diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..1bb1d1e
Binary files /dev/null and b/.DS_Store differ
diff --git a/conf/.env b/conf/.env
index da4d132..14edf55 100644
--- a/conf/.env
+++ b/conf/.env
@@ -8,7 +8,7 @@ DB_PASSWORD=__DB_PWD__
 DB_DATABASE_NAME=__DB_NAME__
 
 # Optional Database settings:
-DB_PORT=5532
+# DB_PORT=5532
 
 
 
diff --git a/conf/microservices.service b/conf/microservices.service
new file mode 100644
index 0000000..33a5691
--- /dev/null
+++ b/conf/microservices.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/immich/apps/immich/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-microservices.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/systemd.service b/conf/ml.service
similarity index 86%
rename from conf/systemd.service
rename to conf/ml.service
index 1185b5c..f246313 100644
--- a/conf/systemd.service
+++ b/conf/ml.service
@@ -7,8 +7,11 @@ Type=simple
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/
-ExecStart=/usr/bin/sleep 10
-StandardOutput=append:/var/log/__APP__/__APP__.log
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/immich/apps/immich/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-ml.log
 StandardError=inherit
 
 # Sandboxing options to harden security
diff --git a/conf/server.service b/conf/server.service
new file mode 100644
index 0000000..491d376
--- /dev/null
+++ b/conf/server.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/immich/apps/immich/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-server.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/web.service b/conf/web.service
new file mode 100644
index 0000000..ccac17c
--- /dev/null
+++ b/conf/web.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/immich/apps/immich/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-web.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 51bb13b..18548a0 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -27,7 +27,7 @@ function detect_arch() {
 NODEJS_VERSION=16
 
 # dependencies used by the app
-pkg_dependencies="npm postgresql ffmpeg"
+pkg_dependencies="npm musl-dev postgresql ffmpeg"
 
 # libheif vips
 
@@ -35,6 +35,11 @@ pkg_dependencies="npm postgresql ffmpeg"
 # PERSONAL HELPERS
 #=================================================
 
+# apt-get install musl-dev
+# ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
+
+
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
diff --git a/scripts/install b/scripts/install
index c58e9fd..6c45f99 100755
--- a/scripts/install
+++ b/scripts/install
@@ -77,6 +77,7 @@ ynh_script_progression --message="Installing dependencies..." --weight=1
 ynh_install_nodejs --nodejs_version=$NODEJS_VERSION 2>&1
 
 ynh_install_app_dependencies $pkg_dependencies
+ynh_psql_execute_as_root ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
 
 #=================================================
 # CREATE DEDICATED USER
@@ -201,10 +202,13 @@ chown $app:$app "$final_path/.env"
 #=================================================
 # SETUP SYSTEMD
 #=================================================
-ynh_script_progression --message="Configuring a systemd service..."
+ynh_script_progression --message="Configuring all systemd services..."
 
 # Create a dedicated systemd config
-ynh_add_systemd_config
+ynh_add_systemd_config --service=$app-server --template=server.service
+ynh_add_systemd_config --service=$app-microservices --template=microservices.service
+ynh_add_systemd_config --service=$app-machine-learning --template=ml.service
+ynh_add_systemd_config --service=$app-web --template=web.service
 
 #=================================================
 # GENERIC FINALIZATION
@@ -229,7 +233,7 @@ yunohost service add $app --description="A short description of the app" --log="
 ynh_script_progression --message="Starting a systemd service..."
 
 # Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app-server --action="start" --log_path="/var/log/$app/$app-server.log"
 
 #=================================================
 # SETUP SSOWAT