Merge pull request #6 from YunoHost-Apps/from_docker

From docker
2024-09-03 19:36:09 +02:00 · 2021-09-12 16:35:04 +02:00 · 2021-09-12 16:35:04 +02:00 · 85865be908
commit 85865be908
parent 86d57004cc 87292610c1
29 changed files with 1025 additions and 303 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -8,7 +8,7 @@ about: When creating a bug report, please use the following template to provide
 1. *Read this whole template first.*
 2. *Determine if you are on the right place:*
   - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
-   - *Otherwise, the issue may be due to REPLACEBYYOURAPP itself. Refer to its documentation or repository for help.*
+   - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
   - *When in doubt, post here and we will figure it out together.*
 3. *Delete the italic comments as you write over them below, and remove this guide.*
 --- 
@ -31,7 +31,7 @@ about: When creating a bug report, please use the following template to provide

 - *If you performed a command from the CLI, the command itself is enough. For example:*
    ```sh
-    sudo yunohost app install REPLACEBYYOURAPP
+    sudo yunohost app install the_app
    ```
 - *If you used the webadmin, please perform the equivalent command from the CLI first.*
 - *If the error occurs in your browser, explain what you did:*
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,16 @@
+## Problem
+
+- *Description of why you made this PR*
+
+## Solution
+
+- *And how do you fix that problem*
+
+## PR Status
+
+- [ ] Code finished and ready to be reviewed/tested
+- [ ] The fix/enhancement were manually tested (if applicable)
+
+## Automatic tests
+
+Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)
--- a/README.md
+++ b/README.md
@ -1,74 +1,52 @@
+<!--
+N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
+It shall NOT be edited by hand.
+-->

-
-# Lemmy app for YunoHost
-**Warning:** This app uses Docker. YunoHost do not encourages to use black box container technologies like Docker and Ansible.
-
-Then why this package uses Docker?
-It's because the developers of the core app do not support simple installation. And packaging without documentaion is time consuming.
+# lemmy for YunoHost

 [![Integration level](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)  
+[![Install lemmy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)

-[![Install Lemmy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)
+*[Lire ce readme en français.](./README_fr.md)*

-
-> *This package allows you to install Lemmy quickly and simply on a YunoHost server.
+> *This package allows you to install lemmy quickly and simply on a YunoHost server.
 If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*

 ## Overview
-Lemmy is similar to sites like Reddit, Lobste.rs, Raddle, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse.

-**Shipped version:** 0.9.9
+A link aggregator / Reddit clone for the fediverse.
+
+**Shipped version:** 0.11.3~ynh1
+
+**Demo:** https://join.lemmy.ml/join/

 ## Screenshots

-![](https://raw.githubusercontent.com/LemmyNet/joinlemmy-site/main/static/images/main_img.webp)
+![](./doc/screenshots/screenshot1.webp)

-## Demo
+## Disclaimers / important information

-* [Official demo](https://join.lemmy.ml/join/)
-
-## Configuration
-
-Lemmy require full domain path to be instlled. Eg. lemmy.domain.tld
-
-The admin username and password will be sent to the admin of the YunoHost through mail.
-
-## Documentation
-
- * Official documentation: https://join.lemmy.ml/docs/en/index.html
-
-
-## YunoHost specific features
-
-#### Multi-user support
-
-Are LDAP and HTTP auth supported? No
-Can the app be used by multiple users? Yes
-
-#### Supported architectures
-
-* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lemmy%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/lemmy/)
-* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lemmy%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lemmy/)
-
-## Links
+* Any known limitations, constrains or stuff not working, such as (but not limited to):
+    * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
+    * The admin username and password will be sent to the admin of the YunoHost through mail.
+## Documentation and resources

+* Official app website: https://join-lemmy.org/
+* Official admin documentation: https://join-lemmy.org/docs/en/
+* Upstream app code repository: https://github.com/LemmyNet/lemmy
+* YunoHost documentation for this app: https://yunohost.org/app_lemmy
 * Report a bug: https://github.com/YunoHost-Apps/lemmy_ynh/issues
- * App website: https://join.lemmy.ml
- * Upstream app repository: https://github.com/LemmyNet/lemmy
- * YunoHost website: https://yunohost.org/
-
---

 ## Developer info

-**Only if you want to use a testing branch for coding, instead of merging directly into master.**
 Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing).

 To try the testing branch, please proceed like that.
 ```
 sudo yunohost app install https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
-
 or
-
 sudo yunohost app upgrade lemmy -u https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
 ```
+
+**More info regarding app packaging:** https://yunohost.org/packaging_apps
--- a/README_fr.md
+++ b/README_fr.md
@ -0,0 +1,48 @@
+# lemmy pour YunoHost
+
+[![Niveau d'intégration](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)  
+[![Installer lemmy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)
+
+*[Read this readme in english.](./README.md)*
+*[Lire ce readme en français.](./README_fr.md)*
+
+> *Ce package vous permet d'installer lemmy rapidement et simplement sur un serveur YunoHost.
+Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
+
+## Vue d'ensemble
+
+
+
+**Version incluse :** 0.11.3~ynh1
+
+**Démo :** https://join.lemmy.ml/join/
+
+## Captures d'écran
+
+![](./doc/screenshots/screenshot1.webp)
+
+## Avertissements / informations importantes
+
+* Any known limitations, constrains or stuff not working, such as (but not limited to):
+    * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
+    * The admin username and password will be sent to the admin of the YunoHost through mail.
+## Documentations et ressources
+
+* Site officiel de l'app : https://join-lemmy.org/
+* Documentation officielle de l'admin : https://join-lemmy.org/docs/en/
+* Dépôt de code officiel de l'app : https://github.com/LemmyNet/lemmy
+* Documentation YunoHost pour cette app : https://yunohost.org/app_lemmy
+* Signaler un bug : https://github.com/YunoHost-Apps/lemmy_ynh/issues
+
+## Informations pour les développeurs
+
+Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing).
+
+Pour essayer la branche testing, procédez comme suit.
+```
+sudo yunohost app install https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
+ou
+sudo yunohost app upgrade lemmy -u https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
+```
+
+**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
--- a/13
+++ b/13
@ -1,14 +1,9 @@
-# See here for more information
-# https://github.com/YunoHost/package_check#syntax-check_process-file
-
-# Move this file from check_process.default to check_process when you have filled it.
-
 ;; Test complet
 	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		path="/path"	(PATH)
-		admin="john"	(USER)
-		sitename="lemmy website) (SITENAME)
+		domain="domain.tld"
+		path="/"
+		admin="john"
+		sitename="lemmy website"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=0
--- a/conf/app.src
+++ b/conf/app.src
@ -1,7 +0,0 @@
-SOURCE_URL=url of app's source
-SOURCE_SUM=sha256 checksum
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
--- a/conf/docker-compose.yml
+++ b/conf/docker-compose.yml
@ -1,56 +0,0 @@
-version: "2.2"
-
-services:
-  postgres:
-    image: postgres:12-alpine
-    environment:
-      - POSTGRES_USER=lemmy
-      - POSTGRES_PASSWORD=password
-      - POSTGRES_DB=lemmy
-    volumes:
-      - ./volumes/postgres:/var/lib/postgresql/data
-    restart: always
-
-  lemmy:
-    image: dessalines/lemmy:0.9.9
-    ports:
-      - "127.0.0.1:__PORT__LEMMY__:8536"
-    restart: always
-    environment:
-      - RUST_LOG=error
-    volumes:
-      - ./lemmy.hjson:/config/config.hjson
-    depends_on:
-      - postgres
-      - pictrs
-      - iframely
-
-  lemmy-ui:
-    image: dessalines/lemmy-ui:0.9.9
-    ports:
-      - "127.0.0.1:__PORT_UI__:1234"
-    restart: always
-    environment:
-      - LEMMY_INTERNAL_HOST=lemmy:8536
-      - LEMMY_EXTERNAL_HOST=localhost:__PORT__LEMMY__
-      - LEMMY_HTTPS=false
-    depends_on:
-      - lemmy
-
-  pictrs:
-    image: asonix/pictrs:v0.2.5-r0
-    ports:
-      - "127.0.0.1:__PORT_PICTRS__:8080"
-    user: 991:991
-    volumes:
-      - ./volumes/pictrs:/mnt
-    restart: always
-
-  iframely:
-    image: dogbin/iframely:latest
-    ports:
-      - "127.0.0.1:__PORT_IFRAMELY__:80"
-    volumes:
-      - ./iframely.config.local.js:/iframely/config.local.js:ro
-    restart: always
-    mem_limit: 100m
--- a/conf/docker-image-extract.src
+++ b/conf/docker-image-extract.src
@ -0,0 +1,7 @@
+SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9
+SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
--- a/conf/iframely.config.local.js
+++ b/conf/iframely.config.local.js
@ -37,7 +37,7 @@
        },
        */

-        port: 80, //can be overridden by PORT env var
+        port: __PORT_IFRAMELY__, //can be overridden by PORT env var
        host: '0.0.0.0',    // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246
                            //can be overridden by HOST env var

--- a/conf/iframely.service
+++ b/conf/iframely.service
@ -0,0 +1,45 @@
+[Unit]
+Description=__APP__ Iframely Daemon
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/iframely/
+ExecStart=__YNH_NODE__ -- server
+StandardOutput=append:/var/log/__APP__/__APP__-iframely.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
+[Install]
+WantedBy=multi-user.target
--- a/conf/imagemagick.src
+++ b/conf/imagemagick.src
@ -0,0 +1,7 @@
+SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.0.10-62.tar.gz
+SOURCE_SUM=84442158aea070095efa832cfe868fd99d6befdf609444f0c9e9f1b4f25480cd
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
--- a/conf/lemmy-translations.src
+++ b/conf/lemmy-translations.src
@ -0,0 +1,7 @@
+SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/9e3dfebe14693553f1002ef06f02201ca1d52863
+SOURCE_SUM=1693789ac4d6a3905530b2cf76ad50151082f5e96d1639dc06e30219649a6c87
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
--- a/conf/lemmy-ui.service
+++ b/conf/lemmy-ui.service
@ -0,0 +1,49 @@
+[Unit]
+Description=__APP__ Lemmy UI Daemon
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT_LEMMY__"
+Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__"
+Environment="LEMMY_HTTPS=true"
+Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__"
+WorkingDirectory=__FINALPATH__/lemmy-ui/
+ExecStart=__YNH_NODE__ dist/js/server.js
+StandardOutput=append:/var/log/__APP__/__APP__-ui.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
+[Install]
+WantedBy=multi-user.target
--- a/conf/lemmy.hjson
+++ b/conf/lemmy.hjson
@ -6,41 +6,90 @@
    # username for the admin user
    admin_username: "__ADMIN__"
    # password for the admin user
-    admin_password: "__ADMIN_PASS__"
+    admin_password: "__PASSWORD__"
+    # optional: email for the admin user (can be omitted and set later through the website)
+    admin_email: "__ADMIN_EMAIL__"
    # name of the site (can be changed later)
-    site_name: "__NAME__"
+    site_name: "__SITENAME__"
+  }
+  # settings related to the postgresql database
+  database: {
+    # username to connect to postgres
+    user: "__DB_USER__"
+    # password to connect to postgres
+    password: "__DB_PWD__"
+    # host where postgres is running
+    host: "localhost"
+    # port where postgres can be accessed
+    port: 5432
+    # name of the postgres database for lemmy
+    database: "__DB_NAME__"
+    # maximum number of active sql connections
+    pool_size: 5
  }
-
  # the domain name of your instance (eg "lemmy.ml")
  hostname: "__DOMAIN__"
  # address where lemmy should listen for incoming requests
  bind: "0.0.0.0"
  # port where lemmy should listen for incoming requests
-  port: 8536
+  port: __PORT_LEMMY__
+  # whether tls is required for activitypub. only disable this for debugging, never for producion.
+  tls_enabled: true
  # json web token for authorization between server and client
  jwt_secret: "__RANDOM__"
-  # settings related to the postgresql database
-  database: {
-    # name of the postgres database for lemmy
-    database: "lemmy"
-    # username to connect to postgres
-    user: "lemmy"
-    # password to connect to postgres
-    password: "password"
-    # host where postgres is running
-    host: "postgres"
+  # address where pictrs is available
+  pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
+  # address where iframely is available
+  iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__"
+  # rate limits for various user actions, by user ip
+  rate_limit: {
+    # maximum number of messages created in interval
+    message: 180
+    # interval length for message limit
+    message_per_second: 60
+    # maximum number of posts created in interval
+    post: 6
+    # interval length for post limit
+    post_per_second: 600
+    # maximum number of registrations in interval
+    register: 3
+    # interval length for registration limit
+    register_per_second: 3600
+    # maximum number of image uploads in interval
+    image: 6
+    # interval length for image uploads
+    image_per_second: 3600
  }
-#  # optional: email sending configuration
-#  email: {
-#    # hostname and port of the smtp server
+  # settings related to activitypub federation
+  federation: {
+    # whether to enable activitypub federation.
+    enabled: true
+    # Allows and blocks are described here:
+    # https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
+    #
+    # list of instances with which federation is allowed
+    # allowed_instances: ["instance1.tld","instance2.tld"]
+    # instances which we never federate anything with (but previously federated objects are unaffected)
+    # blocked_instances: []
+    # If true, only federate with instances on the allowlist and block everything else. If false,
+    # use allowlist only for remote communities, and posts/comments in local communities.
+    # strict_allowlist: true
+  }
+  captcha: {
+    enabled: true
+    difficulty: medium # Can be easy, medium, or hard
+  }
+  # email sending configuration
+  email: {
+    # hostname and port of the smtp server
    smtp_server: "127.0.0.1:25"
-#    # login name for smtp server
+    # login name for smtp server
    smtp_login: ""
-#    # password to login to the smtp server
+    # password to login to the smtp server
    smtp_password: ""
-#    # address to send emails from, eg "noreply@your-instance.com"
+    # address to send emails from, eg "noreply@your-instance.com"
    smtp_from_address: "lemmy@__DOMAIN__"
-#    # whether or not smtp connections should use tls
+    # whether or not smtp connections should use tls
    use_tls: true
-#  }
+  }
 }
--- a/conf/lemmy.service
+++ b/conf/lemmy.service
@ -0,0 +1,46 @@
+[Unit]
+Description=__APP__ Lemmy Daemon
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+Environment="LEMMY_CONFIG_LOCATION=__FINALPATH__/config/config.hjson"
+WorkingDirectory=__FINALPATH__/lemmy/
+ExecStart=__FINALPATH__/lemmy/lemmy
+StandardOutput=append:/var/log/__APP__/__APP__.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
+[Install]
+WantedBy=multi-user.target
--- a/conf/pict-rs.service
+++ b/conf/pict-rs.service
@ -0,0 +1,45 @@
+[Unit]
+Description=__APP__ pict-rs Daemon
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/pict-rs/
+ExecStart=__FINALPATH__/pict-rs/pict-rs -a 127.0.0.1:__PORT_PICTRS__ -p __DATADIR__/pictrs-data
+StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
+[Install]
+WantedBy=multi-user.target
--- a/conf/pict-rs.src
+++ b/conf/pict-rs.src
@ -0,0 +1,7 @@
+SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.2.6-r2.tar.gz
+SOURCE_SUM=c8542ff79fc2f0699b33994d6718a9f8f4bfc94e6c7c7e1e5dc13911afd40d10
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
--- a/doc/.gitkeep
+++ b/doc/.gitkeep
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -0,0 +1,3 @@
+* Any known limitations, constrains or stuff not working, such as (but not limited to):
+    * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
+    * The admin username and password will be sent to the admin of the YunoHost through mail.
--- a/doc/screenshots/.gitkeep
+++ b/doc/screenshots/.gitkeep
--- a/doc/screenshots/screenshot1.webp
+++ b/doc/screenshots/screenshot1.webp
--- a/manifest.json
+++ b/manifest.json
@ -5,8 +5,15 @@
    "description": {
        "en": "A link aggregator / Reddit clone for the fediverse."
    },
-    "version": "0.9.9~ynh1",
+    "version": "0.11.3~ynh1",
    "url": "https://join.lemmy.ml/",
+    "upstream": {
+        "license": "GPL-3.0",
+        "website": "https://join-lemmy.org/",
+        "demo": "https://join.lemmy.ml/join/",
+        "admindoc": "https://join-lemmy.org/docs/en/",
+        "code": "https://github.com/LemmyNet/lemmy"
+    },
    "license": "GPL-3.0",
    "maintainer": {
        "name": "Anmol Sharma",
@ -25,19 +32,11 @@
            {
                "name": "domain",
                "type": "domain",
-                "ask": {
-                    "en": "Choose a domain name for Lemmy",
-                    "fr": "Choisissez un nom de domaine pour Lemmy"
-                },
                "example": "example.com"
            },
            {
                "name": "admin",
-                "type": "string",
-                "ask": {
-                    "en": "Choose an admin username",
-                    "fr": "Choisissez l'administrateur"
-                },
+                "type": "user",
                "example": "johndoe"
            },
            {
@ -48,7 +47,6 @@
                },
                "example": "lemmy website"
            }
-
        ]
    }
 }
--- a/pull_request_template.md
+++ b/pull_request_template.md
@ -1,16 +0,0 @@
-## Problem
- *Description of why you made this PR*
-
-## Solution
- *And how do you fix that problem*
-
-## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
-
-## Package_check results
---
-* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -5,7 +5,26 @@
 #=================================================

 # dependencies used by the app
-pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
+lemmy_dependencies="postgresql postgresql-contrib"
+lemmyui_dependencies="espeak"
+imagemagick_build_dependencies="libltdl-dev libjpeg-dev libpng-dev libwebp-dev liblzma-dev libxml2-dev"
+imagemagick_dependencies=""
+pictrs_build_dependencies="pkg-config build-essential libgexiv2-dev libxml2 libltdl7 libavcodec-dev libavfilter-dev libavdevice-dev libavformat-dev libavresample-dev libavutil-dev libswscale-dev libswresample-dev llvm-dev libclang-dev clang"
+pictrs_dependencies="libgexiv2-2 libpng16-16 libjpeg62-turbo libwebp6 libwebpdemux2 libwebpmux3 libltdl7 libgomp1 libxml2 libavcodec58 libavfilter7 libavdevice58 libavformat58 libavresample4 libavutil56 libswscale5 libswresample3 tini"
+iframely_dependencies="musl-dev"
+
+pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies $iframely_dependencies"
+pkg_build_dependencies="$imagemagick_build_dependencies $pictrs_build_dependencies"
+
+NODEJS_VERSION=12
+
+LEMMY_VERSION=0.11.3
+
+LEMMYUI_VERSION=0.11.3
+
+PICTRS_VERSION=v0.2.6-r2
+
+IFRAMELY_VERSION=latest

 #=================================================
 # PERSONAL HELPERS
--- a/scripts/backup
+++ b/scripts/backup
@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
 #=================================================

 ynh_clean_setup () {
-	### Remove this function if there's nothing to clean before calling the remove script.
 	true
 }
 # Exit if an error occurs during the execution of the script
@ -30,26 +29,55 @@ app=$YNH_APP_INSTANCE_NAME

 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)

 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."

-
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================

 ynh_backup --src_path="$final_path"

+#=================================================
+# BACKUP THE DATA DIR
+#=================================================
+
+ynh_backup --src_path="$datadir" --is_big
+
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================

 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

+#=================================================
+# SPECIFIC BACKUP
+#=================================================
+# BACKUP LOGROTATE
+#=================================================
+
+ynh_backup --src_path="/etc/logrotate.d/$app"
+
+#=================================================
+# BACKUP SYSTEMD
+#=================================================
+
+ynh_backup --src_path="/etc/systemd/system/$app.service"
+ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
+ynh_backup --src_path="/etc/systemd/system/$app-iframely.service"
+ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
+
+#=================================================
+# BACKUP THE POSTGRESQL DATABASE
+#=================================================
+ynh_print_info --message="Backing up the PostgreSQL database..."
+
+ynh_psql_dump_db --database="$db_name" > db.sql

 #=================================================
 # END OF SCRIPT
--- a/scripts/install
+++ b/scripts/install
@ -14,8 +14,7 @@ source /usr/share/yunohost/helpers
 #=================================================

 ynh_clean_setup () {
-	### Remove this function if there's nothing to clean before calling the remove script.
-	true
+	ynh_clean_check_starting
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
@ -26,19 +25,18 @@ ynh_abort_if_errors

 domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
-version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
 admin=$YNH_APP_ARG_ADMIN
 password=$(ynh_string_random --length=12)
 sitename=$YNH_APP_ARG_SITENAME
 random=$(ynh_string_random --length=10)
+admin_email=$(ynh_user_get_info --username=$admin --key="mail")

 app=$YNH_APP_INSTANCE_NAME

 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
-
-ynh_script_progression --message="Validating installation parameters..." --weight=1
+ynh_script_progression --message="Validating installation parameters..."

 final_path=/var/www/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -49,7 +47,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
-ynh_script_progression --message="Storing installation settings..."  --weight=1
+ynh_script_progression --message="Storing installation settings..."

 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -63,97 +61,231 @@ ynh_app_setting_set --app=$app --key=random --value=$random
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
-ynh_script_progression --message="Finding an available port..." --weight=1
+ynh_script_progression --message="Finding an available port..."

 # Find an available port
 port_lemmy=$(ynh_find_port --port=8536)
-port_ui=$(ynh_find_port --port=1235)
-port_pictrs=$(ynh_find_port --port=8537)
-port_iframely=$(ynh_find_port --port=8061)
 ynh_app_setting_set --app=$app --key=port_lemmy --value=$port_lemmy
+port_ui=$(ynh_find_port --port=1235)
 ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui
+port_pictrs=$(ynh_find_port --port=8537)
 ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs
+port_iframely=$(ynh_find_port --port=8061)
 ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely

 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=1
+ynh_script_progression --message="Installing dependencies..."

-#ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $pkg_build_dependencies
+ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
+ynh_use_nodejs
+ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1

-# Install Docker and compose
-curl -sSL https://get.docker.com | sh
-systemctl enable docker --quiet
-curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..."
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir=$final_path
+
+#=================================================
+# CREATE A POSTGRESQL DATABASE
+#=================================================
+ynh_script_progression --message="Creating a PostgreSQL database..."
+
+ynh_psql_test_if_first_run
+db_name=$(ynh_sanitize_dbid --db_name=$app)
+db_user=$db_name
+db_pwd=$(ynh_string_random --length=30)
+ynh_app_setting_set --app=$app --key=db_name --value=$db_name
+ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
+ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd

 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-ynh_script_progression --message="Setting up source files..." --weight=1
+ynh_script_progression --message="Setting up source files..."

 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="docker-image-extract"
+ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-image-extract"
+ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
+ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
+ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
+ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"

-mkdir "$final_path"
-cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
-cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
-cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
-pushd "$final_path"
-	mkdir -p volumes/pictrs
-	chown -R 991:991 volumes/pictrs
-popd
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring NGINX web server..."  --weight=1
+ynh_script_progression --message="Configuring NGINX web server..."

 # Create a dedicated NGINX config
-ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
+ynh_add_nginx_config

 #=================================================
-# MODIFY A CONFIG FILE
+# SPECIFIC SETUP
 #=================================================
+# CREATE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Creating a data directory..."

+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir

+mkdir -p $datadir/pictrs-data

-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"

+#=================================================
+# MAKE INSTALL
+#=================================================
+ynh_script_progression --message="Making install..."
+
+# Install lemmy
+pushd $final_path/build-lemmy
+	./docker-image-extract dessalines/lemmy:$LEMMY_VERSION
+popd
+mkdir -p "$final_path/lemmy/"
+mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy"
+ynh_secure_remove --file="$final_path/build-lemmy"
+
+# Install lemmy-ui
+pushd $final_path/build-lemmy-ui
+	./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION
+popd
+mkdir -p "$final_path/lemmy-ui/"
+rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/"
+ynh_secure_remove --file="$final_path/build-lemmy-ui"
+
+# Install ImageMagick
+pushd "$final_path/build-imagemagick/"
+	ynh_exec_warn_less ./configure --with-modules
+	ynh_exec_warn_less make
+	ynh_exec_warn_less make install
+	ynh_exec_warn_less ldconfig /usr/local/lib
+popd
+ynh_secure_remove --file="$final_path/build-imagemagick"
+
+# Install rustup with the toolchain needed by pict-rs
+pushd "$final_path"
+	sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
+popd
+
+export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
+
+# Install pict-rs
+pushd $final_path/build-pict-rs
+	ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
+popd
+mkdir -p "$final_path/pict-rs/"
+mv -f "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
+ynh_secure_remove --file="$final_path/build-pict-rs"
+
+# Remove rustup
+ynh_secure_remove --file="$final_path/.cargo"
+ynh_secure_remove --file="$final_path/.rustup"
+
+# Install iframely
+pushd $final_path/build-iframely
+	./docker-image-extract dogbin/iframely:$IFRAMELY_VERSION
+popd
+mkdir -p "$final_path/iframely/"
+rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
+ynh_secure_remove --file="$final_path/build-iframely"
+
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"
+
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding a configuration file..."
+
+mkdir -p "$final_path/config/"
+ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
+
+chmod 400 "$final_path/config/config.hjson"
+chown $app:$app "$final_path/config/config.hjson"
+
+ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
+
+chmod 400 "$final_path/iframely/iframely.config.local.js"
+chown $app:$app "$final_path/iframely/iframely.config.local.js"
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+ynh_script_progression --message="Configuring a systemd service..."
+
+# Create a dedicated systemd config
+ynh_add_systemd_config --service="$app" --template="lemmy.service"
+ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
+ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
+ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring log rotation..."
+
+mkdir -p "/var/log/$app"
+chmod 750 "/var/log/$app"
+chmod -R o-rwx "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
+
+#=================================================
+# INTEGRATE SERVICE IN YUNOHOST
+#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..."
+
+yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
+yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
+yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..."
+
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd

 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
-
+ynh_script_progression --message="Configuring permissions..."

+# Make app public
 ynh_permission_update --permission="main" --add="visitors"

-
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload

-
-#=================================================
-# Run Lemmy through Docker
-#=================================================
-# chown -R $(whoami) /usr/local/bin
-
-chmod +x /usr/local/bin/docker-compose
-cd "$final_path" && docker-compose up -d
-
-
 #=================================================
 # SEND A README FOR THE ADMIN
 #=================================================
@ -175,4 +307,4 @@ ynh_send_readme_to_admin "$message"
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Installation of $app completed" --last
+ynh_script_progression --message="Installation of $app completed"
--- a/scripts/remove
+++ b/scripts/remove
@ -12,30 +12,99 @@ source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)

 #=================================================
 # STANDARD REMOVE
 #=================================================
-cd "$final_path" && docker-compose down --rmi all
+# REMOVE SERVICE INTEGRATION IN YUNOHOST
+#=================================================
+
+# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
+if ynh_exec_warn_less yunohost service status $app >/dev/null
+then
+	ynh_script_progression --message="Removing $app service integration..."
+	yunohost service remove $app
+fi
+if ynh_exec_warn_less yunohost service status $app >/dev/null
+then
+	ynh_script_progression --message="Removing $app-ui service integration..."
+	yunohost service remove $app-ui
+fi
+if ynh_exec_warn_less yunohost service status $app >/dev/null
+then
+	ynh_script_progression --message="Removing $app-iframely service integration..."
+	yunohost service remove $app-iframely
+fi
+if ynh_exec_warn_less yunohost service status $app >/dev/null
+then
+	ynh_script_progression --message="Removing $app-pict-rs service integration..."
+	yunohost service remove $app-pict-rs
+fi
+
+#=================================================
+# STOP AND REMOVE SERVICE
+#=================================================
+ynh_script_progression --message="Stopping and removing the systemd service..."
+
+# Remove the dedicated systemd config
+ynh_remove_systemd_config
+ynh_remove_systemd_config --service=$app-ui
+ynh_remove_systemd_config --service=$app-iframely
+ynh_remove_systemd_config --service=$app-pict-rs
+
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing logrotate configuration..."
+
+# Remove the app-specific logrotate config
+ynh_remove_logrotate
+
+#=================================================
+# REMOVE THE POSTGRESQL DATABASE
+#=================================================
+ynh_script_progression --message="Removing the PostgreSQL database..."
+
+# Remove a database if it exists, along with the associated user
+ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
+
+#=================================================
+# REMOVE IMAGEMAGICK
+#=================================================
+ynh_script_progression --message="Removing ImageMagick..."
+
+ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
+
+# Install ImageMagick
+pushd "$final_path/build-imagemagick/"
+	ynh_exec_warn_less ./configure
+	ynh_exec_warn_less make uninstall
+popd
+
+ynh_secure_remove --file="$final_path/build-imagemagick"

 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Removing dependencies..."  --weight=1
+ynh_script_progression --message="Removing dependencies..."

 # Remove metapackage and its dependencies
+ynh_remove_nodejs
 ynh_remove_app_dependencies
+ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"

 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Removing app main directory..."  --weight=1
+ynh_script_progression --message="Removing app main directory..."

 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
@ -43,13 +112,33 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing NGINX web server configuration..."  --weight=1
+ynh_script_progression --message="Removing NGINX web server configuration..."

 # Remove the dedicated NGINX config
 ynh_remove_nginx_config

+#=================================================
+# SPECIFIC REMOVE
+#=================================================
+# REMOVE VARIOUS FILES
+#=================================================
+ynh_script_progression --message="Removing various files..."
+
+# Remove the log files
+ynh_secure_remove --file="/var/log/$app"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Removing the dedicated system user..."
+
+# Delete a system user
+ynh_system_user_delete --username=$app
+
 #=================================================
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Removal of $app completed" --last
+ynh_script_progression --message="Removal of $app completed"
--- a/scripts/restore
+++ b/scripts/restore
@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
 #=================================================

 ynh_clean_setup () {
-	#### Remove this function if there's nothing to clean before calling the remove script.
-	true
+	ynh_clean_check_starting
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
@ -24,19 +23,22 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."  --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)

 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
-ynh_script_progression --message="Validating restoration parameters..."  --weight=1
+ynh_script_progression --message="Validating restoration parameters..."

 ynh_webpath_available --domain=$domain --path_url=$path_url \
 	|| ynh_die --message="Path not available: ${domain}${path_url}"
@ -48,45 +50,136 @@ test ! -d $final_path \
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..."

 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"

+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..."
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir=$final_path
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Restoring the app main directory..."  --weight=1
+ynh_script_progression --message="Restoring the app main directory..."

 ynh_restore_file --origin_path="$final_path"

+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"

 #=================================================
-# INSTALL DEPENDENCIES
+# RESTORE THE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=1
+ynh_script_progression --message="Restoring the data directory..."

-#ynh_install_app_dependencies $pkg_dependencies
+ynh_restore_file --origin_path="$datadir" --not_mandatory

-# Install Docker and compose
-curl -sSL https://get.docker.com | sh
-systemctl enable docker --quiet
-curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"

 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
-# Run Lemmy through Docker
+# REINSTALL DEPENDENCIES
 #=================================================
-# chown -R $(whoami) /usr/local/bin
+ynh_script_progression --message="Reinstalling dependencies..."

-chmod +x /usr/local/bin/docker-compose
-cd "$final_path" && docker-compose up -d
+# Define and install dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
+ynh_use_nodejs
+ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
+
+#=================================================
+# BUILDING IMAGEMAGICK
+#=================================================
+ynh_script_progression --message="Building ImageMagick..."
+
+ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
+
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $imagemagick_build_dependencies
+
+# Install ImageMagick
+pushd "$final_path/build-imagemagick/"
+	ynh_exec_warn_less ./configure --with-modules
+	ynh_exec_warn_less make
+	ynh_exec_warn_less make install
+	ynh_exec_warn_less ldconfig /usr/local/lib
+popd
+ynh_secure_remove --file="$final_path/build-imagemagick"
+
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+
+#=================================================
+# RESTORE THE POSTGRESQL DATABASE
+#=================================================
+ynh_script_progression --message="Restoring the PostgreSQL database..."
+
+ynh_psql_test_if_first_run
+ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
+ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
+
+#=================================================
+# RESTORE SYSTEMD
+#=================================================
+ynh_script_progression --message="Restoring the systemd configuration..."
+
+ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
+systemctl enable $app.service --quiet
+ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
+systemctl enable $app-ui.service --quiet
+ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service"
+systemctl enable $app-iframely.service --quiet
+ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
+systemctl enable $app-pict-rs.service --quiet
+
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the logrotate configuration..."
+
+mkdir -p "/var/log/$app"
+chmod 750 "/var/log/$app"
+chmod -R o-rwx "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
+#=================================================
+# INTEGRATE SERVICE IN YUNOHOST
+#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..."
+
+yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
+yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
+yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..."
+
+ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd

 #=================================================
 # GENERIC FINALIZATION
 #=================================================
-# RELOAD NGINX AND PHP-FPM
+# RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..."  --weight=1
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload

@ -94,4 +187,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Restoration completed for $app"  --last
+ynh_script_progression --message="Restoration completed for $app"
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."  --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -20,6 +20,10 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 password=$(ynh_app_setting_get --app=$app --key=password)
 sitename=$(ynh_app_setting_get --app=$app --key=sitename)
 random=$(ynh_app_setting_get --app=$app --key=random)
@ -27,17 +31,24 @@ port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy)
 port_ui=$(ynh_app_setting_get --app=$app --key=port_ui)
 port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs)
 port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely)
-version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
+admin_email=$(ynh_user_get_info --username=$admin --key="mail")

+#=================================================
+# CHECK VERSION
+#=================================================
+ynh_script_progression --message="Checking version..."
+
+upgrade_type=$(ynh_check_app_version_changed)

 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."  --weight=1
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."

 # Backup the current version of the app
 ynh_backup_before_upgrade
 ynh_clean_setup () {
+	ynh_clean_check_starting
 	# Restore it if the upgrade fails
 	ynh_restore_upgradebackup
 }
@ -47,7 +58,34 @@ ynh_abort_if_errors
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
+# STOP SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Stopping a systemd service..."

+ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
+ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
+ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd
+ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_script_progression --message="Ensuring downward compatibility..."
+
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir=$final_path

 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -55,78 +93,180 @@ ynh_abort_if_errors

 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
-	ynh_script_progression --message="Upgrading source files..."  --weight=1
+	ynh_script_progression --message="Upgrading source files..."

-	# Download, check integrity, uncompress and patch the source from app.src
-	cp -f ../conf/docker-compose.yml       "$final_path/docker-compose.yml"
-	cp -f ../conf/lemmy.hjson              "$final_path/lemmy.hjson"
-	cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
-	pushd "$final_path"
-		chown -R 991:991 volumes/pictrs
-	popd
+	# Download, check integrity, uncompress the source of lemmy from app.src to his build directory
+	ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="docker-image-extract"
+	ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-image-extract"
+	ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
+	ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
+	ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
+	ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
 fi

+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
+ynh_script_progression --message="Upgrading NGINX web server configuration..."

 # Create a dedicated NGINX config
-ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
+ynh_add_nginx_config

 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Upgrading dependencies..." --weight=1
-
-#ynh_install_app_dependencies $pkg_dependencies
-
-# Install Docker and compose
-curl -sSL https://get.docker.com | sh
-systemctl enable docker --quiet
-curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
+ynh_script_progression --message="Upgrading dependencies..."

+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
+ynh_use_nodejs
+ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1

 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
+# MAKE UPGRADE
+#=================================================
+ynh_script_progression --message="Making upgrade..."

+if [ "$upgrade_type" == "UPGRADE_APP" ]
+then
+	ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $pkg_build_dependencies
+
+	# Install lemmy
+	pushd $final_path/build-lemmy
+		./docker-image-extract dessalines/lemmy:$LEMMY_VERSION
+	popd
+	mkdir -p "$final_path/lemmy/"
+	mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy"
+	ynh_secure_remove --file="$final_path/build-lemmy"
+
+	# Install lemmy-ui
+	pushd $final_path/build-lemmy-ui
+		./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION
+	popd
+	mkdir -p "$final_path/lemmy-ui/"
+	rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/"
+	ynh_secure_remove --file="$final_path/build-lemmy-ui"
+
+	# Install ImageMagick
+	pushd "$final_path/build-imagemagick/"
+		ynh_exec_warn_less ./configure --with-modules
+		ynh_exec_warn_less make
+		ynh_exec_warn_less make install
+		ynh_exec_warn_less ldconfig /usr/local/lib
+	popd
+	ynh_secure_remove --file="$final_path/build-imagemagick"
+
+	# Install rustup with the toolchain needed by pict-rs
+	pushd "$final_path"
+		sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
+	popd
+
+	export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
+
+	# Install pict-rs
+	pushd $final_path/build-pict-rs
+		ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
+	popd
+	mkdir -p "$final_path/pict-rs/"
+	mv -f "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
+	ynh_secure_remove --file="$final_path/build-pict-rs"
+
+	# Remove rustup
+	ynh_secure_remove --file="$final_path/.cargo"
+	ynh_secure_remove --file="$final_path/.rustup"
+
+	# Install iframely
+	pushd $final_path/build-iframely
+		./docker-image-extract dogbin/iframely:latest
+	popd
+	mkdir -p "$final_path/iframely/"
+	rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
+	ynh_secure_remove --file="$final_path/build-iframely"
+
+	ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+fi
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"

 #=================================================
-# MODIFY A CONFIG FILE
+# UPDATE A CONFIG FILE
 #=================================================
+ynh_script_progression --message="Updating a configuration file..."

+mkdir -p "$final_path/lemmy/"
+ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"

-ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
+chmod 400 "$final_path/config/config.hjson"
+chown $app:$app "$final_path/config/config.hjson"

+ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"

-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
-ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
+chmod 400 "$final_path/iframely/iframely.config.local.js"
+chown $app:$app "$final_path/iframely/iframely.config.local.js"
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+ynh_script_progression --message="Upgrading systemd configuration..."
+
+# Create a dedicated systemd config
+ynh_add_systemd_config --service="$app" --template="lemmy.service"
+ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
+ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
+ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Upgrading logrotate configuration..."
+
+mkdir -p "/var/log/$app"
+chmod 750 "/var/log/$app"
+chmod -R o-rwx "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+#=================================================
+# INTEGRATE SERVICE IN YUNOHOST
+#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..."
+
+yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
+yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
+yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..."
+
+ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
+ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd

 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..."  --weight=1
+ynh_script_progression --message="Reloading NGINX web server..."

 ynh_systemd_action --service_name=nginx --action=reload

-#=================================================
-# Run Lemmy through Docker
-#=================================================
-#chown -R $(whoami) /usr/local/bin
-chmod +x /usr/local/bin/docker-compose
-cd "$final_path" && docker-compose up -d
-
 #=================================================
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Upgrade of $app completed"  --last
+ynh_script_progression --message="Upgrade of $app completed"