From cfce1f3c1942bb52150137169ddf6be8a5dc1686 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
Date: Fri, 6 Apr 2018 19:58:23 +0200
Subject: [PATCH 1/3] Rename .fonctions to _common.sh

---
 scripts/{.fonctions => _common.sh} | 0
 scripts/backup                     | 8 ++++----
 scripts/install                    | 2 +-
 scripts/remove                     | 8 ++++----
 scripts/restore                    | 8 ++++----
 scripts/upgrade                    | 2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)
 rename scripts/{.fonctions => _common.sh} (100%)

diff --git a/scripts/.fonctions b/scripts/_common.sh
similarity index 100%
rename from scripts/.fonctions
rename to scripts/_common.sh
diff --git a/scripts/backup b/scripts/backup
index e4a5bba..ffcac0e 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -3,13 +3,13 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-if [ ! -e .fonctions ]; then
+if [ ! -e _common.sh ]; then
 	# Get file fonction if not been to the current directory
-	sudo cp ../settings/scripts/.fonctions ./.fonctions
-	sudo chmod a+rx .fonctions
+	sudo cp ../settings/scripts/_common.sh ./_common.sh
+	sudo chmod a+rx _common.sh
 fi
 # Loads the generic functions usually used in the script
-source .fonctions
+source _common.sh
 # Source app helpers
 source /usr/share/yunohost/helpers
 
diff --git a/scripts/install b/scripts/install
index 3d5172f..a8f832c 100644
--- a/scripts/install
+++ b/scripts/install
@@ -3,7 +3,7 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-source .fonctions	# Loads the generic functions usually used in the script
+source _common.sh	# Loads the generic functions usually used in the script
 source /usr/share/yunohost/helpers # Source app helpers
 
 CLEAN_SETUP () {
diff --git a/scripts/remove b/scripts/remove
index 1b2c405..6683c07 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -3,13 +3,13 @@
 # Exit on command errors and treat unset variables as an error
 set -u
 
-if [ ! -e .fonctions ]; then
+if [ ! -e _common.sh ]; then
 	# Get file fonction if not been to the current directory
-	sudo cp ../settings/scripts/.fonctions ./.fonctions
-	sudo chmod a+rx .fonctions
+	sudo cp ../settings/scripts/_common.sh ./_common.sh
+	sudo chmod a+rx _common.sh
 fi
 
-source .fonctions	# Loads the generic functions usually used in the script
+source _common.sh	# Loads the generic functions usually used in the script
 # Source app helpers
 source /usr/share/yunohost/helpers
 
diff --git a/scripts/restore b/scripts/restore
index 30666df..8ca0b5a 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -4,13 +4,13 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
-if [ ! -e .fonctions ]; then
+if [ ! -e _common.sh ]; then
 	# Get file fonction if not been to the current directory
-	sudo cp ../settings/scripts/.fonctions ./.fonctions
-	sudo chmod a+rx .fonctions
+	sudo cp ../settings/scripts/_common.sh ./_common.sh
+	sudo chmod a+rx _common.sh
 fi
 # Loads the generic functions usually used in the script
-source .fonctions
+source _common.sh
 # Source app helpers
 source /usr/share/yunohost/helpers
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 50904f1..47b4712 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -4,7 +4,7 @@
 set -eu
 
 # Loads the generic functions usually used in the script
-source .fonctions
+source _common.sh
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers
 

From eab38a2058989dfcbbab5dbd19612bc4f253267d Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
Date: Fri, 6 Apr 2018 21:00:38 +0200
Subject: [PATCH 2/3] Improve manifest and check_process

---
 check_process | 8 ++++----
 manifest.json | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/check_process b/check_process
index 6952a12..273bc7a 100644
--- a/check_process
+++ b/check_process
@@ -4,7 +4,7 @@
 		domain="domain.tld"	(DOMAIN)
 		admin="john"   (USER)
 		path="/path"	(PATH)
-		passwd="adminpassword"
+		passwd="():g9!co.'G{2+f/Wd\,e"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=0
@@ -26,9 +26,9 @@
 	Level 1=auto
 	Level 2=auto
 	Level 3=auto
-	Level 4=na  
-	Level 5=1
-# level 5: le test ne semble pas tout à fait savoir ce qu'est vraiment un "exit".
+# Level 4: TODO: https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Enabling-LDAP-login.md
+	Level 4=0
+	Level 5=auto
 	Level 6=auto
 	Level 7=auto
 	Level 8=0
diff --git a/manifest.json b/manifest.json
index 228fa4b..3c1b32b 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,15 +3,15 @@
 	"id": "mastodon",
 	"packaging_format": 1,
 	"requirements": {
-		"yunohost": ">= 2.4"
+		"yunohost": ">= 2.7.9"
 	},
 	"description": {
 		"en": "Mastodon is a free, open-source social network.",
 		"fr": "Mastodon est un réseau social gratuit et open source."
 	},
-	"version": "2.2.0",
+	"version": "2.2.0-1",
 	"url": "https://github.com/tootsuite/mastodon",
-	"license": "AGPL v3.0",
+	"license": "AGPL-3.0-or-later",
 	"maintainer": {
 		"name": "cyp, nemsia",
 		"email": "cyp@rouquin.me, nemsia@nemsia.org"

From 18b69b2fdfbd1178334b5ea5a3c9e75fb439a10f Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
Date: Fri, 6 Apr 2018 21:01:26 +0200
Subject: [PATCH 3/3] Remove old-time specific functions and add multiple TODO

---
 scripts/_common.sh | 190 -----------------------
 scripts/install    | 367 +++++++++++++++++++++++++++------------------
 2 files changed, 224 insertions(+), 333 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 20f9ea0..39b0631 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,167 +1,5 @@
 #!/bin/bash
 
-ynh_version="2.4"
-
-YNH_VERSION () {	# Returns the version number of the Yunohost moulinette
-	ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2)
-}
-
-CHECK_VAR () {	# Verifies that the variable is not empty.
-	# $1 = Variable to be checked
-	# $2 = Display text on error
-	test -n "$1" || (echo "$2" >&2 && false)
-}
-
-EXIT_PROPERLY () {	# Causes the script to stop in the event of an error. And clean the residue.
-	trap '' ERR
-	echo -e "\e[91m \e[1m"	# Shell in light red bold
-	echo -e "!!\n  $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
-
-	if type -t CLEAN_SETUP > /dev/null; then	# Checks the existence of the function before executing it.
-		CLEAN_SETUP	# Call the specific cleanup function of the install script.
-	fi
-
-	# Compensates the ssowat bug that does not remove the app's input in case of installation error.
-	sudo sed -i "\@\"$domain/\":@d" /etc/ssowat/conf.json
-
-	if [ "$ynh_version" = "2.2" ]; then
-		/bin/bash $script_dir/remove
-	fi
-
-	ynh_die
-}
-
-TRAP_ON () {	# Activate signal capture
-	trap EXIT_PROPERLY ERR	# Capturing exit signals on error
-}
-
-TRAP_OFF () {	# Ignoring signal capture until TRAP_ON
-	trap '' ERR	# Ignoring exit signals
-}
-
-CHECK_USER () {	# Check the validity of the user admin
-	# $1 = User admin variable
-	ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false)
-}
-
-CHECK_PATH () {	# Checks / at the beginning of the path. And his absence at the end.
-	if [ "${path:0:1}" != "/" ]; then    # If the first character is not /
-		path="/$path"    # Add / at the beginning of path
-	fi
-	if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then    # If the last character is a / and it is not the only character.
-		path="${path:0:${#path}-1}"	# Delete last character
-	fi
-}
-
-CHECK_DOMAINPATH () {	# Checks the availability of the path and domain.
-	sudo yunohost app checkurl $domain -a $app
-}
-
-CHECK_FINALPATH () {	# Checks that the destination folder is not already in use.
-	final_path=/opt/$app
-	if [ -e "$final_path" ]
-	then
-		echo "This path already contains a folder" >&2
-		false
-	fi
-}
-
-STORE_MD5_CONFIG () {	# Saves the checksum of the config file
-	# $1 = Name of the conf file for storage in settings.yml
-	# $2 = Full name and path of the conf file.
-	ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1)
-}
-
-CHECK_MD5_CONFIG () {	# Created a backup of the config file if it was changed.
-	# $1 = Name of the conf file for storage in settings.yml
-	# $2 = Full name and path of the conf file.onf.
-	if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then
-		sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"	# Si le fichier de config a été modifié, créer un backup.
-	fi
-}
-
-FIND_PORT () {	# Search free port
-	# $1 = Port number to start the search.
-	port=$1
-	while ! sudo yunohost app checkport $port ; do
-		port=$((port+1))
-	done
-	CHECK_VAR "$port" "port empty"
-}
-
-SETUP_SOURCE () {	# Download source, decompress and copu into $final_path
-	src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'})
-	sudo wget -nv -i ../sources/source_url -O $src
-	# Checks the checksum of the downloaded source.
-	# md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source"
-	# Decompress source
-	if [ "$(echo ${src##*.})" == "tgz" ]; then
-		tar -x -f $src
-	elif [ "$(echo ${src##*.})" == "zip" ]; then
-		unzip -q $src
-	else
-		false	# Unsupported archive format.
-	fi
-	# Copy file source
-	sudo cp -a $(cat ../sources/source_dir)/. "$final_path/live"
-	# Copy additional file and modified
-	if test -e "../sources/ajouts"; then
-		sudo cp -a ../sources/ajouts/. "$final_path"
-	fi
-}
-
-# Create user with special hack 
-CREATE_USER () {
-	sudo curl -kSs https://${domain}/auth/sign_up --cookie-jar cookie | grep csrf > token || true
-	token=$(sudo cat token | sed -n '/csrf-token/s/.*name="csrf-token"\s\+content="\([^"]\+\).*/\1/p')
-	sudo curl -kSs https://${domain}/auth --data "&user[account_attributes][username]=${admin_mastodon}&user[email]=${admin_mastodon}@${domain}&user[password]=${admin_pass}&user[password_confirmation]=${admin_pass}&authenticity_token=${token}" --cookie cookie
-}
-
-### REMOVE SCRIPT
-
-REMOVE_NGINX_CONF () {	# Delete nginx configuration
-	if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then	# Delete nginx config
-		echo "Delete nginx config"
-		sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
-		sudo systemctl reload nginx
-	fi
-}
-
-REMOVE_LOGROTATE_CONF () {	# Delete logrotate configuration
-	if [ -e "/etc/logrotate.d/$app" ]; then
-		echo "Delete logrotate config"
-		sudo rm "/etc/logrotate.d/$app"
-	fi
-}
-
-SECURE_REMOVE () {      # Deleting a folder with variable verification
-	chaine="$1"	# The argument must be given between simple quotes '', to avoid interpreting the variables.
-	no_var=0
-	while (echo "$chaine" | grep -q '\$')	# Loop as long as there are $ in the string
-	do
-		no_var=1
-		global_var=$(echo "$chaine" | cut -d '$' -f 2)	# Isole the first variable found.
-		only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)')	# Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind.
-		real_var=$(eval "echo ${only_var}")		# `eval "echo ${var}` Allows to interpret a variable contained in a variable.
-		if test -z "$real_var" || [ "$real_var" = "/" ]; then
-			echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
-			return 1
-		fi
-		chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@")	# Replaces variable with its value in the string.
-	done
-	if [ "$no_var" -eq 1 ]
-	then
-		if [ -e "$chaine" ]; then
-			echo "Delete directory $chaine"
-			sudo rm -r "$chaine"
-		fi
-		return 0
-	else
-		echo "No detected variable." >&2
-		return 1
-	fi
-}
-
 # Create a db without password
 #
 # usage: ynh_mysql_create_user user
@@ -233,31 +71,3 @@ ynh_psql_drop_db() {
 ynh_psql_drop_user() {
     sudo su -c "dropuser ${1}" postgres
 }
-
-# Remove a file or a directory securely
-#
-# usage: ynh_secure_remove path_to_remove
-# | arg: path_to_remove - File or directory to remove
-ynh_secure_remove () {
-  path_to_remove=$1
-  forbidden_path=" \
-  /var/www \
-  /home/yunohost.app"
-
-  if [[ "$forbidden_path" =~ "$path_to_remove" \
-    # Match all path or subpath in $forbidden_path
-    || "$path_to_remove" =~ ^/[[:alnum:]]+$ \
-    # Match all first level path from / (Like /var, /root, etc...)
-    || "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
-    # Match if the path finish by /. Because it's seems there is an empty variable
-  then
-    echo "Avoid deleting of $path_to_remove." >&2
-  else
-    if [ -e "$path_to_remove" ]
-    then
-      sudo rm -R "$path_to_remove"
-    else
-      echo "$path_to_remove doesn't deleted because it's not exist." >&2
-    fi
-  fi
-}
\ No newline at end of file
diff --git a/scripts/install b/scripts/install
index a8f832c..5b1acaa 100644
--- a/scripts/install
+++ b/scripts/install
@@ -1,17 +1,25 @@
 #!/bin/bash
 
-# Exit on command errors and treat unset variables as an error
-set -eu
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
 
-source _common.sh	# Loads the generic functions usually used in the script
-source /usr/share/yunohost/helpers # Source app helpers
+source _common.sh
+source /usr/share/yunohost/helpers
 
-CLEAN_SETUP () {
-	# Clean installation residues that are not supported by the remove script.
-	# Clean hosts
-	echo ""
-}
-TRAP_ON	# Active trap to stop the script if an error is detected.
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#================================================
 
 domain=$YNH_APP_ARG_DOMAIN
 admin_mastodon=$YNH_APP_ARG_ADMIN
@@ -19,217 +27,290 @@ admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail')
 admin_pass=$YNH_APP_ARG_PASSWD
 language=$YNH_APP_ARG_LANGUAGE
 
+path_url="/"
+
 app=$YNH_APP_INSTANCE_NAME
 
-CHECK_VAR "$app" "app name not set"
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================
 
-CHECK_USER "$admin_mastodon"
+final_path=/var/www/$app
+test ! -e "$final_path" || ynh_die "This path already contains a folder"
 
-CHECK_DOMAINPATH
+[[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters"
 
-CHECK_FINALPATH
+# Normalize the url path syntax
+path_url=$(ynh_normalize_url_path $path_url)
+
+# Check web path availability
+ynh_webpath_available $domain $path_url
+# Register (book) web path
+ynh_webpath_register $app $domain $path_url
+
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================
 
 ynh_app_setting_set $app domain $domain
 ynh_app_setting_set $app admin $admin_mastodon
 ynh_app_setting_set $app pass $admin_pass
 ynh_app_setting_set $app language $language
+ynh_app_setting_set $app path $path_url
 
-[[ ${#admin_pass} -gt 7 ]] || ynh_die \
-"The password is too weak, it must be longer than 7 characters"
 
-# Create user unix
-sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
 
-# Install debian package
-ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev
 
-# Install redis package
-ynh_package_install redis-server redis-tools
+#=================================================
+# INSTALL DEPENDENCIES
+#=================================================
 
-# Install postgresql
-ynh_package_install postgresql postgresql-contrib postgresql-server-dev-9.4
-
-# Install Ruby
-ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
+# TODO: add in a clean way backports and yarn
 
 # Import debian archive pubkey, need on ARM arch
 arch=$(uname -m)
 if [[ $arch = arm*  ]]; then
-	sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
-	sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
+	apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
+	apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
 fi
 
 # Install source.list debian package backports & yarn
-sudo cp ../conf/backports.list /etc/apt/sources.list.d/
-sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
-sudo cp ../conf/yarn.list /etc/apt/sources.list.d/
+cp ../conf/backports.list /etc/apt/sources.list.d/
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+cp ../conf/yarn.list /etc/apt/sources.list.d/
 ynh_package_update
 
-# Install debian package backports
-sudo apt-get -t jessie-backports -y install ffmpeg
-
 # Creates the destination directory and stores its location.
 ynh_app_setting_set $app final_path $final_path
 
 # Install de Node.js
-pushd /opt
-curl -sL https://deb.nodesource.com/setup_6.x | sudo bash -
-sudo apt-get -y install nodejs
+# TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs
+(
+	cd /opt
+	curl -sL https://deb.nodesource.com/setup_6.x | bash -
+	apt-get -y install nodejs
+)
 
-# Install Yarn
-ynh_package_install yarn
+# TODO: use the same mecanism with other files
+ynh_install_app_dependencies \
+	`# debian packages ` \
+	imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \
+	`# redis ` \
+	redis-server redis-tools \
+	`# postgresql ` \
+	postgresql postgresql-contrib postgresql-server-dev-9.4 \
+	`# Ruby ` \
+	autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \
+	`# ffmpeg from backports ` \
+	ffmpeg \
+	`# Yarn ` \
+	yarn
 
+#=================================================
+# CREATE A DATABASE
+#=================================================
+
+# TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres
+# TODO: this commands doesn't looks like a requirement, you may fully remove it
 # Set UTF8 encoding by default
-sudo su -c "psql" postgres <<< \
+su -c "psql" postgres <<< \
 			"update pg_database set datistemplate='false' where datname='template1';"
-sudo su -c "psql" postgres <<< \
+su -c "psql" postgres <<< \
 			"drop database template1;"
-sudo su -c "psql" postgres <<< \
+su -c "psql" postgres <<< \
 			"create database template1 encoding='UTF8' template template0;"
-sudo su -c "psql" postgres <<< \
+su -c "psql" postgres <<< \
 			"update pg_database set datistemplate='true' where datname='template1';"
 
 # Create DB without password
 ynh_psql_create_db_without_password "$app"
-sudo systemctl restart postgresql
+systemctl restart postgresql
 
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# TODO: dont su as $app, work root and set corrects rights at the end of install
 # Download all sources rbenv, ruby and mastodon
-sudo su - $app <<CLONECOMMANDS
-git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv
-git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build
-git clone https://github.com/tootsuite/mastodon.git $final_path/live
-CLONECOMMANDS
+(
+	su $app
+	git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv
+	git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build
+	git clone https://github.com/tootsuite/mastodon.git $final_path/live
+)
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+
+# TODO: use official helper
+# Modify Nginx configuration file and copy it to Nginx conf directory
+sed -i "s@__PATH__@$app@g" ../conf/nginx.conf*
+sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf*
+cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+
+# TODO: use official helper
+# TODO: AFAIK, no app should change should be in /opt don't use it
+# Create user unix
+adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login
 
 # Switch branch to tagged release
 cd $final_path/live
 version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4)
-sudo su - $app <<SWITCHCOMMANDS
-pushd ~/live
-git checkout $version
-SWITCHCOMMANDS
 
-# Be king rewind (/var/cache/yunohost/from_file/scripts)
-popd
+(
+	su $app
+	cd ~/live
+	git checkout $version
+)
 
 # Install de rbenv
-sudo su - $app <<COMMANDS
-pushd ~/.rbenv
-src/configure && make -C src
-echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile
-echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc
-echo 'eval "\$(rbenv init -)"' >> ~/.profile
-COMMANDS
+(
+	su $app
+	cd ~/.rbenv
+	src/configure && make -C src
+	echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile
+	echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc
+	echo 'eval "\$(rbenv init -)"' >> ~/.profile
+)
 
 # Install ruby-build
-sudo su - $app <<RCOMMANDS
-/opt/mastodon/.rbenv/bin/rbenv install 2.5.0
-/opt/mastodon/.rbenv/versions/2.5.0/bin/ruby -v
-RCOMMANDS
+# TODO: /opt/mastodon looks like /opt/$app which is WRONG.
+(
+	su $app
+	/opt/mastodon/.rbenv/bin/rbenv install 2.5.0
+	/opt/mastodon/.rbenv/versions/2.5.0/bin/ruby -v
+)
 
 # Create symlink for ruby
-sudo rm /usr/bin/ruby || true
-sudo ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true
+rm /usr/bin/ruby || true
+ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true
 
 # Install Mastodon
-sudo su - $app <<MCOMMANDS
-pushd ~/live
-/opt/mastodon/.rbenv/versions/2.5.0/bin/gem install bundler
-bin/bundle install --deployment --without development test
-yarn install --production
-MCOMMANDS
+# TODO: /opt/mastodon looks like /opt/$app which is WRONG.
+(
+	su $app
+	cd ~/live
+	/opt/mastodon/.rbenv/versions/2.5.0/bin/gem install bundler
+	bin/bundle install --deployment --without development test
+	yarn install --production
+)
 
 # Adjust Mastodon config
-pushd $final_path/live/
-sudo cp -a .env.production.sample .env.production
-sudo sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production"
-sudo sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production"
-sudo sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production"
-sudo sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production"
-sudo sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production"
+# TODO: use official helper: ynh_replace_string
+cp -a $final_path/live/.env.production.sample $final_path/live/.env.production
+sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production"
+sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production"
+sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production"
+sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production"
+sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production"
 
 language="$(echo $language | head -c 2)"
-sudo sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production"
+sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production"
 
 paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
 secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
 otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
-sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production"
-sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production"
-sudo sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production"
+sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production"
+sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production"
+sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production"
 
-sudo sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production"
-sudo sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production"
-sudo sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production"
-sudo sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production"
-sudo sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production"
-sudo sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production"
-sudo sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production"
+sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production"
+sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production"
+sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production"
+sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production"
+sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production"
+sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production"
+sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production"
 
-# Create database
 # Preconfig CSS & JS
-sudo su - $app <<CCOMMANDS
-pushd ~/live
-echo "SAFETY_ASSURED=1">> .env.production
-RAILS_ENV=production bin/bundle exec rails db:setup
-RAILS_ENV=production bin/bundle exec rails --trace assets:precompile
-CCOMMANDS
+(
+	su $app
+	cd  ~/live
+	echo "SAFETY_ASSURED=1">> .env.production
+	RAILS_ENV=production bin/bundle exec rails db:setup
+	RAILS_ENV=production bin/bundle exec rails --trace assets:precompile
+)
 
 # init rbenv & create bundle
-sudo su - $app <<BCOMMANDS
-. ~/.profile
-type rbenv
-BCOMMANDS
+(
+	su $app
+	. ~/.profile
+	type rbenv
+)
 
-# Add Services
-popd
+# TODO: use official helper ynh_add_systemd_config
+cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service
+chown root: /etc/systemd/system/mastodon-web.service
+cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service
+chown root: /etc/systemd/system/mastodon-sidekiq.service
+cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service
+chown root: /etc/systemd/system/mastodon-streaming.service
 
-sudo cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service
-sudo chown root: /etc/systemd/system/mastodon-web.service
-sudo cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service
-sudo chown root: /etc/systemd/system/mastodon-sidekiq.service
-sudo cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service
-sudo chown root: /etc/systemd/system/mastodon-streaming.service
-
-sudo systemctl daemon-reload
-sudo systemctl enable /etc/systemd/system/mastodon-*.service
-sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
+systemctl daemon-reload
+systemctl enable /etc/systemd/system/mastodon-*.service
+systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
 # debug
-sudo systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
-
-# Add service YunoHost
-sudo yunohost service add mastodon-web
-sudo yunohost service add mastodon-sidekiq
-sudo yunohost service add mastodon-streaming
+systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
 
 # Create user
-sudo su - $app <<UCOMMANDS
-pushd ~/live
-RAILS_ENV=production bundle exec rails c
-account = Account.create!(username: '$admin_mastodon')
-user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account)
-UCOMMANDS
+(
+	su $app
+	cd ~/live
+	RAILS_ENV=production bundle exec rails c
+	account = Account.create!(username: '$admin_mastodon')
+	user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account)
+)
 
 # Create administrator & confirm user
-sudo su - $app <<ACOMMANDS
-pushd ~/live
-RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon
-RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail
-ACOMMANDS
-
-# Modify Nginx configuration file and copy it to Nginx conf directory
-sudo sed -i "s@__PATH__@$app@g" ../conf/nginx.conf*
-sudo sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf*
-sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
+(
+	su $app
+	cd ~/live
+	RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon
+	RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail
+)
 
 # Install crontab
-sudo cp ../conf/crontab_mastodon /etc/cron.d/$app
-sudo sed -i "s@__APP__@$app@g" /etc/cron.d/$app
+cp ../conf/crontab_mastodon /etc/cron.d/$app
+sed -i "s@__APP__@$app@g" /etc/cron.d/$app
 
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# TODO:Set permissions to app files
+
+
+#=================================================
+# ADVERTISE SERVICE IN ADMIN PANEL
+#=================================================
+
+# Add service YunoHost
+yunohost service add mastodon-web
+yunohost service add mastodon-sidekiq
+yunohost service add mastodon-streaming
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+# TODO: all private install
 # Unprotected url
 ynh_app_setting_set "$app" unprotected_uris "/"
 
-# Reload SSOwat configuration
-sudo yunohost app ssowatconf
+#=================================================
+# RELOAD NGINX
+#=================================================
 
 # Reload Nginx
-sudo systemctl reload nginx
+systemctl reload nginx