diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 098ac340..2b15fc23 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -44,12 +44,11 @@ RUN set -ex; \
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     \
     touch \
-        /etc/nats.conf \
-        /etc/signaling.conf \
-        /etc/turnserver.conf; \
+        /etc/nats.conf; \
     echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
     mkdir -p \
         /var/tmp \
+        /conf \
         /var/lib/turn \
         /var/log/supervisord \
         /var/run/supervisord; \
@@ -57,11 +56,13 @@ RUN set -ex; \
         /usr \
         /etc/janus \
         /etc/nats.conf \
-        /etc/signaling.conf \
-        /etc/turnserver.conf \
         /var/lib/turn \
         /var/log/supervisord \
-        /var/run/supervisord;
+        /var/run/supervisord; \
+    chmod 777 -R \
+        /conf \
+        /var/run/supervisord \
+        /var/log/supervisord;
 
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh
index fc0ca93b..f06d7c3a 100644
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -20,7 +20,7 @@ IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
 set +x
 
 # Turn
-cat << TURN_CONF > "/etc/turnserver.conf"
+cat << TURN_CONF > "/conf/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
 use-auth-secret
@@ -54,7 +54,7 @@ denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling.conf"
+cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
 
diff --git a/Containers/talk/supervisord.conf b/Containers/talk/supervisord.conf
index 422f1b2d..5b43ed41 100644
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver -c /etc/turnserver.conf
+command=turnserver -c /conf/turnserver.conf
 
 [program:nats-server]
 stdout_logfile=/dev/stdout
@@ -35,4 +35,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nextcloud-spreed-signaling -config /etc/signaling.conf
+command=nextcloud-spreed-signaling -config /conf/signaling.conf
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..56749894 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -332,6 +332,12 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/log/supervisord",
+        "/var/run/supervisord",
+        "/conf"
       ]
     },
     {