers.Context = ctx
+	cmd := StorageUsers(s.cfg)
 	f := &flag.FlagSet{}
-	cmdFlags := StorageUsers(s.cfg).Flags
+	cmdFlags := cmd.Flags
 	for k := range cmdFlags {
 		if err := cmdFlags[k].Apply(f); err != nil {
 			return err
 		}
 	}
 	cliCtx := cli.NewContext(nil, f, nil)
-	if StorageUsers(s.cfg).Before != nil {
-		if err := StorageUsers(s.cfg).Before(cliCtx); err != nil {
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
 			return err
 		}
 	}
-	if err := StorageUsers(s.cfg).Action(cliCtx); err != nil {
+	if err := cmd.Action(cliCtx); err != nil {
 		return err
 	}

--- a/extensions/storage-users/pkg/config/config.go
+++ b/extensions/storage-users/pkg/config/config.go
@@ -0,0 +1,196 @@
+package config
+
+import (
+	"context"
+
+	"github.com/owncloud/ocis/ocis-pkg/shared"
+)
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+	HTTP HTTPConfig `yaml:"http"`
+
+	Context               context.Context
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	Driver                string  `yaml:"driver" env:"STORAGE_USERS_DRIVER" desc:"The storage driver which should be used by the service"`
+	Drivers               Drivers `yaml:"drivers"`
+	DataServerURL         string
+	TempFolder            string
+	DataProviderInsecure  bool `env:"OCIS_INSECURE;STORAGE_USERS_DATAPROVIDER_INSECURE"`
+	Events                Events
+	MountID               string
+	ExposeDataServer      bool
+	ReadOnly              bool
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_USERS_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_USERS_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_USERS_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_USERS_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_USERS_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_USERS_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_USERS_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_USERS_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"STORAGE_USERS_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"STORAGE_USERS_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"STORAGE_USERS_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"STORAGE_USERS_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type HTTPConfig struct {
+	Addr     string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+	Prefix   string
+}
+
+type Drivers struct {
+	EOS         EOSDriver
+	Local       LocalDriver
+	OCIS        OCISDriver
+	S3          S3Driver
+	S3NG        S3NGDriver
+	OwnCloudSQL OwnCloudSQLDriver
+}
+
+type EOSDriver struct {
+	// Root is the absolute path to the location of the data
+	Root string `yaml:"root"`
+	// ShadowNamespace for storing shadow data
+	ShadowNamespace string `yaml:"shadow_namespace"`
+	// UploadsNamespace for storing upload data
+	UploadsNamespace string `yaml:"uploads_namespace"`
+	// Location of the eos binary.
+	// Default is /usr/bin/eos.
+	EosBinary string `yaml:"eos_binary"`
+	// Location of the xrdcopy binary.
+	// Default is /usr/bin/xrdcopy.
+	XrdcopyBinary string `yaml:"xrd_copy_binary"`
+	// URL of the Master EOS MGM.
+	// Default is root://eos-example.org
+	MasterURL string `yaml:"master_url"`
+	// URL of the Slave EOS MGM.
+	// Default is root://eos-example.org
+	SlaveURL string `yaml:"slave_url"`
+	// Location on the local fs where to store reads.
+	// Defaults to os.TempDir()
+	CacheDirectory string `yaml:"cache_directory"`
+	// SecProtocol specifies the xrootd security protocol to use between the server and EOS.
+	SecProtocol string `yaml:"sec_protocol"`
+	// Keytab specifies the location of the keytab to use to authenticate to EOS.
+	Keytab string `yaml:"keytab"`
+	// SingleUsername is the username to use when SingleUserMode is enabled
+	SingleUsername string `yaml:"single_username"`
+	// Enables logging of the commands executed
+	// Defaults to false
+	EnableLogging bool `yaml:"enable_logging"`
+	// ShowHiddenSysFiles shows internal EOS files like
+	// .sys.v# and .sys.a# files.
+	ShowHiddenSysFiles bool `yaml:"shadow_hidden_files"`
+	// ForceSingleUserMode will force connections to EOS to use SingleUsername
+	ForceSingleUserMode bool `yaml:"force_single_user_mode"`
+	// UseKeyTabAuth changes will authenticate requests by using an EOS keytab.
+	UseKeytab bool `yaml:"user_keytab"`
+	// gateway service to use for uid lookups
+	GatewaySVC string `yaml:"gateway_svc"`
+	//ShareFolder defines the name of the folder jailing all shares
+	ShareFolder string `yaml:"share_folder"`
+	GRPCURI     string
+	UserLayout  string
+}
+
+type LocalDriver struct {
+	// Root is the absolute path to the location of the data
+	Root string `yaml:"root" env:"STORAGE_USERS_LOCAL_ROOT"`
+	//ShareFolder defines the name of the folder jailing all shares
+	ShareFolder string `yaml:"share_folder"`
+	UserLayout  string
+}
+
+type OCISDriver struct {
+	// Root is the absolute path to the location of the data
+	Root                string `yaml:"root" env:"STORAGE_USERS_OCIS_ROOT"`
+	UserLayout          string
+	PermissionsEndpoint string
+	// PersonalSpaceAliasTemplate  contains the template used to construct
+	// the personal space alias, eg: `"{{.SpaceType}}/{{.User.Username | lower}}"`
+	PersonalSpaceAliasTemplate string `yaml:"personalspacealias_template"`
+	// GeneralSpaceAliasTemplate contains the template used to construct
+	// the general space alias, eg: `{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}`
+	GeneralSpaceAliasTemplate string `yaml:"generalspacealias_template"`
+	//ShareFolder defines the name of the folder jailing all shares
+	ShareFolder string `yaml:"share_folder"`
+}
+
+type S3Driver struct {
+	// Root is the absolute path to the location of the data
+	Root      string `yaml:"root"`
+	Region    string `yaml:"region"`
+	AccessKey string `yaml:"access_key"`
+	SecretKey string `yaml:"secret_key"`
+	Endpoint  string `yaml:"endpoint"`
+	Bucket    string `yaml:"bucket"`
+}
+
+type S3NGDriver struct {
+	// Root is the absolute path to the location of the data
+	Root                string `yaml:"root"`
+	UserLayout          string
+	PermissionsEndpoint string
+	Region              string `yaml:"region"`
+	AccessKey           string `yaml:"access_key"`
+	SecretKey           string `yaml:"secret_key"`
+	Endpoint            string `yaml:"endpoint"`
+	Bucket              string `yaml:"bucket"`
+	// PersonalSpaceAliasTemplate  contains the template used to construct
+	// the personal space alias, eg: `"{{.SpaceType}}/{{.User.Username | lower}}"`
+	PersonalSpaceAliasTemplate string `yaml:"personalspacealias_template"`
+	// GeneralSpaceAliasTemplate contains the template used to construct
+	// the general space alias, eg: `{{.SpaceType}}/{{.SpaceName | replace " " "-" | lower}}`
+	GeneralSpaceAliasTemplate string `yaml:"generalspacealias_template"`
+	//ShareFolder defines the name of the folder jailing all shares
+	ShareFolder string `yaml:"share_folder"`
+}
+
+type OwnCloudSQLDriver struct {
+	// Root is the absolute path to the location of the data
+	Root string `yaml:"root" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DATADIR"`
+	//ShareFolder defines the name of the folder jailing all shares
+	ShareFolder           string `yaml:"share_folder" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_SHARE_FOLDER"`
+	UserLayout            string `env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_LAYOUT"`
+	UploadInfoDir         string `yaml:"upload_info_dir" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_UPLOADINFO_DIR"`
+	DBUsername            string `yaml:"db_username" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DBUSERNAME"`
+	DBPassword            string `yaml:"db_password" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DBPASSWORD"`
+	DBHost                string `yaml:"db_host" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DBHOST"`
+	DBPort                int    `yaml:"db_port" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DBPORT"`
+	DBName                string `yaml:"db_name" env:"STORAGE_USERS_DRIVER_OWNCLOUDSQL_DBNAME"`
+	UsersProviderEndpoint string
+}
+
+type Events struct {
+	Addr      string
+	ClusterID string
+}
--- a/extensions/storage-users/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage-users/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,131 @@
+package defaults
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/storage-users/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9159",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9157",
+			Protocol: "tcp",
+		},
+		HTTP: config.HTTPConfig{
+			Addr:     "127.0.0.1:9158",
+			Protocol: "tcp",
+			Prefix:   "data",
+		},
+		Service: config.Service{
+			Name: "storage-users",
+		},
+		GatewayEndpoint: "127.0.0.1:9142",
+		JWTSecret:       "Pive-Fumkiu4",
+		TempFolder:      filepath.Join(defaults.BaseDataPath(), "tmp", "users"),
+		DataServerURL:   "http://localhost:9158/data",
+		MountID:         "1284d238-aa92-42ce-bdc4-0b0000009157",
+		Driver:          "ocis",
+		Drivers: config.Drivers{
+			EOS: config.EOSDriver{
+				Root:             "/eos/dockertest/reva",
+				ShareFolder:      "/Shares",
+				UserLayout:       "{{substr 0 1 .Username}}/{{.Username}}",
+				ShadowNamespace:  "",
+				UploadsNamespace: "",
+				EosBinary:        "/usr/bin/eos",
+				XrdcopyBinary:    "/usr/bin/xrdcopy",
+				MasterURL:        "root://eos-mgm1.eoscluster.cern.ch:1094",
+				GRPCURI:          "",
+				SlaveURL:         "root://eos-mgm1.eoscluster.cern.ch:1094",
+				CacheDirectory:   os.TempDir(),
+				GatewaySVC:       "127.0.0.1:9142",
+			},
+			Local: config.LocalDriver{
+				Root:        filepath.Join(defaults.BaseDataPath(), "storage", "local", "users"),
+				ShareFolder: "/Shares",
+				UserLayout:  "{{.Username}}",
+			},
+			OwnCloudSQL: config.OwnCloudSQLDriver{
+				Root:          filepath.Join(defaults.BaseDataPath(), "storage", "owncloud"),
+				ShareFolder:   "/Shares",
+				UserLayout:    "{{.Username}}",
+				UploadInfoDir: filepath.Join(defaults.BaseDataPath(), "storage", "uploadinfo"),
+				DBUsername:    "owncloud",
+				DBPassword:    "owncloud",
+				DBHost:        "",
+				DBPort:        3306,
+				DBName:        "owncloud",
+			},
+			S3: config.S3Driver{
+				Region: "default",
+			},
+			S3NG: config.S3NGDriver{
+				Root:                       filepath.Join(defaults.BaseDataPath(), "storage", "users"),
+				ShareFolder:                "/Shares",
+				UserLayout:                 "{{.Id.OpaqueId}}",
+				Region:                     "default",
+				PersonalSpaceAliasTemplate: "{{.SpaceType}}/{{.User.Username | lower}}",
+				GeneralSpaceAliasTemplate:  "{{.SpaceType}}/{{.SpaceName | replace \" \" \"-\" | lower}}",
+				PermissionsEndpoint:        "127.0.0.1:9191",
+			},
+			OCIS: config.OCISDriver{
+				Root:                       filepath.Join(defaults.BaseDataPath(), "storage", "users"),
+				ShareFolder:                "/Shares",
+				UserLayout:                 "{{.Id.OpaqueId}}",
+				PersonalSpaceAliasTemplate: "{{.SpaceType}}/{{.User.Username | lower}}",
+				GeneralSpaceAliasTemplate:  "{{.SpaceType}}/{{.SpaceName | replace \" \" \"-\" | lower}}",
+				PermissionsEndpoint:        "127.0.0.1:9191",
+			},
+		},
+		Events: config.Events{
+			Addr:      "127.0.0.1:9233",
+			ClusterID: "ocis-cluster",
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/extensions/storage-users/pkg/config/user.go
+++ b/extensions/storage-users/pkg/config/user.go
@@ -0,0 +1,122 @@
+package config
+
+func UserDrivers(cfg *Config) map[string]interface{} {
+	return map[string]interface{}{
+		"eos": map[string]interface{}{
+			"namespace":              cfg.Drivers.EOS.Root,
+			"shadow_namespace":       cfg.Drivers.EOS.ShadowNamespace,
+			"uploads_namespace":      cfg.Drivers.EOS.UploadsNamespace,
+			"share_folder":           cfg.Drivers.EOS.ShareFolder,
+			"eos_binary":             cfg.Drivers.EOS.EosBinary,
+			"xrdcopy_binary":         cfg.Drivers.EOS.XrdcopyBinary,
+			"master_url":             cfg.Drivers.EOS.MasterURL,
+			"slave_url":              cfg.Drivers.EOS.SlaveURL,
+			"cache_directory":        cfg.Drivers.EOS.CacheDirectory,
+			"sec_protocol":           cfg.Drivers.EOS.SecProtocol,
+			"keytab":                 cfg.Drivers.EOS.Keytab,
+			"single_username":        cfg.Drivers.EOS.SingleUsername,
+			"enable_logging":         cfg.Drivers.EOS.EnableLogging,
+			"show_hidden_sys_files":  cfg.Drivers.EOS.ShowHiddenSysFiles,
+			"force_single_user_mode": cfg.Drivers.EOS.ForceSingleUserMode,
+			"use_keytab":             cfg.Drivers.EOS.UseKeytab,
+			"gatewaysvc":             cfg.Drivers.EOS.GatewaySVC,
+		},
+		"eoshome": map[string]interface{}{
+			"namespace":              cfg.Drivers.EOS.Root,
+			"shadow_namespace":       cfg.Drivers.EOS.ShadowNamespace,
+			"uploads_namespace":      cfg.Drivers.EOS.UploadsNamespace,
+			"share_folder":           cfg.Drivers.EOS.ShareFolder,
+			"eos_binary":             cfg.Drivers.EOS.EosBinary,
+			"xrdcopy_binary":         cfg.Drivers.EOS.XrdcopyBinary,
+			"master_url":             cfg.Drivers.EOS.MasterURL,
+			"slave_url":              cfg.Drivers.EOS.SlaveURL,
+			"cache_directory":        cfg.Drivers.EOS.CacheDirectory,
+			"sec_protocol":           cfg.Drivers.EOS.SecProtocol,
+			"keytab":                 cfg.Drivers.EOS.Keytab,
+			"single_username":        cfg.Drivers.EOS.SingleUsername,
+			"user_layout":            cfg.Drivers.EOS.UserLayout,
+			"enable_logging":         cfg.Drivers.EOS.EnableLogging,
+			"show_hidden_sys_files":  cfg.Drivers.EOS.ShowHiddenSysFiles,
+			"force_single_user_mode": cfg.Drivers.EOS.ForceSingleUserMode,
+			"use_keytab":             cfg.Drivers.EOS.UseKeytab,
+			"gatewaysvc":             cfg.Drivers.EOS.GatewaySVC,
+		},
+		"eosgrpc": map[string]interface{}{
+			"namespace":              cfg.Drivers.EOS.Root,
+			"shadow_namespace":       cfg.Drivers.EOS.ShadowNamespace,
+			"share_folder":           cfg.Drivers.EOS.ShareFolder,
+			"eos_binary":             cfg.Drivers.EOS.EosBinary,
+			"xrdcopy_binary":         cfg.Drivers.EOS.XrdcopyBinary,
+			"master_url":             cfg.Drivers.EOS.MasterURL,
+			"master_grpc_uri":        cfg.Drivers.EOS.GRPCURI,
+			"slave_url":              cfg.Drivers.EOS.SlaveURL,
+			"cache_directory":        cfg.Drivers.EOS.CacheDirectory,
+			"sec_protocol":           cfg.Drivers.EOS.SecProtocol,
+			"keytab":                 cfg.Drivers.EOS.Keytab,
+			"single_username":        cfg.Drivers.EOS.SingleUsername,
+			"user_layout":            cfg.Drivers.EOS.UserLayout,
+			"enable_logging":         cfg.Drivers.EOS.EnableLogging,
+			"show_hidden_sys_files":  cfg.Drivers.EOS.ShowHiddenSysFiles,
+			"force_single_user_mode": cfg.Drivers.EOS.ForceSingleUserMode,
+			"use_keytab":             cfg.Drivers.EOS.UseKeytab,
+			"enable_home":            false,
+			"gatewaysvc":             cfg.Drivers.EOS.GatewaySVC,
+		},
+		"local": map[string]interface{}{
+			"root":         cfg.Drivers.Local.Root,
+			"share_folder": cfg.Drivers.Local.ShareFolder,
+		},
+		"localhome": map[string]interface{}{
+			"root":         cfg.Drivers.Local.Root,
+			"share_folder": cfg.Drivers.Local.ShareFolder,
+			"user_layout":  cfg.Drivers.Local.UserLayout,
+		},
+		"owncloudsql": map[string]interface{}{
+			"datadirectory":   cfg.Drivers.OwnCloudSQL.Root,
+			"upload_info_dir": cfg.Drivers.OwnCloudSQL.UploadInfoDir,
+			"share_folder":    cfg.Drivers.OwnCloudSQL.ShareFolder,
+			"user_layout":     cfg.Drivers.OwnCloudSQL.UserLayout,
+			"enable_home":     false,
+			"dbusername":      cfg.Drivers.OwnCloudSQL.DBUsername,
+			"dbpassword":      cfg.Drivers.OwnCloudSQL.DBPassword,
+			"dbhost":          cfg.Drivers.OwnCloudSQL.DBHost,
+			"dbport":          cfg.Drivers.OwnCloudSQL.DBPort,
+			"dbname":          cfg.Drivers.OwnCloudSQL.DBName,
+			"userprovidersvc": cfg.Drivers.OwnCloudSQL.UsersProviderEndpoint,
+		},
+		"ocis": map[string]interface{}{
+			"root":                        cfg.Drivers.OCIS.Root,
+			"user_layout":                 cfg.Drivers.OCIS.UserLayout,
+			"share_folder":                cfg.Drivers.OCIS.ShareFolder,
+			"personalspacealias_template": cfg.Drivers.OCIS.PersonalSpaceAliasTemplate,
+			"generalspacealias_template":  cfg.Drivers.OCIS.GeneralSpaceAliasTemplate,
+			"treetime_accounting":         true,
+			"treesize_accounting":         true,
+			"permissionssvc":              cfg.Drivers.OCIS.PermissionsEndpoint,
+		},
+		"s3": map[string]interface{}{
+			"enable_home": false,
+			"region":      cfg.Drivers.S3.Region,
+			"access_key":  cfg.Drivers.S3.AccessKey,
+			"secret_key":  cfg.Drivers.S3.SecretKey,
+			"endpoint":    cfg.Drivers.S3.Endpoint,
+			"bucket":      cfg.Drivers.S3.Bucket,
+			"prefix":      cfg.Drivers.S3.Root,
+		},
+		"s3ng": map[string]interface{}{
+			"root":                        cfg.Drivers.S3NG.Root,
+			"user_layout":                 cfg.Drivers.S3NG.UserLayout,
+			"share_folder":                cfg.Drivers.S3NG.ShareFolder,
+			"personalspacealias_template": cfg.Drivers.S3NG.PersonalSpaceAliasTemplate,
+			"generalspacealias_template":  cfg.Drivers.S3NG.GeneralSpaceAliasTemplate,
+			"treetime_accounting":         true,
+			"treesize_accounting":         true,
+			"permissionssvc":              cfg.Drivers.S3NG.PermissionsEndpoint,
+			"s3.region":                   cfg.Drivers.S3NG.Region,
+			"s3.access_key":               cfg.Drivers.S3NG.AccessKey,
+			"s3.secret_key":               cfg.Drivers.S3NG.SecretKey,
+			"s3.endpoint":                 cfg.Drivers.S3NG.Endpoint,
+			"s3.bucket":                   cfg.Drivers.S3NG.Bucket,
+		},
+	}
+}
--- a/extensions/storage/pkg/command/health.go
+++ b/extensions/storage/pkg/command/health.go
@@ -14,9 +14,6 @@ func Health(cfg *config.Config) *cli.Command {
 		Name:     "health",
 		Usage:    "check health status",
 		Category: "info",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage")
-		},
 		Action: func(c *cli.Context) error {
 			logger := NewLogger(cfg)

--- a/extensions/storage/pkg/command/ldapcfg.go
+++ b/extensions/storage/pkg/command/ldapcfg.go
@@ -1,60 +0,0 @@
-package command
-
-import (
-	"errors"
-	"os"
-	"time"
-
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/log"
-)
-
-const caTimeout = 5
-
-func ldapConfigFromString(cfg *config.Config) map[string]interface{} {
-	return map[string]interface{}{
-		"uri":               cfg.Reva.LDAP.URI,
-		"cacert":            cfg.Reva.LDAP.CACert,
-		"insecure":          cfg.Reva.LDAP.Insecure,
-		"bind_username":     cfg.Reva.LDAP.BindDN,
-		"bind_password":     cfg.Reva.LDAP.BindPassword,
-		"user_base_dn":      cfg.Reva.LDAP.UserBaseDN,
-		"group_base_dn":     cfg.Reva.LDAP.GroupBaseDN,
-		"user_filter":       cfg.Reva.LDAP.UserFilter,
-		"group_filter":      cfg.Reva.LDAP.GroupFilter,
-		"user_objectclass":  cfg.Reva.LDAP.UserObjectClass,
-		"group_objectclass": cfg.Reva.LDAP.GroupObjectClass,
-		"login_attributes":  cfg.Reva.LDAP.LoginAttributes,
-		"idp":               cfg.Reva.LDAP.IDP,
-		"gatewaysvc":        cfg.Reva.Gateway.Endpoint,
-		"user_schema": map[string]interface{}{
-			"id":              cfg.Reva.LDAP.UserSchema.ID,
-			"idIsOctetString": cfg.Reva.LDAP.UserSchema.IDIsOctetString,
-			"mail":            cfg.Reva.LDAP.UserSchema.Mail,
-			"displayName":     cfg.Reva.LDAP.UserSchema.DisplayName,
-			"userName":        cfg.Reva.LDAP.UserSchema.Username,
-		},
-		"group_schema": map[string]interface{}{
-			"id":              cfg.Reva.LDAP.GroupSchema.ID,
-			"idIsOctetString": cfg.Reva.LDAP.GroupSchema.IDIsOctetString,
-			"mail":            cfg.Reva.LDAP.GroupSchema.Mail,
-			"displayName":     cfg.Reva.LDAP.GroupSchema.DisplayName,
-			"groupName":       cfg.Reva.LDAP.GroupSchema.Groupname,
-			"member":          cfg.Reva.LDAP.GroupSchema.Member,
-		},
-	}
-}
-
-func waitForLDAPCA(log log.Logger, cfg *config.LDAP) error {
-	if !cfg.Insecure && cfg.CACert != "" {
-		if _, err := os.Stat(cfg.CACert); errors.Is(err, os.ErrNotExist) {
-			log.Warn().Str("LDAP CACert", cfg.CACert).Msgf("File does not exist. Waiting %d seconds for it to appear.", caTimeout)
-			time.Sleep(caTimeout * time.Second)
-			if _, err := os.Stat(cfg.CACert); errors.Is(err, os.ErrNotExist) {
-				log.Warn().Str("LDAP CACert", cfg.CACert).Msgf("File does still not exist after Timeout")
-				return err
-			}
-		}
-	}
-	return nil
-}
--- a/extensions/storage/pkg/command/ocdav.go
+++ b/extensions/storage/pkg/command/ocdav.go
@@ -1,134 +0,0 @@
-package command
-
-import (
-	"context"
-	"flag"
-
-	"github.com/cs3org/reva/v2/pkg/micro/ocdav"
-	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
-	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/sync"
-	"github.com/thejerf/suture/v4"
-	"github.com/urfave/cli/v2"
-)
-
-// OCDav is the entrypoint for the ocdav command.
-// TODO move ocdav cmd to a separate service
-func OCDav(cfg *config.Config) *cli.Command {
-	return &cli.Command{
-		Name:  "ocdav",
-		Usage: "start ocdav service",
-		Before: func(c *cli.Context) error {
-			if err := loadUserAgent(c, cfg); err != nil {
-				return err
-			}
-			return ParseConfig(c, cfg, "ocdav")
-		},
-		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
-
-			gr := run.Group{}
-			ctx, cancel := context.WithCancel(context.Background())
-			//metrics     = metrics.New()
-
-			defer cancel()
-
-			gr.Add(func() error {
-				s, err := ocdav.Service(
-					ocdav.Context(ctx),
-					ocdav.Logger(logger.Logger),
-					ocdav.Address(cfg.OCDav.Addr),
-					ocdav.FilesNamespace(cfg.OCDav.FilesNamespace),
-					ocdav.WebdavNamespace(cfg.OCDav.WebdavNamespace),
-					ocdav.SharesNamespace(cfg.OCDav.SharesNamespace),
-					ocdav.Timeout(cfg.OCDav.Timeout),
-					ocdav.Insecure(cfg.OCDav.Insecure),
-					ocdav.PublicURL(cfg.OCDav.PublicURL),
-					ocdav.Prefix(cfg.OCDav.Prefix),
-					ocdav.GatewaySvc(cfg.OCDav.GatewaySVC),
-					ocdav.JWTSecret(cfg.OCDav.JWTSecret),
-					// ocdav.FavoriteManager() // FIXME needs a proper persistence implementation
-					// ocdav.LockSystem(), // will default to the CS3 lock system
-					// ocdav.TLSConfig() // tls config for the http server
-				)
-				if err != nil {
-					return err
-				}
-
-				return s.Run()
-			}, func(err error) {
-				logger.Info().Err(err).Str("server", c.Command.Name).Msg("Shutting down server")
-				cancel()
-			})
-
-			{
-				server, err := debug.Server(
-					debug.Name(c.Command.Name+"-debug"),
-					debug.Addr(cfg.OCDav.DebugAddr),
-					debug.Logger(logger),
-					debug.Context(ctx),
-					debug.Config(cfg),
-				)
-
-				if err != nil {
-					logger.Info().
-						Err(err).
-						Str("server", "debug").
-						Msg("Failed to initialize server")
-
-					return err
-				}
-
-				gr.Add(server.ListenAndServe, func(_ error) {
-					cancel()
-				})
-			}
-
-			if !cfg.Reva.Frontend.Supervised {
-				sync.Trap(&gr, cancel)
-			}
-
-			return gr.Run()
-		},
-	}
-}
-
-// OCDavSutureService allows for the ocdav command to be embedded and supervised by a suture supervisor tree.
-type OCDavSutureService struct {
-	cfg *config.Config
-}
-
-// NewOCDav creates a new ocdav.OCDavSutureService
-func NewOCDav(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
-	return OCDavSutureService{
-		cfg: cfg.Storage,
-	}
-}
-
-func (s OCDavSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Frontend.Context = ctx
-	f := &flag.FlagSet{}
-	cmdFlags := OCDav(s.cfg).Flags
-	for k := range cmdFlags {
-		if err := cmdFlags[k].Apply(f); err != nil {
-			return err
-		}
-	}
-	cliCtx := cli.NewContext(nil, f, nil)
-	if OCDav(s.cfg).Before != nil {
-		if err := OCDav(s.cfg).Before(cliCtx); err != nil {
-			return err
-		}
-	}
-	if err := OCDav(s.cfg).Action(cliCtx); err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/extensions/storage/pkg/command/root.go
+++ b/extensions/storage/pkg/command/root.go
@@ -12,19 +12,6 @@ import (
 // GetCommands provides all commands for this service
 func GetCommands(cfg *config.Config) cli.Commands {
 	return []*cli.Command{
-		Frontend(cfg),
-		Gateway(cfg),
-		Users(cfg),
-		Groups(cfg),
-		AppProvider(cfg),
-		AuthBasic(cfg),
-		AuthBearer(cfg),
-		AuthMachine(cfg),
-		Sharing(cfg),
-		StoragePublicLink(cfg),
-		StorageShares(cfg),
-		StorageUsers(cfg),
-		StorageMetadata(cfg),
 		Health(cfg),
 	}
 }
@@ -35,10 +22,6 @@ func Execute(cfg *config.Config) error {
 		Name:  "storage",
 		Usage: "Storage service for oCIS",

-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage")
-		},
-
 		Commands: GetCommands(cfg),
 	})

--- a/extensions/storage/pkg/command/sharing.go
+++ b/extensions/storage/pkg/command/sharing.go
@@ -1,240 +0,0 @@
-package command
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path"
-	"path/filepath"
-
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
-
-	"github.com/owncloud/ocis/ocis-pkg/sync"
-
-	"github.com/cs3org/reva/v2/cmd/revad/runtime"
-	"github.com/gofrs/uuid"
-	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/thejerf/suture/v4"
-	"github.com/urfave/cli/v2"
-)
-
-// Sharing is the entrypoint for the sharing command.
-func Sharing(cfg *config.Config) *cli.Command {
-	return &cli.Command{
-		Name:  "sharing",
-		Usage: "start sharing service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-sharing")
-		},
-		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
-
-			gr := run.Group{}
-			ctx, cancel := context.WithCancel(context.Background())
-
-			defer cancel()
-
-			// precreate folders
-			if cfg.Reva.Sharing.UserDriver == "json" && cfg.Reva.Sharing.UserJSONFile != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.Sharing.UserJSONFile), os.FileMode(0700)); err != nil {
-					return err
-				}
-			}
-			if cfg.Reva.Sharing.PublicDriver == "json" && cfg.Reva.Sharing.PublicJSONFile != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.Sharing.PublicJSONFile), os.FileMode(0700)); err != nil {
-					return err
-				}
-			}
-
-			uuid := uuid.Must(uuid.NewV4())
-			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
-
-			rcfg := sharingConfigFromStruct(c, cfg)
-
-			gr.Add(func() error {
-				runtime.RunWithOptions(
-					rcfg,
-					pidFile,
-					runtime.WithLogger(&logger.Logger),
-				)
-				return nil
-			}, func(_ error) {
-				logger.Info().
-					Str("server", c.Command.Name).
-					Msg("Shutting down server")
-
-				cancel()
-			})
-
-			debug, err := debug.Server(
-				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.Sharing.DebugAddr),
-				debug.Logger(logger),
-				debug.Context(ctx),
-				debug.Config(cfg),
-			)
-
-			if err != nil {
-				logger.Info().Err(err).Str("server", c.Command.Name+"-debug").Msg("Failed to initialize server")
-				return err
-			}
-
-			gr.Add(debug.ListenAndServe, func(_ error) {
-				cancel()
-			})
-
-			if !cfg.Reva.Sharing.Supervised {
-				sync.Trap(&gr, cancel)
-			}
-
-			return gr.Run()
-		},
-	}
-}
-
-// sharingConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
-func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
-	rcfg := map[string]interface{}{
-		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.Sharing.MaxCPUs,
-			"tracing_enabled":      cfg.Tracing.Enabled,
-			"tracing_endpoint":     cfg.Tracing.Endpoint,
-			"tracing_collector":    cfg.Tracing.Collector,
-			"tracing_service_name": c.Command.Name,
-		},
-		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
-		},
-		"grpc": map[string]interface{}{
-			"network": cfg.Reva.Sharing.GRPCNetwork,
-			"address": cfg.Reva.Sharing.GRPCAddr,
-			// TODO build services dynamically
-			"services": map[string]interface{}{
-				"usershareprovider": map[string]interface{}{
-					"driver": cfg.Reva.Sharing.UserDriver,
-					"drivers": map[string]interface{}{
-						"json": map[string]interface{}{
-							"file":         cfg.Reva.Sharing.UserJSONFile,
-							"gateway_addr": cfg.Reva.Gateway.Endpoint,
-						},
-						"sql": map[string]interface{}{ // cernbox sql
-							"db_username":                   cfg.Reva.Sharing.UserSQLUsername,
-							"db_password":                   cfg.Reva.Sharing.UserSQLPassword,
-							"db_host":                       cfg.Reva.Sharing.UserSQLHost,
-							"db_port":                       cfg.Reva.Sharing.UserSQLPort,
-							"db_name":                       cfg.Reva.Sharing.UserSQLName,
-							"password_hash_cost":            cfg.Reva.Sharing.PublicPasswordHashCost,
-							"enable_expired_shares_cleanup": cfg.Reva.Sharing.PublicEnableExpiredSharesCleanup,
-							"janitor_run_interval":          cfg.Reva.Sharing.PublicJanitorRunInterval,
-						},
-						"owncloudsql": map[string]interface{}{
-							"gateway_addr":     cfg.Reva.Gateway.Endpoint,
-							"storage_mount_id": cfg.Reva.Sharing.UserStorageMountID,
-							"db_username":      cfg.Reva.Sharing.UserSQLUsername,
-							"db_password":      cfg.Reva.Sharing.UserSQLPassword,
-							"db_host":          cfg.Reva.Sharing.UserSQLHost,
-							"db_port":          cfg.Reva.Sharing.UserSQLPort,
-							"db_name":          cfg.Reva.Sharing.UserSQLName,
-						},
-						"cs3": map[string]interface{}{
-							"gateway_addr":        cfg.Reva.Gateway.Endpoint,
-							"provider_addr":       cfg.Reva.Sharing.CS3ProviderAddr,
-							"service_user_id":     cfg.Reva.Sharing.CS3ServiceUser,
-							"service_user_idp":    cfg.Reva.Sharing.CS3ServiceUserIdp,
-							"machine_auth_apikey": cfg.Reva.AuthMachineConfig.MachineAuthAPIKey,
-						},
-					},
-				},
-				"publicshareprovider": map[string]interface{}{
-					"driver": cfg.Reva.Sharing.PublicDriver,
-					"drivers": map[string]interface{}{
-						"json": map[string]interface{}{
-							"file":         cfg.Reva.Sharing.PublicJSONFile,
-							"gateway_addr": cfg.Reva.Gateway.Endpoint,
-						},
-						"sql": map[string]interface{}{
-							"db_username":                   cfg.Reva.Sharing.UserSQLUsername,
-							"db_password":                   cfg.Reva.Sharing.UserSQLPassword,
-							"db_host":                       cfg.Reva.Sharing.UserSQLHost,
-							"db_port":                       cfg.Reva.Sharing.UserSQLPort,
-							"db_name":                       cfg.Reva.Sharing.UserSQLName,
-							"password_hash_cost":            cfg.Reva.Sharing.PublicPasswordHashCost,
-							"enable_expired_shares_cleanup": cfg.Reva.Sharing.PublicEnableExpiredSharesCleanup,
-							"janitor_run_interval":          cfg.Reva.Sharing.PublicJanitorRunInterval,
-						},
-						"owncloudsql": map[string]interface{}{
-							"gateway_addr":                  cfg.Reva.Gateway.Endpoint,
-							"storage_mount_id":              cfg.Reva.Sharing.UserStorageMountID,
-							"db_username":                   cfg.Reva.Sharing.UserSQLUsername,
-							"db_password":                   cfg.Reva.Sharing.UserSQLPassword,
-							"db_host":                       cfg.Reva.Sharing.UserSQLHost,
-							"db_port":                       cfg.Reva.Sharing.UserSQLPort,
-							"db_name":                       cfg.Reva.Sharing.UserSQLName,
-							"password_hash_cost":            cfg.Reva.Sharing.PublicPasswordHashCost,
-							"enable_expired_shares_cleanup": cfg.Reva.Sharing.PublicEnableExpiredSharesCleanup,
-							"janitor_run_interval":          cfg.Reva.Sharing.PublicJanitorRunInterval,
-						},
-						"cs3": map[string]interface{}{
-							"gateway_addr":        cfg.Reva.Gateway.Endpoint,
-							"provider_addr":       cfg.Reva.Sharing.CS3ProviderAddr,
-							"service_user_id":     cfg.Reva.Sharing.CS3ServiceUser,
-							"service_user_idp":    cfg.Reva.Sharing.CS3ServiceUserIdp,
-							"machine_auth_apikey": cfg.Reva.AuthMachineConfig.MachineAuthAPIKey,
-						},
-					},
-				},
-			},
-			"interceptors": map[string]interface{}{
-				"eventsmiddleware": map[string]interface{}{
-					"group":     "sharing",
-					"type":      "nats",
-					"address":   cfg.Reva.Sharing.Events.Address,
-					"clusterID": cfg.Reva.Sharing.Events.ClusterID,
-				},
-			},
-		},
-	}
-	return rcfg
-}
-
-// SharingSutureService allows for the storage-sharing command to be embedded and supervised by a suture supervisor tree.
-type SharingSutureService struct {
-	cfg *config.Config
-}
-
-// NewSharingSutureService creates a new store.SharingSutureService
-func NewSharing(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
-	return SharingSutureService{
-		cfg: cfg.Storage,
-	}
-}
-
-func (s SharingSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Sharing.Context = ctx
-	f := &flag.FlagSet{}
-	cmdFlags := Sharing(s.cfg).Flags
-	for k := range cmdFlags {
-		if err := cmdFlags[k].Apply(f); err != nil {
-			return err
-		}
-	}
-	cliCtx := cli.NewContext(nil, f, nil)
-	if Sharing(s.cfg).Before != nil {
-		if err := Sharing(s.cfg).Before(cliCtx); err != nil {
-			return err
-		}
-	}
-	if err := Sharing(s.cfg).Action(cliCtx); err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/extensions/storage/pkg/command/storagedrivers/metadata.go
+++ b/extensions/storage/pkg/command/storagedrivers/metadata.go
@@ -1,79 +0,0 @@
-package storagedrivers
-
-import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-)
-
-func MetadataDrivers(cfg *config.Config) map[string]interface{} {
-	return map[string]interface{}{
-		"eos": map[string]interface{}{
-			"namespace":              cfg.Reva.MetadataStorage.EOS.Root,
-			"shadow_namespace":       cfg.Reva.MetadataStorage.EOS.ShadowNamespace,
-			"uploads_namespace":      cfg.Reva.MetadataStorage.EOS.UploadsNamespace,
-			"eos_binary":             cfg.Reva.MetadataStorage.EOS.EosBinary,
-			"xrdcopy_binary":         cfg.Reva.MetadataStorage.EOS.XrdcopyBinary,
-			"master_url":             cfg.Reva.MetadataStorage.EOS.MasterURL,
-			"slave_url":              cfg.Reva.MetadataStorage.EOS.SlaveURL,
-			"cache_directory":        cfg.Reva.MetadataStorage.EOS.CacheDirectory,
-			"sec_protocol":           cfg.Reva.MetadataStorage.EOS.SecProtocol,
-			"keytab":                 cfg.Reva.MetadataStorage.EOS.Keytab,
-			"single_username":        cfg.Reva.MetadataStorage.EOS.SingleUsername,
-			"enable_logging":         cfg.Reva.MetadataStorage.EOS.EnableLogging,
-			"show_hidden_sys_files":  cfg.Reva.MetadataStorage.EOS.ShowHiddenSysFiles,
-			"force_single_user_mode": cfg.Reva.MetadataStorage.EOS.ForceSingleUserMode,
-			"use_keytab":             cfg.Reva.MetadataStorage.EOS.UseKeytab,
-			"gatewaysvc":             cfg.Reva.MetadataStorage.EOS.GatewaySVC,
-			"enable_home":            false,
-		},
-		"eosgrpc": map[string]interface{}{
-			"namespace":              cfg.Reva.MetadataStorage.EOS.Root,
-			"shadow_namespace":       cfg.Reva.MetadataStorage.EOS.ShadowNamespace,
-			"eos_binary":             cfg.Reva.MetadataStorage.EOS.EosBinary,
-			"xrdcopy_binary":         cfg.Reva.MetadataStorage.EOS.XrdcopyBinary,
-			"master_url":             cfg.Reva.MetadataStorage.EOS.MasterURL,
-			"master_grpc_uri":        cfg.Reva.MetadataStorage.EOS.GrpcURI,
-			"slave_url":              cfg.Reva.MetadataStorage.EOS.SlaveURL,
-			"cache_directory":        cfg.Reva.MetadataStorage.EOS.CacheDirectory,
-			"sec_protocol":           cfg.Reva.MetadataStorage.EOS.SecProtocol,
-			"keytab":                 cfg.Reva.MetadataStorage.EOS.Keytab,
-			"single_username":        cfg.Reva.MetadataStorage.EOS.SingleUsername,
-			"user_layout":            cfg.Reva.MetadataStorage.EOS.UserLayout,
-			"enable_logging":         cfg.Reva.MetadataStorage.EOS.EnableLogging,
-			"show_hidden_sys_files":  cfg.Reva.MetadataStorage.EOS.ShowHiddenSysFiles,
-			"force_single_user_mode": cfg.Reva.MetadataStorage.EOS.ForceSingleUserMode,
-			"use_keytab":             cfg.Reva.MetadataStorage.EOS.UseKeytab,
-			"enable_home":            false,
-			"gatewaysvc":             cfg.Reva.MetadataStorage.EOS.GatewaySVC,
-		},
-		"local": map[string]interface{}{
-			"root": cfg.Reva.MetadataStorage.Local.Root,
-		},
-		"ocis": map[string]interface{}{
-			"root":                cfg.Reva.MetadataStorage.OCIS.Root,
-			"user_layout":         cfg.Reva.MetadataStorage.OCIS.UserLayout,
-			"treetime_accounting": false,
-			"treesize_accounting": false,
-			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
-		},
-		"s3": map[string]interface{}{
-			"region":     cfg.Reva.MetadataStorage.S3.Region,
-			"access_key": cfg.Reva.MetadataStorage.S3.AccessKey,
-			"secret_key": cfg.Reva.MetadataStorage.S3.SecretKey,
-			"endpoint":   cfg.Reva.MetadataStorage.S3.Endpoint,
-			"bucket":     cfg.Reva.MetadataStorage.S3.Bucket,
-		},
-		"s3ng": map[string]interface{}{
-			"root":                cfg.Reva.MetadataStorage.S3NG.Root,
-			"enable_home":         false,
-			"user_layout":         cfg.Reva.MetadataStorage.S3NG.UserLayout,
-			"treetime_accounting": false,
-			"treesize_accounting": false,
-			"permissionssvc":      cfg.Reva.Permissions.Endpoint,
-			"s3.region":           cfg.Reva.MetadataStorage.S3NG.Region,
-			"s3.access_key":       cfg.Reva.MetadataStorage.S3NG.AccessKey,
-			"s3.secret_key":       cfg.Reva.MetadataStorage.S3NG.SecretKey,
-			"s3.endpoint":         cfg.Reva.MetadataStorage.S3NG.Endpoint,
-			"s3.bucket":           cfg.Reva.MetadataStorage.S3NG.Bucket,
-		},
-	}
-}
--- a/extensions/storage/pkg/command/storagedrivers/user.go
+++ b/extensions/storage/pkg/command/storagedrivers/user.go
@@ -1,126 +0,0 @@
-package storagedrivers
-
-import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-)
-
-func UserDrivers(cfg *config.Config) map[string]interface{} {
-	return map[string]interface{}{
-		"eos": map[string]interface{}{
-			"namespace":              cfg.Reva.UserStorage.EOS.Root,
-			"shadow_namespace":       cfg.Reva.UserStorage.EOS.ShadowNamespace,
-			"uploads_namespace":      cfg.Reva.UserStorage.EOS.UploadsNamespace,
-			"share_folder":           cfg.Reva.UserStorage.EOS.ShareFolder,
-			"eos_binary":             cfg.Reva.UserStorage.EOS.EosBinary,
-			"xrdcopy_binary":         cfg.Reva.UserStorage.EOS.XrdcopyBinary,
-			"master_url":             cfg.Reva.UserStorage.EOS.MasterURL,
-			"slave_url":              cfg.Reva.UserStorage.EOS.SlaveURL,
-			"cache_directory":        cfg.Reva.UserStorage.EOS.CacheDirectory,
-			"sec_protocol":           cfg.Reva.UserStorage.EOS.SecProtocol,
-			"keytab":                 cfg.Reva.UserStorage.EOS.Keytab,
-			"single_username":        cfg.Reva.UserStorage.EOS.SingleUsername,
-			"enable_logging":         cfg.Reva.UserStorage.EOS.EnableLogging,
-			"show_hidden_sys_files":  cfg.Reva.UserStorage.EOS.ShowHiddenSysFiles,
-			"force_single_user_mode": cfg.Reva.UserStorage.EOS.ForceSingleUserMode,
-			"use_keytab":             cfg.Reva.UserStorage.EOS.UseKeytab,
-			"gatewaysvc":             cfg.Reva.UserStorage.EOS.GatewaySVC,
-		},
-		"eoshome": map[string]interface{}{
-			"namespace":              cfg.Reva.UserStorage.EOS.Root,
-			"shadow_namespace":       cfg.Reva.UserStorage.EOS.ShadowNamespace,
-			"uploads_namespace":      cfg.Reva.UserStorage.EOS.UploadsNamespace,
-			"share_folder":           cfg.Reva.UserStorage.EOS.ShareFolder,
-			"eos_binary":             cfg.Reva.UserStorage.EOS.EosBinary,
-			"xrdcopy_binary":         cfg.Reva.UserStorage.EOS.XrdcopyBinary,
-			"master_url":             cfg.Reva.UserStorage.EOS.MasterURL,
-			"slave_url":              cfg.Reva.UserStorage.EOS.SlaveURL,
-			"cache_directory":        cfg.Reva.UserStorage.EOS.CacheDirectory,
-			"sec_protocol":           cfg.Reva.UserStorage.EOS.SecProtocol,
-			"keytab":                 cfg.Reva.UserStorage.EOS.Keytab,
-			"single_username":        cfg.Reva.UserStorage.EOS.SingleUsername,
-			"user_layout":            cfg.Reva.UserStorage.EOS.UserLayout,
-			"enable_logging":         cfg.Reva.UserStorage.EOS.EnableLogging,
-			"show_hidden_sys_files":  cfg.Reva.UserStorage.EOS.ShowHiddenSysFiles,
-			"force_single_user_mode": cfg.Reva.UserStorage.EOS.ForceSingleUserMode,
-			"use_keytab":             cfg.Reva.UserStorage.EOS.UseKeytab,
-			"gatewaysvc":             cfg.Reva.UserStorage.EOS.GatewaySVC,
-		},
-		"eosgrpc": map[string]interface{}{
-			"namespace":              cfg.Reva.UserStorage.EOS.Root,
-			"shadow_namespace":       cfg.Reva.UserStorage.EOS.ShadowNamespace,
-			"share_folder":           cfg.Reva.UserStorage.EOS.ShareFolder,
-			"eos_binary":             cfg.Reva.UserStorage.EOS.EosBinary,
-			"xrdcopy_binary":         cfg.Reva.UserStorage.EOS.XrdcopyBinary,
-			"master_url":             cfg.Reva.UserStorage.EOS.MasterURL,
-			"master_grpc_uri":        cfg.Reva.UserStorage.EOS.GrpcURI,
-			"slave_url":              cfg.Reva.UserStorage.EOS.SlaveURL,
-			"cache_directory":        cfg.Reva.UserStorage.EOS.CacheDirectory,
-			"sec_protocol":           cfg.Reva.UserStorage.EOS.SecProtocol,
-			"keytab":                 cfg.Reva.UserStorage.EOS.Keytab,
-			"single_username":        cfg.Reva.UserStorage.EOS.SingleUsername,
-			"user_layout":            cfg.Reva.UserStorage.EOS.UserLayout,
-			"enable_logging":         cfg.Reva.UserStorage.EOS.EnableLogging,
-			"show_hidden_sys_files":  cfg.Reva.UserStorage.EOS.ShowHiddenSysFiles,
-			"force_single_user_mode": cfg.Reva.UserStorage.EOS.ForceSingleUserMode,
-			"use_keytab":             cfg.Reva.UserStorage.EOS.UseKeytab,
-			"enable_home":            false,
-			"gatewaysvc":             cfg.Reva.UserStorage.EOS.GatewaySVC,
-		},
-		"local": map[string]interface{}{
-			"root":         cfg.Reva.UserStorage.Local.Root,
-			"share_folder": cfg.Reva.UserStorage.Local.ShareFolder,
-		},
-		"localhome": map[string]interface{}{
-			"root":         cfg.Reva.UserStorage.Local.Root,
-			"share_folder": cfg.Reva.UserStorage.Local.ShareFolder,
-			"user_layout":  cfg.Reva.UserStorage.Local.UserLayout,
-		},
-		"owncloudsql": map[string]interface{}{
-			"datadirectory":   cfg.Reva.UserStorage.OwnCloudSQL.Root,
-			"upload_info_dir": cfg.Reva.UserStorage.OwnCloudSQL.UploadInfoDir,
-			"share_folder":    cfg.Reva.UserStorage.OwnCloudSQL.ShareFolder,
-			"user_layout":     cfg.Reva.UserStorage.OwnCloudSQL.UserLayout,
-			"enable_home":     false,
-			"dbusername":      cfg.Reva.UserStorage.OwnCloudSQL.DBUsername,
-			"dbpassword":      cfg.Reva.UserStorage.OwnCloudSQL.DBPassword,
-			"dbhost":          cfg.Reva.UserStorage.OwnCloudSQL.DBHost,
-			"dbport":          cfg.Reva.UserStorage.OwnCloudSQL.DBPort,
-			"dbname":          cfg.Reva.UserStorage.OwnCloudSQL.DBName,
-			"userprovidersvc": cfg.Reva.Users.Endpoint,
-		},
-		"ocis": map[string]interface{}{
-			"root":                        cfg.Reva.UserStorage.OCIS.Root,
-			"user_layout":                 cfg.Reva.UserStorage.OCIS.UserLayout,
-			"share_folder":                cfg.Reva.UserStorage.OCIS.ShareFolder,
-			"personalspacealias_template": cfg.Reva.UserStorage.OCIS.PersonalSpaceAliasTemplate,
-			"generalspacealias_template":  cfg.Reva.UserStorage.OCIS.GeneralSpaceAliasTemplate,
-			"treetime_accounting":         true,
-			"treesize_accounting":         true,
-			"permissionssvc":              cfg.Reva.Permissions.Endpoint,
-		},
-		"s3": map[string]interface{}{
-			"enable_home": false,
-			"region":      cfg.Reva.UserStorage.S3.Region,
-			"access_key":  cfg.Reva.UserStorage.S3.AccessKey,
-			"secret_key":  cfg.Reva.UserStorage.S3.SecretKey,
-			"endpoint":    cfg.Reva.UserStorage.S3.Endpoint,
-			"bucket":      cfg.Reva.UserStorage.S3.Bucket,
-			"prefix":      cfg.Reva.UserStorage.S3.Root,
-		},
-		"s3ng": map[string]interface{}{
-			"root":                        cfg.Reva.UserStorage.S3NG.Root,
-			"user_layout":                 cfg.Reva.UserStorage.S3NG.UserLayout,
-			"share_folder":                cfg.Reva.UserStorage.S3NG.ShareFolder,
-			"personalspacealias_template": cfg.Reva.UserStorage.S3NG.PersonalSpaceAliasTemplate,
-			"generalspacealias_template":  cfg.Reva.UserStorage.S3NG.GeneralSpaceAliasTemplate,
-			"treetime_accounting":         true,
-			"treesize_accounting":         true,
-			"permissionssvc":              cfg.Reva.Permissions.Endpoint,
-			"s3.region":                   cfg.Reva.UserStorage.S3NG.Region,
-			"s3.access_key":               cfg.Reva.UserStorage.S3NG.AccessKey,
-			"s3.secret_key":               cfg.Reva.UserStorage.S3NG.SecretKey,
-			"s3.endpoint":                 cfg.Reva.UserStorage.S3NG.Endpoint,
-			"s3.bucket":                   cfg.Reva.UserStorage.S3NG.Bucket,
-		},
-	}
-}
--- a/extensions/storage/pkg/command/users.go
+++ b/extensions/storage/pkg/command/users.go
@@ -1,197 +0,0 @@
-package command
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path"
-	"path/filepath"
-
-	"github.com/cs3org/reva/v2/cmd/revad/runtime"
-	"github.com/gofrs/uuid"
-	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
-	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/sync"
-	"github.com/thejerf/suture/v4"
-	"github.com/urfave/cli/v2"
-)
-
-// Users is the entrypoint for the users command.
-func Users(cfg *config.Config) *cli.Command {
-	return &cli.Command{
-		Name:  "users",
-		Usage: "start users service",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-users")
-		},
-		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-
-			tracing.Configure(cfg, logger)
-
-			gr := run.Group{}
-			ctx, cancel := context.WithCancel(context.Background())
-
-			defer cancel()
-
-			// precreate folders
-			if cfg.Reva.Users.Driver == "json" && cfg.Reva.Users.JSON != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.Users.JSON), os.FileMode(0700)); err != nil {
-					return err
-				}
-			}
-
-			uuid := uuid.Must(uuid.NewV4())
-			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
-
-			rcfg := usersConfigFromStruct(c, cfg)
-
-			logger.Debug().
-				Str("server", "users").
-				Interface("reva-config", rcfg).
-				Msg("config")
-
-			if cfg.Reva.Users.Driver == "ldap" {
-				if err := waitForLDAPCA(logger, &cfg.Reva.LDAP); err != nil {
-					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
-					return err
-				}
-			}
-
-			gr.Add(func() error {
-				runtime.RunWithOptions(
-					rcfg,
-					pidFile,
-					runtime.WithLogger(&logger.Logger),
-				)
-				return nil
-			}, func(_ error) {
-				logger.Info().
-					Str("server", c.Command.Name).
-					Msg("Shutting down server")
-
-				cancel()
-			})
-
-			debugServer, err := debug.Server(
-				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.Users.DebugAddr),
-				debug.Logger(logger),
-				debug.Context(ctx),
-				debug.Config(cfg),
-			)
-
-			if err != nil {
-				logger.Info().Err(err).Str("server", c.Command.Name+"-debug").Msg("Failed to initialize server")
-				return err
-			}
-
-			gr.Add(debugServer.ListenAndServe, func(_ error) {
-				cancel()
-			})
-
-			if !cfg.Reva.Users.Supervised {
-				sync.Trap(&gr, cancel)
-			}
-
-			return gr.Run()
-		},
-	}
-}
-
-// usersConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
-func usersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
-	rcfg := map[string]interface{}{
-		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.Users.MaxCPUs,
-			"tracing_enabled":      cfg.Tracing.Enabled,
-			"tracing_endpoint":     cfg.Tracing.Endpoint,
-			"tracing_collector":    cfg.Tracing.Collector,
-			"tracing_service_name": c.Command.Name,
-		},
-		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
-		},
-		"grpc": map[string]interface{}{
-			"network": cfg.Reva.Users.GRPCNetwork,
-			"address": cfg.Reva.Users.GRPCAddr,
-			// TODO build services dynamically
-			"services": map[string]interface{}{
-				"userprovider": map[string]interface{}{
-					"driver": cfg.Reva.Users.Driver,
-					"drivers": map[string]interface{}{
-						"json": map[string]interface{}{
-							"users": cfg.Reva.Users.JSON,
-						},
-						"ldap": ldapConfigFromString(cfg),
-						"rest": map[string]interface{}{
-							"client_id":                    cfg.Reva.UserGroupRest.ClientID,
-							"client_secret":                cfg.Reva.UserGroupRest.ClientSecret,
-							"redis_address":                cfg.Reva.UserGroupRest.RedisAddress,
-							"redis_username":               cfg.Reva.UserGroupRest.RedisUsername,
-							"redis_password":               cfg.Reva.UserGroupRest.RedisPassword,
-							"user_groups_cache_expiration": cfg.Reva.Users.UserGroupsCacheExpiration,
-							"id_provider":                  cfg.Reva.UserGroupRest.IDProvider,
-							"api_base_url":                 cfg.Reva.UserGroupRest.APIBaseURL,
-							"oidc_token_endpoint":          cfg.Reva.UserGroupRest.OIDCTokenEndpoint,
-							"target_api":                   cfg.Reva.UserGroupRest.TargetAPI,
-						},
-						"owncloudsql": map[string]interface{}{
-							"dbusername":           cfg.Reva.UserOwnCloudSQL.DBUsername,
-							"dbpassword":           cfg.Reva.UserOwnCloudSQL.DBPassword,
-							"dbhost":               cfg.Reva.UserOwnCloudSQL.DBHost,
-							"dbport":               cfg.Reva.UserOwnCloudSQL.DBPort,
-							"dbname":               cfg.Reva.UserOwnCloudSQL.DBName,
-							"idp":                  cfg.Reva.UserOwnCloudSQL.Idp,
-							"nobody":               cfg.Reva.UserOwnCloudSQL.Nobody,
-							"join_username":        cfg.Reva.UserOwnCloudSQL.JoinUsername,
-							"join_ownclouduuid":    cfg.Reva.UserOwnCloudSQL.JoinOwnCloudUUID,
-							"enable_medial_search": cfg.Reva.UserOwnCloudSQL.EnableMedialSearch,
-						},
-					},
-				},
-			},
-		},
-	}
-	return rcfg
-}
-
-// UserProviderSutureService allows for the storage-userprovider command to be embedded and supervised by a suture supervisor tree.
-type UserProviderSutureService struct {
-	cfg *config.Config
-}
-
-// NewUserProviderSutureService creates a new storage.UserProvider
-func NewUserProvider(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
-	return UserProviderSutureService{
-		cfg: cfg.Storage,
-	}
-}
-
-func (s UserProviderSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.Users.Context = ctx
-	f := &flag.FlagSet{}
-	cmdFlags := Users(s.cfg).Flags
-	for k := range cmdFlags {
-		if err := cmdFlags[k].Apply(f); err != nil {
-			return err
-		}
-	}
-	cliCtx := cli.NewContext(nil, f, nil)
-	if Users(s.cfg).Before != nil {
-		if err := Users(s.cfg).Before(cliCtx); err != nil {
-			return err
-		}
-	}
-	if err := Users(s.cfg).Action(cliCtx); err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/extensions/storage/pkg/server/debug/option.go
+++ b/extensions/storage/pkg/server/debug/option.go
@@ -17,6 +17,9 @@ type Options struct {
 	Logger  log.Logger
 	Context context.Context
 	Config  *config.Config
+	Pprof   bool
+	Zpages  bool
+	Token   string
 }

 // newOptions initializes the available default options.
@@ -64,3 +67,24 @@ func Config(val *config.Config) Option {
 		o.Config = val
 	}
 }
+
+// Pprof provides a function to set the pprof option.
+func Pprof(val bool) Option {
+	return func(o *Options) {
+		o.Pprof = val
+	}
+}
+
+// Zpages provides a function to set the zpages option.
+func Zpages(val bool) Option {
+	return func(o *Options) {
+		o.Zpages = val
+	}
+}
+
+// Token provides a function to set the token option.
+func Token(val string) Option {
+	return func(o *Options) {
+		o.Token = val
+	}
+}
--- a/extensions/storage/pkg/server/debug/server.go
+++ b/extensions/storage/pkg/server/debug/server.go
@@ -18,9 +18,9 @@ func Server(opts ...Option) (*http.Server, error) {
 		debug.Name(options.Name),
 		debug.Version(version.String),
 		debug.Address(options.Addr),
-		debug.Token(options.Config.Debug.Token),
-		debug.Pprof(options.Config.Debug.Pprof),
-		debug.Zpages(options.Config.Debug.Zpages),
+		debug.Token(options.Token),
+		debug.Pprof(options.Pprof),
+		debug.Zpages(options.Zpages),
 		debug.Health(health(options.Config)),
 		debug.Ready(ready(options.Config)),
 	), nil
--- a/extensions/storage/pkg/tracing/tracing.go
+++ b/extensions/storage/pkg/tracing/tracing.go
@@ -9,25 +9,25 @@ import (
 // to Reva services.
 func Configure(cfg *config.Config, logger log.Logger) {
 	if cfg.Tracing.Enabled {
-		switch t := cfg.Tracing.Type; t {
+		switch cfg.Tracing.Type {
 		case "agent":
 			logger.Error().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Reva only supports the jaeger tracing backend")

 		case "jaeger":
 			logger.Info().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("configuring storage to use the jaeger tracing backend")

 		case "zipkin":
 			logger.Error().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Reva only supports the jaeger tracing backend")

 		default:
 			logger.Warn().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Unknown tracing backend")
 		}

--- a/extensions/user/pkg/command/command.go
+++ b/extensions/user/pkg/command/command.go
@@ -0,0 +1,234 @@
+package command
+
+import (
+	"context"
+	"flag"
+	"os"
+	"path"
+	"path/filepath"
+
+	"github.com/cs3org/reva/v2/cmd/revad/runtime"
+	"github.com/gofrs/uuid"
+	"github.com/oklog/run"
+	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
+	"github.com/owncloud/ocis/extensions/user/pkg/config"
+	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/ldap"
+	"github.com/owncloud/ocis/ocis-pkg/log"
+	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// User is the entrypoint for the user command.
+func User(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:  "users",
+		Usage: "start users service",
+		Action: func(c *cli.Context) error {
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
+			gr := run.Group{}
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			// precreate folders
+			if cfg.Driver == "json" && cfg.Drivers.JSON.File != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.Drivers.JSON.File), os.FileMode(0700)); err != nil {
+					return err
+				}
+			}
+
+			uuid := uuid.Must(uuid.NewV4())
+			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
+
+			rcfg := usersConfigFromStruct(c, cfg)
+
+			logger.Debug().
+				Str("server", "users").
+				Interface("reva-config", rcfg).
+				Msg("config")
+
+			if cfg.Driver == "ldap" {
+				if err := ldap.WaitForCA(logger, cfg.Drivers.LDAP.Insecure, cfg.Drivers.LDAP.CACert); err != nil {
+					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
+					return err
+				}
+			}
+
+			gr.Add(func() error {
+				runtime.RunWithOptions(
+					rcfg,
+					pidFile,
+					runtime.WithLogger(&logger.Logger),
+				)
+				return nil
+			}, func(_ error) {
+				logger.Info().
+					Str("server", c.Command.Name).
+					Msg("Shutting down server")
+
+				cancel()
+			})
+
+			debugServer, err := debug.Server(
+				debug.Name(c.Command.Name+"-debug"),
+				debug.Addr(cfg.Debug.Addr),
+				debug.Logger(logger),
+				debug.Context(ctx),
+				debug.Pprof(cfg.Debug.Pprof),
+				debug.Zpages(cfg.Debug.Zpages),
+				debug.Token(cfg.Debug.Token),
+			)
+
+			if err != nil {
+				logger.Info().Err(err).Str("server", c.Command.Name+"-debug").Msg("Failed to initialize server")
+				return err
+			}
+
+			gr.Add(debugServer.ListenAndServe, func(_ error) {
+				cancel()
+			})
+
+			if !cfg.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// usersConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
+func usersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
+	rcfg := map[string]interface{}{
+		"core": map[string]interface{}{
+			"tracing_enabled":      cfg.Tracing.Enabled,
+			"tracing_endpoint":     cfg.Tracing.Endpoint,
+			"tracing_collector":    cfg.Tracing.Collector,
+			"tracing_service_name": c.Command.Name,
+		},
+		"shared": map[string]interface{}{
+			"jwt_secret":                cfg.JWTSecret,
+			"gatewaysvc":                cfg.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
+		},
+		"grpc": map[string]interface{}{
+			"network": cfg.GRPC.Protocol,
+			"address": cfg.GRPC.Addr,
+			// TODO build services dynamically
+			"services": map[string]interface{}{
+				"userprovider": map[string]interface{}{
+					"driver": cfg.Driver,
+					"drivers": map[string]interface{}{
+						"json": map[string]interface{}{
+							"users": cfg.Drivers.JSON.File,
+						},
+						"ldap": ldapConfigFromString(cfg.Drivers.LDAP),
+						"rest": map[string]interface{}{
+							"client_id":                    cfg.Drivers.REST.ClientID,
+							"client_secret":                cfg.Drivers.REST.ClientSecret,
+							"redis_address":                cfg.Drivers.REST.RedisAddr,
+							"redis_username":               cfg.Drivers.REST.RedisUsername,
+							"redis_password":               cfg.Drivers.REST.RedisPassword,
+							"user_groups_cache_expiration": cfg.UsersCacheExpiration,
+							"id_provider":                  cfg.Drivers.REST.IDProvider,
+							"api_base_url":                 cfg.Drivers.REST.APIBaseURL,
+							"oidc_token_endpoint":          cfg.Drivers.REST.OIDCTokenEndpoint,
+							"target_api":                   cfg.Drivers.REST.TargetAPI,
+						},
+						"owncloudsql": map[string]interface{}{
+							"dbusername":           cfg.Drivers.OwnCloudSQL.DBUsername,
+							"dbpassword":           cfg.Drivers.OwnCloudSQL.DBPassword,
+							"dbhost":               cfg.Drivers.OwnCloudSQL.DBHost,
+							"dbport":               cfg.Drivers.OwnCloudSQL.DBPort,
+							"dbname":               cfg.Drivers.OwnCloudSQL.DBName,
+							"idp":                  cfg.Drivers.OwnCloudSQL.IDP,
+							"nobody":               cfg.Drivers.OwnCloudSQL.Nobody,
+							"join_username":        cfg.Drivers.OwnCloudSQL.JoinUsername,
+							"join_ownclouduuid":    cfg.Drivers.OwnCloudSQL.JoinOwnCloudUUID,
+							"enable_medial_search": cfg.Drivers.OwnCloudSQL.EnableMedialSearch,
+						},
+					},
+				},
+			},
+		},
+	}
+	return rcfg
+}
+
+// UserProviderSutureService allows for the storage-userprovider command to be embedded and supervised by a suture supervisor tree.
+type UserProviderSutureService struct {
+	cfg *config.Config
+}
+
+// NewUserProviderSutureService creates a new storage.UserProvider
+func NewUserProvider(cfg *ociscfg.Config) suture.Service {
+	cfg.User.Commons = cfg.Commons
+	return UserProviderSutureService{
+		cfg: cfg.User,
+	}
+}
+
+func (s UserProviderSutureService) Serve(ctx context.Context) error {
+	// s.cfg.Reva.Users.Context = ctx
+	cmd := User(s.cfg)
+	f := &flag.FlagSet{}
+	cmdFlags := cmd.Flags
+	for k := range cmdFlags {
+		if err := cmdFlags[k].Apply(f); err != nil {
+			return err
+		}
+	}
+	cliCtx := cli.NewContext(nil, f, nil)
+	if cmd.Before != nil {
+		if err := cmd.Before(cliCtx); err != nil {
+			return err
+		}
+	}
+	if err := cmd.Action(cliCtx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func ldapConfigFromString(cfg config.LDAPDriver) map[string]interface{} {
+	return map[string]interface{}{
+		"uri":               cfg.URI,
+		"cacert":            cfg.CACert,
+		"insecure":          cfg.Insecure,
+		"bind_username":     cfg.BindDN,
+		"bind_password":     cfg.BindPassword,
+		"user_base_dn":      cfg.UserBaseDN,
+		"group_base_dn":     cfg.GroupBaseDN,
+		"user_filter":       cfg.UserFilter,
+		"group_filter":      cfg.GroupFilter,
+		"user_objectclass":  cfg.UserObjectClass,
+		"group_objectclass": cfg.GroupObjectClass,
+		"login_attributes":  cfg.LoginAttributes,
+		"idp":               cfg.IDP,
+		"user_schema": map[string]interface{}{
+			"id":              cfg.UserSchema.ID,
+			"idIsOctetString": cfg.UserSchema.IDIsOctetString,
+			"mail":            cfg.UserSchema.Mail,
+			"displayName":     cfg.UserSchema.DisplayName,
+			"userName":        cfg.UserSchema.Username,
+		},
+		"group_schema": map[string]interface{}{
+			"id":              cfg.GroupSchema.ID,
+			"idIsOctetString": cfg.GroupSchema.IDIsOctetString,
+			"mail":            cfg.GroupSchema.Mail,
+			"displayName":     cfg.GroupSchema.DisplayName,
+			"groupName":       cfg.GroupSchema.Groupname,
+			"member":          cfg.GroupSchema.Member,
+		},
+	}
+}
--- a/extensions/user/pkg/config/config.go
+++ b/extensions/user/pkg/config/config.go
@@ -0,0 +1,121 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Service         Service  `yaml:"-"`
+	Tracing         *Tracing `yaml:"tracing"`
+	Logging         *Logging `yaml:"log"`
+	Debug           Debug    `yaml:"debug"`
+	Supervised      bool
+
+	GRPC GRPCConfig `yaml:"grpc"`
+
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	UsersCacheExpiration  int
+	Driver                string
+	Drivers               Drivers
+}
+type Tracing struct {
+	Enabled   bool   `yaml:"enabled" env:"OCIS_TRACING_ENABLED;USERS_TRACING_ENABLED" desc:"Activates tracing."`
+	Type      string `yaml:"type" env:"OCIS_TRACING_TYPE;USERS_TRACING_TYPE"`
+	Endpoint  string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;USERS_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
+	Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;USERS_TRACING_COLLECTOR"`
+}
+
+type Logging struct {
+	Level  string `yaml:"level" env:"OCIS_LOG_LEVEL;USERS_LOG_LEVEL" desc:"The log level."`
+	Pretty bool   `yaml:"pretty" env:"OCIS_LOG_PRETTY;USERS_LOG_PRETTY" desc:"Activates pretty log output."`
+	Color  bool   `yaml:"color" env:"OCIS_LOG_COLOR;USERS_LOG_COLOR" desc:"Activates colorized log output."`
+	File   string `yaml:"file" env:"OCIS_LOG_FILE;USERS_LOG_FILE" desc:"The target log file."`
+}
+
+type Service struct {
+	Name string `yaml:"-"`
+}
+
+type Debug struct {
+	Addr   string `yaml:"addr" env:"USERS_DEBUG_ADDR"`
+	Token  string `yaml:"token" env:"USERS_DEBUG_TOKEN"`
+	Pprof  bool   `yaml:"pprof" env:"USERS_DEBUG_PPROF"`
+	Zpages bool   `yaml:"zpages" env:"USERS_DEBUG_ZPAGES"`
+}
+
+type GRPCConfig struct {
+	Addr     string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The address of the grpc service."`
+	Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
+}
+
+type Drivers struct {
+	JSON        JSONDriver
+	LDAP        LDAPDriver
+	OwnCloudSQL OwnCloudSQLDriver
+	REST        RESTProvider
+}
+
+type JSONDriver struct {
+	File string
+}
+type LDAPDriver struct {
+	URI              string   `env:"LDAP_URI;USERS_LDAP_URI"`
+	CACert           string   `env:"LDAP_CACERT;USERS_LDAP_CACERT"`
+	Insecure         bool     `env:"LDAP_INSECURE;USERS_LDAP_INSECURE"`
+	BindDN           string   `env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN"`
+	BindPassword     string   `env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD"`
+	UserBaseDN       string   `env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN"`
+	GroupBaseDN      string   `env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN"`
+	UserFilter       string   `env:"LDAP_USERFILTER;USERS_LDAP_USERFILTER"`
+	GroupFilter      string   `env:"LDAP_GROUPFILTER;USERS_LDAP_USERFILTER"`
+	UserObjectClass  string   `env:"LDAP_USER_OBJECTCLASS;USERS_LDAP_USER_OBJECTCLASS"`
+	GroupObjectClass string   `env:"LDAP_GROUP_OBJECTCLASS;USERS_LDAP_GROUP_OBJECTCLASS"`
+	LoginAttributes  []string `env:"LDAP_LOGIN_ATTRIBUTES;USERS_LDAP_LOGIN_ATTRIBUTES"`
+	IDP              string   `env:"OCIS_URL;USERS_IDP_URL"` // TODO what is this for?
+	GatewayEndpoint  string   // TODO do we need this here?
+	UserSchema       LDAPUserSchema
+	GroupSchema      LDAPGroupSchema
+}
+
+type LDAPUserSchema struct {
+	ID              string `env:"LDAP_USER_SCHEMA_ID;USERS_LDAP_USER_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_USER_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_USER_SCHEMA_MAIL;USERS_LDAP_USER_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_USER_SCHEMA_DISPLAYNAME;USERS_LDAP_USER_SCHEMA_DISPLAYNAME"`
+	Username        string `env:"LDAP_USER_SCHEMA_USERNAME;USERS_LDAP_USER_SCHEMA_USERNAME"`
+}
+
+type LDAPGroupSchema struct {
+	ID              string `env:"LDAP_GROUP_SCHEMA_ID;USERS_LDAP_GROUP_SCHEMA_ID"`
+	IDIsOctetString bool   `env:"LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING;USERS_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING"`
+	Mail            string `env:"LDAP_GROUP_SCHEMA_MAIL;USERS_LDAP_GROUP_SCHEMA_MAIL"`
+	DisplayName     string `env:"LDAP_GROUP_SCHEMA_DISPLAYNAME;USERS_LDAP_GROUP_SCHEMA_DISPLAYNAME"`
+	Groupname       string `env:"LDAP_GROUP_SCHEMA_GROUPNAME;USERS_LDAP_GROUP_SCHEMA_GROUPNAME"`
+	Member          string `env:"LDAP_GROUP_SCHEMA_MEMBER;USERS_LDAP_GROUP_SCHEMA_MEMBER"`
+}
+
+type OwnCloudSQLDriver struct {
+	DBUsername         string
+	DBPassword         string
+	DBHost             string
+	DBPort             int
+	DBName             string
+	IDP                string // TODO do we need this?
+	Nobody             int64  // TODO what is this?
+	JoinUsername       bool
+	JoinOwnCloudUUID   bool
+	EnableMedialSearch bool
+}
+
+type RESTProvider struct {
+	ClientID          string
+	ClientSecret      string
+	RedisAddr         string
+	RedisUsername     string
+	RedisPassword     string
+	IDProvider        string
+	APIBaseURL        string
+	OIDCTokenEndpoint string
+	TargetAPI         string
+}
--- a/extensions/user/pkg/config/defaults/defaultconfig.go
+++ b/extensions/user/pkg/config/defaults/defaultconfig.go
@@ -0,0 +1,113 @@
+package defaults
+
+import (
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/user/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Debug: config.Debug{
+			Addr:   "127.0.0.1:9145",
+			Token:  "",
+			Pprof:  false,
+			Zpages: false,
+		},
+		GRPC: config.GRPCConfig{
+			Addr:     "127.0.0.1:9144",
+			Protocol: "tcp",
+		},
+		Service: config.Service{
+			Name: "user",
+		},
+		UsersCacheExpiration: 5,
+		GatewayEndpoint:      "127.0.0.1:9142",
+		JWTSecret:            "Pive-Fumkiu4",
+		Driver:               "ldap",
+		Drivers: config.Drivers{
+			LDAP: config.LDAPDriver{
+				URI:              "ldaps://localhost:9126",
+				CACert:           filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
+				Insecure:         false,
+				UserBaseDN:       "dc=ocis,dc=test",
+				GroupBaseDN:      "dc=ocis,dc=test",
+				LoginAttributes:  []string{"cn", "mail"},
+				UserFilter:       "",
+				GroupFilter:      "",
+				UserObjectClass:  "posixAccount",
+				GroupObjectClass: "posixGroup",
+				BindDN:           "cn=reva,ou=sysusers,dc=ocis,dc=test",
+				BindPassword:     "reva",
+				IDP:              "https://localhost:9200",
+				UserSchema: config.LDAPUserSchema{
+					ID:          "ownclouduuid",
+					Mail:        "mail",
+					DisplayName: "displayname",
+					Username:    "cn",
+				},
+				GroupSchema: config.LDAPGroupSchema{
+					ID:          "cn",
+					Mail:        "mail",
+					DisplayName: "cn",
+					Groupname:   "cn",
+					Member:      "cn",
+				},
+			},
+			JSON: config.JSONDriver{},
+			OwnCloudSQL: config.OwnCloudSQLDriver{
+				DBUsername:         "owncloud",
+				DBPassword:         "secret",
+				DBHost:             "mysql",
+				DBPort:             3306,
+				DBName:             "owncloud",
+				IDP:                "https://localhost:9200",
+				Nobody:             90,
+				JoinUsername:       false,
+				JoinOwnCloudUUID:   false,
+				EnableMedialSearch: false,
+			},
+			REST: config.RESTProvider{
+				RedisAddr: "localhost:6379",
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.Logging{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.Logging{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.Tracing{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.Tracing{}
+	}
+}
+
+func Sanitize(cfg *config.Config) {
+	// nothing to sanitize here atm
+}
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/blevesearch/bleve/v2 v2.3.2
 	github.com/coreos/go-oidc/v3 v3.1.0
 	github.com/cs3org/go-cs3apis v0.0.0-20220412090512-93c5918b4bde
-	github.com/cs3org/reva/v2 v2.0.0-20220419100641-50aa8636af59
+	github.com/cs3org/reva/v2 v2.0.0-20220425084830-0b734be7c6c7
 	github.com/disintegration/imaging v1.6.2
 	github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
 	github.com/go-chi/chi/v5 v5.0.7
@@ -63,7 +63,7 @@ require (
 	github.com/stretchr/testify v1.7.1
 	github.com/test-go/testify v1.1.4
 	github.com/thejerf/suture/v4 v4.0.2
-	github.com/urfave/cli/v2 v2.4.4
+	github.com/urfave/cli/v2 v2.5.0
 	go-micro.dev/v4 v4.6.0
 	go.opencensus.io v0.23.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.31.0
@@ -76,7 +76,7 @@ require (
 	golang.org/x/net v0.0.0-20220225172249-27dd8689420f
 	golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
 	google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb
-	google.golang.org/grpc v1.45.0
+	google.golang.org/grpc v1.46.0
 	google.golang.org/protobuf v1.28.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
@@ -85,7 +85,7 @@ require (
 )

 require (
-	contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect
+	contrib.go.opencensus.io/exporter/prometheus v0.4.1 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e // indirect
 	github.com/BurntSushi/toml v1.1.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
@@ -100,7 +100,7 @@ require (
 	github.com/armon/go-metrics v0.3.10 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
-	github.com/aws/aws-sdk-go v1.42.39 // indirect
+	github.com/aws/aws-sdk-go v1.43.28 // indirect
 	github.com/beevik/etree v1.1.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bitly/go-simplejson v0.5.0 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
-	github.com/ceph/go-ceph v0.13.0 // indirect
+	github.com/ceph/go-ceph v0.15.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
@@ -131,6 +131,7 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
 	github.com/crewjam/saml v0.4.6 // indirect
+	github.com/cs3org/reva v1.18.0 // indirect
 	github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deckarep/golang-set v1.8.0 // indirect
@@ -145,6 +146,7 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.0 // indirect
 	github.com/gdexlab/go-render v1.0.1 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
+	github.com/go-chi/chi v4.0.2+incompatible // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
 	github.com/go-git/go-git/v5 v5.4.2 // indirect
@@ -167,7 +169,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
 	github.com/hashicorp/consul/api v1.11.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.1.0 // indirect
+	github.com/hashicorp/go-hclog v1.2.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-msgpack v1.1.5 // indirect
 	github.com/hashicorp/go-plugin v1.4.3 // indirect
@@ -199,7 +201,7 @@ require (
 	github.com/mileusna/useragent v1.0.2 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/minio-go/v7 v7.0.21 // indirect
+	github.com/minio/minio-go/v7 v7.0.24 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -217,11 +219,11 @@ require (
 	github.com/orcaman/concurrent-map v1.0.0 // indirect
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pkg/xattr v0.4.4 // indirect
+	github.com/pkg/xattr v0.4.5 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/pquerna/otp v1.3.0 // indirect
-	github.com/prometheus/alertmanager v0.23.0 // indirect
+	github.com/prometheus/alertmanager v0.24.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
@@ -259,7 +261,7 @@ require (
 	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
-	golang.org/x/tools v0.1.8 // indirect
+	golang.org/x/tools v0.1.9 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,9 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.18.2/go.mod h1:AiIj7BWXyhO5gGVmYJ+S8tbkCx3yb0IMjua8Aw4naVM=
 contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
-contrib.go.opencensus.io/exporter/prometheus v0.4.0 h1:0QfIkj9z/iVZgK31D9H9ohjjIDApI2GOPScCKwxedbs=
 contrib.go.opencensus.io/exporter/prometheus v0.4.0/go.mod h1:o7cosnyfuPVK0tB8q0QmaQNhGnptITnPQB+z1+qeFB0=
+contrib.go.opencensus.io/exporter/prometheus v0.4.1 h1:oObVeKo2NxpdF/fIfrPsNj6K0Prg0R0mHM+uANlYMiM=
+contrib.go.opencensus.io/exporter/prometheus v0.4.1/go.mod h1:t9wvfitlUjGXG2IXAZsuFq26mDGid/JwCEXp+gTG/9U=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k=
 github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
@@ -131,6 +132,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 h1:loy0fjI90vF44BPW4ZYOkE3tDkGTy7yHURusOJimt+I=
 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387/go.mod h1:GuR5j/NW7AU7tDAQUDGCtpiPxWIOy/c3kiRDnlwiCHc=
 github.com/aliyun/alibaba-cloud-sdk-go v1.61.976/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
@@ -169,8 +171,10 @@ github.com/aws/aws-sdk-go v1.37.27/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2z
 github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.40.11/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
-github.com/aws/aws-sdk-go v1.42.39 h1:6Lso73VoCI8Zmv3zAMv4BNg2gHAKNOlbLv1s/ew90SI=
 github.com/aws/aws-sdk-go v1.42.39/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
+github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.43.28 h1:HrBUf2pYEMRB3GDkSa/bZ2lkZIe8gSUOz/IEupG1Te0=
+github.com/aws/aws-sdk-go v1.43.28/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -236,10 +240,12 @@ github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEe
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/ceph/go-ceph v0.13.0 h1:69dgIPlNHD2OCz98T0benI4++vcnShGcpQK4RIALjw4=
 github.com/ceph/go-ceph v0.13.0/go.mod h1:mafFpf5Vg8Ai8Bd+FAMvKBHLmtdpTXdRP/TNq8XWegY=
+github.com/ceph/go-ceph v0.15.0 h1:ILB3NaLWOtt4u/2d8I8HZTC4Ycm1PsOYVar3IFU1xlo=
+github.com/ceph/go-ceph v0.15.0/go.mod h1:mafFpf5Vg8Ai8Bd+FAMvKBHLmtdpTXdRP/TNq8XWegY=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -262,6 +268,7 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
@@ -306,10 +313,13 @@ github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3p
 github.com/crewjam/saml v0.4.6 h1:XCUFPkQSJLvzyl4cW9OvpWUbRf0gE7VUpU8ZnilbeM4=
 github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD96t1A=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
+github.com/cs3org/go-cs3apis v0.0.0-20211214102128-4e8745ab1654/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
 github.com/cs3org/go-cs3apis v0.0.0-20220412090512-93c5918b4bde h1:WrD9O8ZaWvsm0eBzpzVBIuczDhqVq50Nmjc7PGHHA9Y=
 github.com/cs3org/go-cs3apis v0.0.0-20220412090512-93c5918b4bde/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva/v2 v2.0.0-20220419100641-50aa8636af59 h1:C5Juls8XwmRlbXCjvl8kmEm92WWvpO3IfU+9wcUamj4=
-github.com/cs3org/reva/v2 v2.0.0-20220419100641-50aa8636af59/go.mod h1:84P9kGUlctSpUA0KuXCCOMQfxQtWQbvhEouiOIGnXKs=
+github.com/cs3org/reva v1.18.0 h1:MbPS5ZAa8RzKcTxAVeSDdISB3XXqLIxqB03BTN5ReBY=
+github.com/cs3org/reva v1.18.0/go.mod h1:e5VDUDu4vVWIeVkZcW//n6UZzhGGMa+Tz/whCiX3N6o=
+github.com/cs3org/reva/v2 v2.0.0-20220425084830-0b734be7c6c7 h1:BTRw/tCFhlDplE6M9bnvlXb4VVz5wNbDN7VWdT1g1Q8=
+github.com/cs3org/reva/v2 v2.0.0-20220425084830-0b734be7c6c7/go.mod h1:2e/4HcIy54Mic3V7Ow0bz4n5dkZU0dHIZSWomFe5vng=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
@@ -356,6 +366,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/eternnoir/gncp v0.0.0-20170707042257-c70df2d0cd68 h1:DHBMBKJK69xBWnD/jNkTN0sOT7nT7I5If9VMsk9Jj5Y=
 github.com/eternnoir/gncp v0.0.0-20170707042257-c70df2d0cd68/go.mod h1:8FuQ7lU9ZvIJGvc04F/qblkjqIfBahAoEFV+XPxByGw=
@@ -364,6 +375,7 @@ github.com/eventials/go-tus v0.0.0-20200718001131-45c7ec8f5d59/go.mod h1:XYuK1S5
 github.com/exoscale/egoscale v0.46.0/go.mod h1:mpEXBpROAa/2i5GC0r33rfxG+TxSEka11g1PIXt9+zc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
@@ -483,6 +495,7 @@ github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2
 github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ=
 github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk=
 github.com/go-openapi/analysis v0.20.0/go.mod h1:BMchjvaHDykmRMsK40iPtvyOfFdMMxlOmQr9FBZk+Og=
+github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
 github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
 github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
 github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
@@ -493,6 +506,7 @@ github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.0/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
+github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
 github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
@@ -503,6 +517,7 @@ github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3Hfo
 github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
+github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
 github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
 github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
@@ -513,6 +528,7 @@ github.com/go-openapi/loads v0.19.6/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hs
 github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc=
 github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4=
 github.com/go-openapi/loads v0.20.2/go.mod h1:hTVUotJ+UonAMMZsvakEgmWKgtulweO9vYP2bQYKA/o=
+github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
 github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
 github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
 github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
@@ -520,6 +536,7 @@ github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2g
 github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98=
 github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk=
 github.com/go-openapi/runtime v0.19.29/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M=
+github.com/go-openapi/runtime v0.23.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
 github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
 github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
@@ -530,6 +547,7 @@ github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFu
 github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU=
 github.com/go-openapi/spec v0.20.1/go.mod h1:93x7oh+d+FQsmsieroS4cmR3u0p/ywH649a3qwC9OsQ=
 github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
+github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
 github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
 github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
 github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
@@ -541,6 +559,9 @@ github.com/go-openapi/strfmt v0.19.11/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLs
 github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc=
 github.com/go-openapi/strfmt v0.20.1/go.mod h1:43urheQI9dNtE5lTZQfuFJvjYJKPrxicATpEfZwHUNk=
 github.com/go-openapi/strfmt v0.20.2/go.mod h1:43urheQI9dNtE5lTZQfuFJvjYJKPrxicATpEfZwHUNk=
+github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
+github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
+github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
@@ -551,6 +572,7 @@ github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5H
 github.com/go-openapi/swag v0.19.13/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
 github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
 github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo=
@@ -559,15 +581,21 @@ github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0
 github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI=
 github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0=
 github.com/go-openapi/validate v0.20.2/go.mod h1:e7OJoKNgd0twXZwIn0A43tHbvIcr/rZIVCbJBpTUoY0=
+github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es=
 github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
@@ -599,6 +627,7 @@ github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY9
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
 github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.0.4/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
+github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
@@ -770,8 +799,9 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.1.0 h1:QsGcniKx5/LuX2eYoeL+Np3UKYPNaN7YKpTh29h8rbw=
 github.com/hashicorp/go-hclog v1.1.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -810,8 +840,9 @@ github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/memberlist v0.2.4/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
-github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA=
 github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
+github.com/hashicorp/memberlist v0.3.1 h1:MXgUXLqva1QvpVEDQW1IQLG0wivQAtmFlHRQ+1vWZfM=
+github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
 github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc=
@@ -883,6 +914,7 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.14.4 h1:eijASRJcobkVtSt81Olfh7JX43osYLwy5krOJo6YEu4=
 github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
@@ -915,6 +947,7 @@ github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c
 github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g=
 github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/libregraph/idm v0.3.1-0.20220315094434-e9a5cff3dd05 h1:/I4f6c7ZGw16oTBAyhCD9Tf+arBHGvmxL9Drs/KRkRc=
 github.com/libregraph/idm v0.3.1-0.20220315094434-e9a5cff3dd05/go.mod h1:YQ21AOfZPcCZWX1uJYULZ8hNdrmxStg6egvXaS+ZvOM=
@@ -937,6 +970,7 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
@@ -998,8 +1032,9 @@ github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLT
 github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.21 h1:xrc4BQr1Fa4s5RwY0xfMjPZFJ1bcYBCCHYlngBdWV+k=
 github.com/minio/minio-go/v7 v7.0.21/go.mod h1:ei5JjmxwHaMrgsMrn4U/+Nmg+d8MKS1U2DAn1ou4+Do=
+github.com/minio/minio-go/v7 v7.0.24 h1:HPlHiET6L5gIgrHRaw1xFo1OaN4bEP/082asWh3WJtI=
+github.com/minio/minio-go/v7 v7.0.24/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
 github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
 github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
@@ -1060,6 +1095,7 @@ github.com/nats-io/jwt/v2 v2.2.1-0.20220330180145-442af02fd36a h1:lem6QCvxR0Y28g
 github.com/nats-io/jwt/v2 v2.2.1-0.20220330180145-442af02fd36a/go.mod h1:0tqz9Hlu6bCBFLWAASKhE5vUA4c24L9KPUUgvwumE/k=
 github.com/nats-io/nats-server/v2 v2.1.9/go.mod h1:9qVyoewoYXzG1ME9ox0HwkkzyYvnlBDugfR4Gg/8uHU=
 github.com/nats-io/nats-server/v2 v2.7.4/go.mod h1:1vZ2Nijh8tcyNe8BDVyTviCd9NYzRbubQYiEHsvOQWc=
+github.com/nats-io/nats-server/v2 v2.8.0/go.mod h1:5vic7C58BFEVltiZhs7Kq81q2WcEPhJPsmNv1FOrdv0=
 github.com/nats-io/nats-server/v2 v2.8.1 h1:WZ9m/d8rklkWo6opo3X927vXnuaE00VEEl5zXcpL6qw=
 github.com/nats-io/nats-server/v2 v2.8.1/go.mod h1:vIdpKz3OG+DCg4q/xVPdXHoztEyKDWRtykQ4N7hd7C4=
 github.com/nats-io/nats.go v1.10.0/go.mod h1:AjGArbfyR50+afOUotNX2Xs5SYHf+CoOa5HH1eEl2HE=
@@ -1107,7 +1143,7 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
+github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
@@ -1155,8 +1191,9 @@ github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8
 github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
 github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
 github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/prometheus/alertmanager v0.23.0 h1:KIb9IChC3kg+1CC388qfr7bsT+tARpQqdsCMoatdObA=
 github.com/prometheus/alertmanager v0.23.0/go.mod h1:0MLTrjQI8EuVmvykEhcfr/7X0xmaDAZrqMgxIq3OXHk=
+github.com/prometheus/alertmanager v0.24.0 h1:HBWR3lk4uy3ys+naDZthDdV7yEsxpaNeZuUS+hJgrOw=
+github.com/prometheus/alertmanager v0.24.0/go.mod h1:r6fy/D7FRuZh5YbnX6J3MBY0eI4Pb5yPYS7/bPSXXqI=
 github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
@@ -1166,6 +1203,7 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -1191,6 +1229,7 @@ github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuI
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
 github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
+github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
 github.com/prometheus/procfs v0.0.0-20170703101242-e645f4e5aaa8/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
@@ -1319,6 +1358,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/studio-b12/gowebdav v0.0.0-20210917133250-a3a86976a1df/go.mod h1:gCcfDlA1Y7GqOaeEKw5l9dOGx1VLdc/HuQSlQAaZ30s=
 github.com/studio-b12/gowebdav v0.0.0-20211109083228-3f8721cd4b6f/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
@@ -1348,8 +1388,8 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
-github.com/urfave/cli/v2 v2.4.4 h1:IvwT3XfI6RytTmIzC35UAu9oyK+bHgUPXDDZNqribkI=
-github.com/urfave/cli/v2 v2.4.4/go.mod h1:oDzoM7pVwz6wHn5ogWgFUU1s4VJayeQS+aEZDqXIEJs=
+github.com/urfave/cli/v2 v2.5.0 h1:2sqblaW62ebcTIEvwb8eRvDfNHeBAeKxfhdynaanhug=
+github.com/urfave/cli/v2 v2.5.0/go.mod h1:oDzoM7pVwz6wHn5ogWgFUU1s4VJayeQS+aEZDqXIEJs=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
 github.com/valyala/fasttemplate v1.1.0/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
@@ -1420,6 +1460,9 @@ go.mongodb.org/mongo-driver v1.4.4/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4S
 go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc=
 go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw=
 go.mongodb.org/mongo-driver v1.7.2/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8=
+go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
+go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
+go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -1611,6 +1654,7 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -1749,6 +1793,7 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1771,12 +1816,14 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210916214954-140adaaadfaf/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1877,8 +1924,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.9 h1:j9KsMiaP1c3B0OTQGth0/k+miLGTgLsAFUCrF2vLcF8=
+golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2029,8 +2076,9 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M=
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e h1:m7aQHHqd0q89mRwhwS9Bx2rjyl/hsFAeta+uGrHsQaU=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU=
@@ -2080,6 +2128,7 @@ gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/telebot.v3 v3.0.0/go.mod h1:7rExV8/0mDDNu9epSrDm/8j22KLaActH1Tbee6YjzWg=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
--- a/ocis-pkg/config/config.go
+++ b/ocis-pkg/config/config.go
@@ -4,20 +4,33 @@ import (
 	"github.com/owncloud/ocis/ocis-pkg/shared"

 	accounts "github.com/owncloud/ocis/extensions/accounts/pkg/config"
+	appprovider "github.com/owncloud/ocis/extensions/appprovider/pkg/config"
 	audit "github.com/owncloud/ocis/extensions/audit/pkg/config"
+	authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
+	authbearer "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
+	authmachine "github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
+	frontend "github.com/owncloud/ocis/extensions/frontend/pkg/config"
+	gateway "github.com/owncloud/ocis/extensions/gateway/pkg/config"
 	glauth "github.com/owncloud/ocis/extensions/glauth/pkg/config"
 	graphExplorer "github.com/owncloud/ocis/extensions/graph-explorer/pkg/config"
 	graph "github.com/owncloud/ocis/extensions/graph/pkg/config"
+	group "github.com/owncloud/ocis/extensions/group/pkg/config"
 	idm "github.com/owncloud/ocis/extensions/idm/pkg/config"
 	idp "github.com/owncloud/ocis/extensions/idp/pkg/config"
 	nats "github.com/owncloud/ocis/extensions/nats/pkg/config"
 	notifications "github.com/owncloud/ocis/extensions/notifications/pkg/config"
+	ocdav "github.com/owncloud/ocis/extensions/ocdav/pkg/config"
 	ocs "github.com/owncloud/ocis/extensions/ocs/pkg/config"
 	proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config"
 	settings "github.com/owncloud/ocis/extensions/settings/pkg/config"
-	storage "github.com/owncloud/ocis/extensions/storage/pkg/config"
+	sharing "github.com/owncloud/ocis/extensions/sharing/pkg/config"
+	storagemetadata "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config"
+	storagepublic "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config"
+	storageshares "github.com/owncloud/ocis/extensions/storage-shares/pkg/config"
+	storageusers "github.com/owncloud/ocis/extensions/storage-users/pkg/config"
 	store "github.com/owncloud/ocis/extensions/store/pkg/config"
 	thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config"
+	user "github.com/owncloud/ocis/extensions/user/pkg/config"
 	web "github.com/owncloud/ocis/extensions/web/pkg/config"
 	webdav "github.com/owncloud/ocis/extensions/webdav/pkg/config"
 )
@@ -61,21 +74,34 @@ type Config struct {
 	TransferSecret    string               `yaml:"transfer_secret,omitempty"`
 	Runtime           Runtime              `yaml:"runtime,omitempty"`

-	Audit         *audit.Config         `yaml:"audit,omitempty"`
-	Accounts      *accounts.Config      `yaml:"accounts,omitempty"`
-	GLAuth        *glauth.Config        `yaml:"glauth,omitempty"`
-	Graph         *graph.Config         `yaml:"graph,omitempty"`
-	GraphExplorer *graphExplorer.Config `yaml:"graph_explorer,omitempty"`
-	IDP           *idp.Config           `yaml:"idp,omitempty"`
-	IDM           *idm.Config           `yaml:"idm,omitempty"`
-	Nats          *nats.Config          `yaml:"nats,omitempty"`
-	Notifications *notifications.Config `yaml:"notifications,omitempty"`
-	OCS           *ocs.Config           `yaml:"ocs,omitempty"`
-	Web           *web.Config           `yaml:"web,omitempty"`
-	Proxy         *proxy.Config         `yaml:"proxy,omitempty"`
-	Settings      *settings.Config      `yaml:"settings,omitempty"`
-	Storage       *storage.Config       `yaml:"storage,omitempty"`
-	Store         *store.Config         `yaml:"store,omitempty"`
-	Thumbnails    *thumbnails.Config    `yaml:"thumbnails,omitempty"`
-	WebDAV        *webdav.Config        `yaml:"webdav,omitempty"`
+	Audit             *audit.Config           `yaml:"audit,omitempty"`
+	Accounts          *accounts.Config        `yaml:"accounts,omitempty"`
+	GLAuth            *glauth.Config          `yaml:"glauth,omitempty"`
+	Graph             *graph.Config           `yaml:"graph,omitempty"`
+	GraphExplorer     *graphExplorer.Config   `yaml:"graph_explorer,omitempty"`
+	IDP               *idp.Config             `yaml:"idp,omitempty"`
+	IDM               *idm.Config             `yaml:"idm,omitempty"`
+	Nats              *nats.Config            `yaml:"nats,omitempty"`
+	Notifications     *notifications.Config   `yaml:"notifications,omitempty"`
+	OCS               *ocs.Config             `yaml:"ocs,omitempty"`
+	Web               *web.Config             `yaml:"web,omitempty"`
+	Proxy             *proxy.Config           `yaml:"proxy,omitempty"`
+	Settings          *settings.Config        `yaml:"settings,omitempty"`
+	Gateway           *gateway.Config         `yaml:"gateway,omitempty"`
+	Frontend          *frontend.Config        `yaml:"frontend,omitempty"`
+	AuthBasic         *authbasic.Config       `yaml:"auth_basic,omitempty"`
+	AuthBearer        *authbearer.Config      `yaml:"auth_bearer,omitempty"`
+	AuthMachine       *authmachine.Config     `yaml:"auth_machine,omitempty"`
+	User              *user.Config            `yaml:"user,omitempty"`
+	Group             *group.Config           `yaml:"group,omitempty"`
+	AppProvider       *appprovider.Config     `yaml:"app_provider,omitempty"`
+	Sharing           *sharing.Config         `yaml:"sharing,omitempty"`
+	StorageMetadata   *storagemetadata.Config `yaml:"storage_metadata,omitempty"`
+	StoragePublicLink *storagepublic.Config   `yaml:"storage_public,omitempty"`
+	StorageUsers      *storageusers.Config    `yaml:"storage_users,omitempty"`
+	StorageShares     *storageshares.Config   `yaml:"storage_shares,omitempty"`
+	OCDav             *ocdav.Config           `yaml:"ocdav,omitempty"`
+	Store             *store.Config           `yaml:"store,omitempty"`
+	Thumbnails        *thumbnails.Config      `yaml:"thumbnails,omitempty"`
+	WebDAV            *webdav.Config          `yaml:"webdav,omitempty"`
 }
--- a/ocis-pkg/config/defaultconfig.go
+++ b/ocis-pkg/config/defaultconfig.go
@@ -2,20 +2,33 @@ package config

 import (
 	accounts "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults"
+	appprovider "github.com/owncloud/ocis/extensions/appprovider/pkg/config/defaults"
 	audit "github.com/owncloud/ocis/extensions/audit/pkg/config/defaults"
+	authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/config/defaults"
+	authbearer "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config/defaults"
+	authmachine "github.com/owncloud/ocis/extensions/auth-machine/pkg/config/defaults"
+	frontend "github.com/owncloud/ocis/extensions/frontend/pkg/config/defaults"
+	gateway "github.com/owncloud/ocis/extensions/gateway/pkg/config/defaults"
 	glauth "github.com/owncloud/ocis/extensions/glauth/pkg/config/defaults"
 	graphExplorer "github.com/owncloud/ocis/extensions/graph-explorer/pkg/config/defaults"
 	graph "github.com/owncloud/ocis/extensions/graph/pkg/config/defaults"
+	group "github.com/owncloud/ocis/extensions/group/pkg/config/defaults"
 	idm "github.com/owncloud/ocis/extensions/idm/pkg/config/defaults"
 	idp "github.com/owncloud/ocis/extensions/idp/pkg/config/defaults"
 	nats "github.com/owncloud/ocis/extensions/nats/pkg/config/defaults"
 	notifications "github.com/owncloud/ocis/extensions/notifications/pkg/config/defaults"
+	ocdav "github.com/owncloud/ocis/extensions/ocdav/pkg/config/defaults"
 	ocs "github.com/owncloud/ocis/extensions/ocs/pkg/config/defaults"
 	proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config/defaults"
 	settings "github.com/owncloud/ocis/extensions/settings/pkg/config/defaults"
-	storage "github.com/owncloud/ocis/extensions/storage/pkg/config/defaults"
+	sharing "github.com/owncloud/ocis/extensions/sharing/pkg/config/defaults"
+	storagemetadata "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/defaults"
+	storagepublic "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config/defaults"
+	storageshares "github.com/owncloud/ocis/extensions/storage-shares/pkg/config/defaults"
+	storageusers "github.com/owncloud/ocis/extensions/storage-users/pkg/config/defaults"
 	store "github.com/owncloud/ocis/extensions/store/pkg/config/defaults"
 	thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config/defaults"
+	user "github.com/owncloud/ocis/extensions/user/pkg/config/defaults"
 	web "github.com/owncloud/ocis/extensions/web/pkg/config/defaults"
 	webdav "github.com/owncloud/ocis/extensions/webdav/pkg/config/defaults"
 	"github.com/owncloud/ocis/ocis-pkg/shared"
@@ -30,22 +43,35 @@ func DefaultConfig() *Config {
 			Port: "9250",
 			Host: "localhost",
 		},
-		Audit:         audit.DefaultConfig(),
-		Accounts:      accounts.DefaultConfig(),
-		GLAuth:        glauth.DefaultConfig(),
-		Graph:         graph.DefaultConfig(),
-		IDP:           idp.DefaultConfig(),
-		IDM:           idm.DefaultConfig(),
-		Nats:          nats.DefaultConfig(),
-		Notifications: notifications.DefaultConfig(),
-		Proxy:         proxy.DefaultConfig(),
-		GraphExplorer: graphExplorer.DefaultConfig(),
-		OCS:           ocs.DefaultConfig(),
-		Settings:      settings.DefaultConfig(),
-		Web:           web.DefaultConfig(),
-		Store:         store.DefaultConfig(),
-		Thumbnails:    thumbnails.DefaultConfig(),
-		WebDAV:        webdav.DefaultConfig(),
-		Storage:       storage.DefaultConfig(),
+		Audit:             audit.DefaultConfig(),
+		Accounts:          accounts.DefaultConfig(),
+		GLAuth:            glauth.DefaultConfig(),
+		Graph:             graph.DefaultConfig(),
+		IDP:               idp.DefaultConfig(),
+		IDM:               idm.DefaultConfig(),
+		Nats:              nats.DefaultConfig(),
+		Notifications:     notifications.DefaultConfig(),
+		Proxy:             proxy.DefaultConfig(),
+		GraphExplorer:     graphExplorer.DefaultConfig(),
+		OCS:               ocs.DefaultConfig(),
+		Settings:          settings.DefaultConfig(),
+		Web:               web.DefaultConfig(),
+		Store:             store.DefaultConfig(),
+		Thumbnails:        thumbnails.DefaultConfig(),
+		WebDAV:            webdav.DefaultConfig(),
+		Gateway:           gateway.FullDefaultConfig(),
+		AuthBasic:         authbasic.FullDefaultConfig(),
+		AuthBearer:        authbearer.FullDefaultConfig(),
+		AuthMachine:       authmachine.FullDefaultConfig(),
+		User:              user.FullDefaultConfig(),
+		Group:             group.FullDefaultConfig(),
+		Sharing:           sharing.FullDefaultConfig(),
+		StorageMetadata:   storagemetadata.FullDefaultConfig(),
+		StoragePublicLink: storagepublic.FullDefaultConfig(),
+		StorageUsers:      storageusers.FullDefaultConfig(),
+		StorageShares:     storageshares.FullDefaultConfig(),
+		AppProvider:       appprovider.FullDefaultConfig(),
+		Frontend:          frontend.FullDefaultConfig(),
+		OCDav:             ocdav.FullDefaultConfig(),
 	}
 }
--- a/ocis-pkg/config/defaults/paths.go
+++ b/ocis-pkg/config/defaults/paths.go
@@ -10,16 +10,16 @@ const ()

 var (
 	// switch between modes
-	BaseDataPathType = "homedir"
-	// don't read from this, only write
+	BaseDataPathType = "homedir" // or "path"
+	// default data path
 	BaseDataPathValue = "/var/lib/ocis"
 )

 func BaseDataPath() string {

 	// It is not nice to have hidden / secrete configuration options
-	// But how can we update the base path for every occurence with a flageset option?
-	// This is currenlty not possible and needs a new configuration concept
+	// But how can we update the base path for every occurrence with a flagset option?
+	// This is currently not possible and needs a new configuration concept
 	p := os.Getenv("OCIS_BASE_DATA_PATH")
 	if p != "" {
 		return p
@@ -40,3 +40,36 @@ func BaseDataPath() string {
 		return ""
 	}
 }
+
+var (
+	// switch between modes
+	BaseConfigPathType = "homedir" // or "path"
+	// default config path
+	BaseConfigPathValue = "/etc/ocis"
+)
+
+func BaseConfigPath() string {
+
+	// It is not nice to have hidden / secrete configuration options
+	// But how can we update the base path for every occurrence with a flagset option?
+	// This is currently not possible and needs a new configuration concept
+	p := os.Getenv("OCIS_CONFIG_DIR")
+	if p != "" {
+		return p
+	}
+
+	switch BaseConfigPathType {
+	case "homedir":
+		dir, err := os.UserHomeDir()
+		if err != nil {
+			// fallback to BaseConfigPathValue for users without home
+			return BaseConfigPathValue
+		}
+		return path.Join(dir, ".ocis", "config")
+	case "path":
+		return BaseConfigPathValue
+	default:
+		log.Fatalf("BaseConfigPathType %s not found", BaseConfigPathType)
+		return ""
+	}
+}
--- a/ocis-pkg/config/helpers.go
+++ b/ocis-pkg/config/helpers.go
@@ -1,87 +1,31 @@
 package config

 import (
-	"io/fs"
-	"os"
-	"path/filepath"
-	"strings"
+	"path"

 	gofig "github.com/gookit/config/v2"
 	gooyaml "github.com/gookit/config/v2/yaml"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
 )

 var (
-	defaultLocations = []string{
-		filepath.Join(os.Getenv("HOME"), "/.ocis/config/"),
-		"/etc/ocis/",
-		".config/",
-	}
-
-	// supportedExtensions is determined by gookit/config.
-	supportedExtensions = []string{
-		"yaml",
-		"yml",
-	}
+	// decoderConfigTagname sets the tag name to be used from the config structs
+	// currently we only support "yaml" because we only support config loading
+	// from yaml files and the yaml parser has no simple way to set a custom tag name to use
+	decoderConfigTagName = "yaml"
 )

-// DefaultConfigSources returns a slice with matched expected config files. It sugars coat several aspects of config file
-// management by assuming there are 3 default locations a config file could be.
-// It uses globbing to match a config file by name, and retrieve any supported extension supported by our drivers.
-// It sanitizes the output depending on the list of drivers provided.
-func DefaultConfigSources(filename string, drivers []string) []string {
-	var sources []string
-
-	locations := []string{}
-	if v := os.Getenv("OCIS_CONFIG_DIR"); v != "" {
-		locations = append(locations, v)
-		// only use the configured config dir
-		locations = append(locations, os.Getenv("OCIS_CONFIG_DIR"))
-	} else {
-		// merge config from all default locations
-		locations = append(locations, defaultLocations...)
-	}
-
-	for i := range locations {
-		dirFS := os.DirFS(locations[i])
-		pattern := filename + ".*"
-		matched, _ := fs.Glob(dirFS, pattern)
-		if len(matched) > 0 {
-			// prepend path to results
-			for j := 0; j < len(matched); j++ {
-				matched[j] = filepath.Join(locations[i], matched[j])
-			}
-		}
-		sources = append(sources, matched...)
-	}
-
-	return sanitizeExtensions(sources, drivers, func(a, b string) bool {
-		return strings.HasSuffix(filepath.Base(a), b)
-	})
-}
-
-// sanitizeExtensions removes elements from "set" which extensions are not in "ext".
-func sanitizeExtensions(set []string, ext []string, f func(a, b string) bool) []string {
-	var r []string
-	for i := 0; i < len(set); i++ {
-		for j := 0; j < len(ext); j++ {
-			if f(filepath.Base(set[i]), ext[j]) {
-				r = append(r, set[i])
-			}
-		}
-	}
-	return r
-}
-
 // BindSourcesToStructs assigns any config value from a config file / env variable to struct `dst`. Its only purpose
 // is to solely modify `dst`, not dealing with the config structs; and do so in a thread safe manner.
 func BindSourcesToStructs(extension string, dst interface{}) (*gofig.Config, error) {
-	sources := DefaultConfigSources(extension, supportedExtensions)
 	cnf := gofig.NewWithOptions(extension)
 	cnf.WithOptions(func(options *gofig.Options) {
-		options.DecoderConfig.TagName = "yaml"
+		options.DecoderConfig.TagName = decoderConfigTagName
 	})
 	cnf.AddDriver(gooyaml.Driver)
-	_ = cnf.LoadFiles(sources...)
+
+	cfgFile := path.Join(defaults.BaseConfigPath(), extension+".yaml")
+	_ = cnf.LoadFiles([]string{cfgFile}...)

 	err := cnf.BindStruct("", &dst)
 	if err != nil {
--- a/ocis-pkg/ldap/ldap.go
+++ b/ocis-pkg/ldap/ldap.go
@@ -0,0 +1,25 @@
+package ldap
+
+import (
+	"errors"
+	"os"
+	"time"
+
+	"github.com/owncloud/ocis/ocis-pkg/log"
+)
+
+const _caTimeout = 5
+
+func WaitForCA(log log.Logger, insecure bool, caCert string) error {
+	if !insecure && caCert != "" {
+		if _, err := os.Stat(caCert); errors.Is(err, os.ErrNotExist) {
+			log.Warn().Str("LDAP CACert", caCert).Msgf("File does not exist. Waiting %d seconds for it to appear.", _caTimeout)
+			time.Sleep(_caTimeout * time.Second)
+			if _, err := os.Stat(caCert); errors.Is(err, os.ErrNotExist) {
+				log.Warn().Str("LDAP CACert", caCert).Msgf("File still does not exist after Timeout")
+				return err
+			}
+		}
+	}
+	return nil
+}
--- a/ocis-pkg/tracing/tracing.go
+++ b/ocis-pkg/tracing/tracing.go
@@ -5,6 +5,7 @@ import (
 	"net/url"
 	"strings"

+	"github.com/owncloud/ocis/ocis-pkg/log"
 	"go.opentelemetry.io/otel/exporters/jaeger"
 	"go.opentelemetry.io/otel/propagation"
 	"go.opentelemetry.io/otel/sdk/resource"
@@ -93,3 +94,35 @@ func parseAgentConfig(ae string) (string, string, error) {
 	}
 	return p[0], p[1], nil
 }
+
+// Configure for Reva serves only as informational / instructive log messages. Tracing config will be delegated directly
+// to Reva services.
+func Configure(enabled bool, tracingType string, logger log.Logger) {
+	if enabled {
+		switch tracingType {
+		case "agent":
+			logger.Error().
+				Str("type", tracingType).
+				Msg("Reva only supports the jaeger tracing backend")
+
+		case "jaeger":
+			logger.Info().
+				Str("type", tracingType).
+				Msg("configuring storage to use the jaeger tracing backend")
+
+		case "zipkin":
+			logger.Error().
+				Str("type", tracingType).
+				Msg("Reva only supports the jaeger tracing backend")
+
+		default:
+			logger.Warn().
+				Str("type", tracingType).
+				Msg("Unknown tracing backend")
+		}
+
+	} else {
+		logger.Debug().
+			Msg("Tracing is not enabled")
+	}
+}
--- a/ocis/docker/Dockerfile.linux.amd64
+++ b/ocis/docker/Dockerfile.linux.amd64
@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \

 RUN mkdir -p /var/lib/ocis && \
 chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis

-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis

 USER 1000
--- a/ocis/docker/Dockerfile.linux.arm
+++ b/ocis/docker/Dockerfile.linux.arm
@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \

 RUN mkdir -p /var/lib/ocis && \
 chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis

-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis

 USER 1000
--- a/ocis/docker/Dockerfile.linux.arm64
+++ b/ocis/docker/Dockerfile.linux.arm64
@@ -26,9 +26,12 @@ RUN addgroup -g 1000 -S ocis-group && \

 RUN mkdir -p /var/lib/ocis && \
 chown -R ocis-user:ocis-group /var/lib/ocis && \
- chmod -R 777 /var/lib/ocis
+ chmod -R 777 /var/lib/ocis && \
+ mkdir -p /etc/ocis && \
+ chown -R ocis-user:ocis-group /etc/ocis && \
+ chmod -R 777 /etc/ocis

-VOLUME [ "/var/lib/ocis" ]
+VOLUME [ "/var/lib/ocis", "/etc/ocis" ]
 WORKDIR /var/lib/ocis

 USER 1000
--- a/ocis/pkg/command/ocdav.go
+++ b/ocis/pkg/command/ocdav.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/ocdav/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,11 +13,11 @@ func OCDavCommand(cfg *config.Config) *cli.Command {
 		Name:     "ocdav",
 		Usage:    "start ocdav",
 		Category: "extensions",
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
+		// Before: func(ctx *cli.Context) error {
+		// 	return ParseStorageCommon(ctx, cfg)
+		// },
 		Action: func(c *cli.Context) error {
-			origCmd := command.OCDav(cfg.Storage)
+			origCmd := command.OCDav(cfg.OCDav)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storageappprovider.go
+++ b/ocis/pkg/command/storageappprovider.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/appprovider/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageAppProviderCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-app-provider",
 		Usage:    "start storage app-provider service",
 		Category: "extensions",
-		//Flags:    flagset.AppProviderWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.AppProvider(cfg.Storage)
+			origCmd := command.AppProvider(cfg.AppProvider)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storageauthbasic.go
+++ b/ocis/pkg/command/storageauthbasic.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/auth-basic/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageAuthBasicCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-auth-basic",
 		Usage:    "start storage auth-basic service",
 		Category: "extensions",
-		//Flags:    flagset.AuthBasicWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.AuthBasic(cfg.Storage)
+			origCmd := command.AuthBasic(cfg.AuthBasic)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storageauthbearer.go
+++ b/ocis/pkg/command/storageauthbearer.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/auth-bearer/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageAuthBearerCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-auth-bearer",
 		Usage:    "Start storage auth-bearer service",
 		Category: "extensions",
-		//Flags:    flagset.AuthBearerWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.AuthBearer(cfg.Storage)
+			origCmd := command.AuthBearer(cfg.AuthBearer)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storageauthmachine.go
+++ b/ocis/pkg/command/storageauthmachine.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/auth-machine/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageAuthMachineCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-auth-machine",
 		Usage:    "start storage auth-machine service",
 		Category: "extensions",
-		//Flags:    flagset.AuthMachineWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.AuthMachine(cfg.Storage)
+			origCmd := command.AuthMachine(cfg.AuthMachine)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storagefrontend.go
+++ b/ocis/pkg/command/storagefrontend.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/frontend/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageFrontendCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-frontend",
 		Usage:    "start storage frontend",
 		Category: "extensions",
-		//Flags:    flagset.FrontendWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.Frontend(cfg.Storage)
+			origCmd := command.Frontend(cfg.Frontend)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storagegateway.go
+++ b/ocis/pkg/command/storagegateway.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/gateway/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -14,11 +14,11 @@ func StorageGatewayCommand(cfg *config.Config) *cli.Command {
 		Usage:    "start storage gateway",
 		Category: "extensions",
 		//Flags:    flagset.GatewayWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
+		// Before: func(ctx *cli.Context) error {
+		// 	return ParseStorageCommon(ctx, cfg)
+		// },
 		Action: func(c *cli.Context) error {
-			origCmd := command.Gateway(cfg.Storage)
+			origCmd := command.Gateway(cfg.Gateway)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storagegroupprovider.go
+++ b/ocis/pkg/command/storagegroupprovider.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/group/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StorageGroupProviderCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-groupprovider",
 		Usage:    "start storage groupprovider service",
 		Category: "extensions",
-		//Flags:    flagset.GroupsWithConfig(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.Groups(cfg.Storage)
+			origCmd := command.Groups(cfg.Group)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storagemetadata.go
+++ b/ocis/pkg/command/storagemetadata.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/storage-metadata/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,11 +13,8 @@ func StorageMetadataCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-metadata",
 		Usage:    "start storage and data service for metadata",
 		Category: "extensions",
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.StorageMetadata(cfg.Storage)
+			origCmd := command.StorageMetadata(cfg.StorageMetadata)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storagepubliclink.go
+++ b/ocis/pkg/command/storagepubliclink.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/storage-publiclink/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,12 +13,8 @@ func StoragePublicLinkCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-public-link",
 		Usage:    "start storage public link storage",
 		Category: "extensions",
-		//Flags:    flagset.StoragePublicLink(cfg.Storage),
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.StoragePublicLink(cfg.Storage)
+			origCmd := command.StoragePublicLink(cfg.StoragePublicLink)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/ocis/pkg/command/storageshares.go
+++ b/ocis/pkg/command/storageshares.go
@@ -1,7 +1,7 @@
 package command

 import (
-	"github.com/owncloud/ocis/extensions/storage/pkg/command"
+	"github.com/owncloud/ocis/extensions/storage-shares/pkg/command"
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/urfave/cli/v2"
@@ -13,11 +13,8 @@ func StorageSharesCommand(cfg *config.Config) *cli.Command {
 		Name:     "storage-shares",
 		Usage:    "start storage and data provider for shares jail",
 		Category: "extensions",
-		Before: func(ctx *cli.Context) error {
-			return ParseStorageCommon(ctx, cfg)
-		},
 		Action: func(c *cli.Context) error {
-			origCmd := command.StorageShares(cfg.Storage)
+			origCmd := command.StorageShares(cfg.StorageShares)
 			return handleOriginalAction(c, origCmd)
 		},
 	}
--- a/Show More
+++ b/Show More