Merge branch 'testing' into patch-2

2024-09-03 19:46:02 +02:00 · 2023-08-08 14:48:34 +00:00 · 2023-08-08 14:48:34 +00:00 · f841059b8d
commit f841059b8d
parent 5c72aa65b3 eb86c0e5d4
29 changed files with 524 additions and 1013 deletions
--- a/.github/workflows/updater.yml
+++ b/.github/workflows/updater.yml
@ -14,7 +14,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Fetch the source code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Run the updater script
@ -33,7 +33,7 @@ jobs:
      - name: Create Pull Request
        id: cpr
        if: ${{ env.PROCEED == 'true' }}
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update to version ${{ env.VERSION }}
--- a/README.md
+++ b/README.md
@ -6,6 +6,7 @@ It shall NOT be edited by hand.
 # Mastodon for YunoHost
 [![Integration level](https://dash.yunohost.org/integration/mastodon.svg)](https://dash.yunohost.org/appci/app/mastodon) ![Working status](https://ci-apps.yunohost.org/ci/badges/mastodon.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/mastodon.maintain.svg)
 [![Install Mastodon with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mastodon)
 *[Lire ce readme en français.](./README_fr.md)*
@ -17,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. 
-**Shipped version:** 4.0.2~ynh2
+**Shipped version:** 4.1.4~ynh2
 **Demo:** https://joinmastodon.org/
@ -25,49 +26,6 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali
 ![Screenshot of Mastodon](./doc/screenshots/mastodon.png)
 ## Disclaimers / important information
 ## Important points to read before installing
 1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld
 1. The user choosen during the installation is automatically created in Mastodon with admin rights
 1. At the end of the installation a mail is sent to the user with the automatically generated password
 1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page.
 ## Configuration
 ### Install
 #### Using *screen* in case of disconnect
 ```
 $ sudo apt-get install screen
 $ screen
 $ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git
 ```
 Recover after disconnect:
 ```
 $ screen -d
 $ screen -r
 ```
 ### Update
 #### Using *screen* highly recommended
 `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug `
 ### Administrate with tooctl
 `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
 ## YunoHost specific features
 #### Multi-users support
 LDAP authentication is activated. All YunoHost users can authenticate.
 Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501
 ## Documentation and resources
 * Official app website: <https://joinmastodon.org/>
--- a/README_fr.md
+++ b/README_fr.md
@ -6,6 +6,7 @@ It shall NOT be edited by hand.
 # Mastodon pour YunoHost
 [![Niveau d’intégration](https://dash.yunohost.org/integration/mastodon.svg)](https://dash.yunohost.org/appci/app/mastodon) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/mastodon.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/mastodon.maintain.svg)
 [![Installer Mastodon avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mastodon)
 *[Read this readme in english.](./README.md)*
@ -18,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales.
-**Version incluse :** 4.0.2~ynh2
+**Version incluse :** 4.1.4~ynh2
 **Démo :** https://joinmastodon.org/
@ -26,54 +27,6 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est
 ![Capture d’écran de Mastodon](./doc/screenshots/mastodon.png)
 ## Avertissements / informations importantes
 ## Points importants à lire avant l'installation
 1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld
 1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration.
 1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement.
 1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration.
 ## Captures d'écran
 ![](https://framalibre.org/sites/default/files/mastodon.png)
 ## Configuration
 ### Installation
 #### Utilisation de *screen* en cas de déconnection
 ```
 $ sudo apt-get install screen
 $ screen
 $ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git
 ```
 Récupérer l'installation après une deconnection :
 ```
 $ screen -d
 $ screen -r
 ```
 L'utilisateur admin est créé automatiquement comme : user@domain.tld
 ### Mise à jour
 #### Utilisation de *screen* fortement recommandée
 `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug `
 ### Administration avec tooctl
 `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
 ## Caractéristiques spécifiques YunoHost
 #### Support multi-utilisateur
 L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier.
 Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501
 ## Documentations et ressources
 * Site officiel de l’app : <https://joinmastodon.org/>
--- a/30
+++ b/30
@ -1,30 +0,0 @@
 ;; Test complet
 	; Manifest
 		domain="domain.tld"
 		is_public=1
 		admin="john"
 		language="fr_FR"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=0
 		setup_root=1
 		setup_nourl=0
 		setup_private=1
 		setup_public=1
 		upgrade=1
 		# 3.4.1~ynh1
 		#upgrade=1	from_commit=efbdbb05350b820c6e59a7bbbf70f57cf679fff8
 		# 3.4.1~ynh4
 		#upgrade=1	from_commit=adec07db890dec787416e1b7c4493d24391d3500
 		# 3.4.4~ynh1
 		#upgrade=1	from_commit=4d413848bf444586e28f3658de0ebe36d6ebf059
 		# 3.5.3~ynh1
 		upgrade=1	from_commit=acdc124f76fb9724cb22acb18c45cf0c3c2e62b5
 		# 3.5.3~ynh3
 		upgrade=1	from_commit=efa2d628920edce255ff406b28a97b1dd20e3d74
 		backup_restore=1
 		multi_instance=0
 		change_url=0
 ;;; Options
 Email=yalh@yahoo.com
 Notification=all
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@ -30,11 +30,14 @@ DB_NAME=__DB_NAME__
 DB_PASS=__DB_PWD__
 DB_PORT=5432
-# ElasticSearch (optional)
+# Elasticsearch (optional)
 # ------------------------
-# ES_ENABLED=true
+ES_ENABLED=false
-# ES_HOST=es
+# ES_HOST=localhost
 # ES_PORT=9200
 # Authentication for ES (optional)
 # ES_USER=elastic
 # ES_PASS=password
 # Secrets
 # -------
@ -54,17 +57,12 @@ VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__
 # ------------
 SMTP_SERVER=localhost
 SMTP_PORT=25
-#SMTP_LOGIN=
+SMTP_LOGIN=__APP__
-#SMTP_PASSWORD=
+SMTP_PASSWORD=__MAIL_PWD__
-SMTP_FROM_ADDRESS=__ADMIN_MAIL__
+SMTP_FROM_ADDRESS=Mastodon <__APP__@__DOMAIN__>
-#SMTP_REPLY_TO=
+SMTP_DELIVERY_METHOD=smtp
-#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
+SMTP_AUTH_METHOD=plain
 SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp
 SMTP_AUTH_METHOD=none
 #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
 SMTP_OPENSSL_VERIFY_MODE=none
 #SMTP_ENABLE_STARTTLS_AUTO=true
 #SMTP_TLS=true
 # Registrations
 # ------------
@ -80,16 +78,13 @@ DEFAULT_LOCALE=__LANGUAGE__
 # File storage (optional)
 # -----------------------
-# S3_ENABLED=true
+S3_ENABLED=false
-# S3_BUCKET=
+# S3_BUCKET=files.example.com
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
-# S3_REGION=
+# S3_ALIAS_HOST=files.example.com
 # S3_PROTOCOL=http
 # S3_HOSTNAME=192.168.1.123:9000
 # S3_ALIAS_HOST=
-# LDAP authentication (optional)
+# IP and session retention
 # -----------------------
 LDAP_ENABLED=true
 LDAP_HOST=localhost
@ -105,3 +100,9 @@ LDAP_UID_CONVERSION_ENABLED=true
 LDAP_UID_CONVERSION_SEARCH=., -
 LDAP_UID_CONVERSION_REPLACE=_
 LDAP_TLS_NO_VERIFY=true
 # Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
 # to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
 # -----------------------
 IP_RETENTION_PERIOD=1209600
 SESSION_RETENTION_PERIOD=1209600
--- a/conf/app.src
+++ b/conf/app.src
@ -1,7 +0,0 @@
 SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.0.2.tar.gz
 SOURCE_SUM=70a4d9dcd9b746f6e9ced9b567ee5ad81e530cfaccb7f471259b917c20166309
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
 SOURCE_FILENAME=
 SOURCE_EXTRACT=true
--- a/conf/cron
+++ b/conf/cron
@ -1,7 +1,7 @@
 # This is a system cron file, see crontab(5)
 # m h dom mon dow user command
-@daily __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove
+@daily __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove
--- a/conf/mastodon-sidekiq.service
+++ b/conf/mastodon-sidekiq.service
@ -5,16 +5,17 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="__LD_PRELOAD__"
 Environment="RAILS_ENV=production"
 Environment="DB_POOL=25"
 Environment="MALLOC_ARENA_MAX=2"
 Environment="__YNH_RUBY_LOAD_PATH__"
-ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 25
+ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25
 TimeoutSec=15
 Restart=always
-StandardError=syslog
+StandardOutput=append:/var/log/__APP__/__APP__-sidekiq.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
@ -22,17 +23,17 @@ StandardError=syslog
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=no
 PrivateTmp=yes
-#PrivateDevices=yes
+PrivateDevices=yes
-#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-#RestrictNamespaces=yes
+RestrictNamespaces=yes
-#RestrictRealtime=yes
+RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
-#ProtectKernelModules=yes
+ProtectKernelModules=yes
-#ProtectKernelTunables=yes
+ProtectKernelTunables=yes
-#LockPersonality=yes
+LockPersonality=yes
-#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
--- a/conf/mastodon-streaming.service
+++ b/conf/mastodon-streaming.service
@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="NODE_ENV=production"
 Environment="PORT=__PORT_STREAM__"
 Environment="STREAMING_CLUSTER_NUM=1"
@ -13,7 +13,8 @@ Environment="__YNH_NODE_LOAD_PATH__"
 ExecStart=__YNH_NODE__ ./streaming
 TimeoutSec=15
 Restart=always
-StandardError=syslog
+StandardOutput=append:/var/log/__APP__/__APP__-streaming.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
--- a/conf/mastodon-web.service
+++ b/conf/mastodon-web.service
@ -5,16 +5,17 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="__LD_PRELOAD__"
 Environment="RAILS_ENV=production"
 Environment="PORT=__PORT_WEB__"
 Environment="__YNH_RUBY_LOAD_PATH__"
-ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb
+ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb
 ExecReload=/bin/kill -SIGUSR1 $MAINPID
 TimeoutSec=15
 Restart=always
-StandardError=syslog
+StandardOutput=append:/var/log/__APP__/__APP__-web.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,8 +1,6 @@
-# upload max size
+client_max_body_size 99m;
 client_max_body_size 100M;
-# add to v1.4 assets
+root __INSTALL_DIR__/live/public;
 root __FINALPATH__/live/public;
 location / {
@ -13,23 +11,86 @@ location / {
  include conf.d/yunohost_panel.conf.inc;
 }
-location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
+location ~ /sw.js {
-  more_set_headers "Cache-Control: public, max-age=31536000, immutable";
+  more_set_headers "Cache-Control: public, max-age=604800, must-revalidate";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
-  try_files $uri @proxy;
+  try_files $uri =404;
 }
-location /sw.js {
+location ~ ^/assets/ {
-  more_set_headers "Cache-Control: public, max-age=0";
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
-  try_files $uri @proxy;
+  try_files $uri =404;
 }
 location ~ ^/avatars/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/emoji/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/headers/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/packs/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/shortcuts/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/sounds/ {
  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  try_files $uri =404;
 }
 location ~ ^/system/ {
  more_set_headers "Cache-Control: public, max-age=2419200, immutable";
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  more_set_headers "X-Content-Type-Option: nosniff";
  more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'";
  try_files $uri =404;
 }
 location ^~ /api/v1/streaming {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Proxy "";
  proxy_pass http://127.0.0.1:__PORT_STREAM__;
  proxy_buffering off;
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
  tcp_nodelay on;
 }
 location @proxy {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Proxy "";
  proxy_pass_header Server;
@ -38,31 +99,13 @@ location @proxy {
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
+  proxy_set_header Connection $connection_upgrade;
  #proxy_cache CACHE;
  proxy_cache_valid 200 7d;
  proxy_cache_valid 410 24h;
  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
  more_set_headers "X-Cached: $upstream_cache_status";
  more_set_headers "Strict-Transport-Security: max-age=31536000";
  tcp_nodelay on;
 }
 location /api/v1/streaming {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header Proxy "";
  proxy_pass http://127.0.0.1:__PORT_STREAM__;
  proxy_buffering off;
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
  tcp_nodelay on;
 }
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@ -0,0 +1,36 @@
 ## Administrate with tooctl
 `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
 ## Update
 **`screen` (or `tmux`) can be used to make sure your session is not interrupted in case of connection problems.**
 See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information.
 ```
 $ screen
 $ sudo yunohost app upgrade mastodon
 ```
 ## Backups
 First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. 
 You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space:
 To check your space usage, on a command line run:
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage`
 If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). Substitute X by the number of days you want to keep, e.g. 1 day. All older images will be deleted but will be refetched from the original server if necessary.
 First dry-run to see how much space is freed up (without actually removing):
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run`
 If all looks good commit the cleanup:
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X `
 ## Known Bugs
 - Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501
--- a/doc/ADMIN_fr.md
+++ b/doc/ADMIN_fr.md
@ -0,0 +1,34 @@
 ## Administration avec tooctl
 `$ cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help`
 ## Mise à jour
 **`screen` (ou `tmux`) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection.**
 Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails.
 ```
 $ screen
 $ sudo yunohost app upgrade mastodon
 ```
 ## Sauvegardes
 Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme.
 Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage.
 Pour vérifier l'utilisation du stockage, en ligne de commande utilisez :
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage`
 Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. Changez `X` par le nombre de cache à conserver, par ex. 1 jour. Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire.
 En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer):
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run`
 Si cela semble bon, effectuez le nettoyage :
 `$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X `
 ## Bugs connus
 - Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -1,40 +0,0 @@
 ## Important points to read before installing
 1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld
 1. The user choosen during the installation is automatically created in Mastodon with admin rights
 1. At the end of the installation a mail is sent to the user with the automatically generated password
 1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page.
 ## Configuration
 ### Install
 #### Using *screen* in case of disconnect
 ```
 $ sudo apt-get install screen
 $ screen
 $ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git
 ```
 Recover after disconnect:
 ```
 $ screen -d
 $ screen -r
 ```
 ### Update
 #### Using *screen* highly recommended
 `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug `
 ### Administrate with tooctl
 `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
 ## YunoHost specific features
 #### Multi-users support
 LDAP authentication is activated. All YunoHost users can authenticate.
 Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501
--- a/doc/DISCLAIMER_fr.md
+++ b/doc/DISCLAIMER_fr.md
@ -1,45 +0,0 @@
 ## Points importants à lire avant l'installation
 1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld
 1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration.
 1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement.
 1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration.
 ## Captures d'écran
 ![](https://framalibre.org/sites/default/files/mastodon.png)
 ## Configuration
 ### Installation
 #### Utilisation de *screen* en cas de déconnection
 ```
 $ sudo apt-get install screen
 $ screen
 $ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git
 ```
 Récupérer l'installation après une deconnection :
 ```
 $ screen -d
 $ screen -r
 ```
 L'utilisateur admin est créé automatiquement comme : user@domain.tld
 ### Mise à jour
 #### Utilisation de *screen* fortement recommandée
 `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug `
 ### Administration avec tooctl
 `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
 ## Caractéristiques spécifiques YunoHost
 #### Support multi-utilisateur
 L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier.
 Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501
--- a/doc/PRE_INSTALL.md
+++ b/doc/PRE_INSTALL.md
@ -0,0 +1,18 @@
 ## Important points to read before installing
 - **Mastodon** require a dedicated **root domain**, eg. `domaine.tld` or `mastodon.domain.tld`, with no other apps installed on that domain. You can't change the domain once installed.
 - The user choosen during the installation is automatically created in Mastodon with admin rights
 - It seems important to close registrations for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page.
 ## Using *screen* in case of disconnect
 ```
 $ sudo apt install screen
 $ screen
 $ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git
 ```
 Recover after disconnect:
 ```
 $ screen -d
 $ screen -r
 ```
--- a/doc/PRE_INSTALL_fr.md
+++ b/doc/PRE_INSTALL_fr.md
@ -0,0 +1,20 @@
 ## Points importants à lire avant l'installation
 - **Mastodon** nécessite un **nom de domaine** dédié, par exemple : `domaine.tld` ou `mastodon.domaine.tld` sans apps installées sur ce domaine. Il est impossible de changer le nom de domaine après l'installation.
 - L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration.
 - Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration.
 ## Utilisation de *screen* en cas de déconnexion
 L'installation de Mastodon peut être longue, selon les performances du serveur. Pour éviter que le processus soit interrompu par une déconnexion, on peut utiliser `screen`.
 ```
 $ sudo apt install screen
 $ screen
 $ sudo yunohost app install mastodon
 ```
 Récupérer l'installation après une deconnection :
 ```
 $ screen -d
 $ screen -r
 ```
--- a/manifest.json
+++ b/manifest.json
@ -1,69 +0,0 @@
 {
    "name": "Mastodon",
    "id": "mastodon",
    "packaging_format": 1,
    "description": {
        "en": "Libre and federated social network",
        "fr": "Réseau social libre et fédéré"
    },
    "version": "4.0.2~ynh2",
    "url": "https://github.com/mastodon/mastodon",
    "upstream": {
        "license": "AGPL-3.0-or-later",
        "website": "https://joinmastodon.org/",
        "demo": "https://joinmastodon.org/",
        "admindoc": "https://docs.joinmastodon.org/",
        "code": "https://github.com/mastodon/mastodon"
    },
    "license": "AGPL-3.0-or-later",
    "maintainer": {
        "name": "yalh76"
    },
    "previous_maintainer": [
        {
            "name": "cyp",
            "email": "cyp@rouquin.me"
        },
        {
            "name": "nemsia",
            "email": "nemsia@nemsia.org"
        }
    ],
    "requirements": {
        "yunohost": ">= 4.3.0"
    },
    "multi_instance": true,
    "services": [
        "nginx"
    ],
    "arguments": {
        "install": [
            {
                "name": "domain",
                "type": "domain"
            },
            {
                "name": "is_public",
                "type": "boolean",
                "default": true
            },
            {
                "name": "language",
                "type": "string",
                "ask": {
                    "en": "Choose the application language",
                    "fr": "Choisissez la langue de l'application"
                },
                "choices": [
                    "en_EN",
                    "fr_FR"
                ],
                "default": "fr_FR"
            },
            {
                "name": "admin",
                "type": "user"
            }
        ]
    }
 }
--- a/manifest.toml
+++ b/manifest.toml
@ -0,0 +1,86 @@
 packaging_format = 2
 id = "mastodon"
 name = "Mastodon"
 description.en = "Libre and federated social network"
 description.fr = "Réseau social libre et fédéré"
 version = "4.1.4~ynh2"
 maintainers = ["yalh76"]
 [upstream]
 license = "AGPL-3.0-or-later"
 website = "https://joinmastodon.org/"
 demo = "https://joinmastodon.org/"
 admindoc = "https://docs.joinmastodon.org/"
 code = "https://github.com/mastodon/mastodon"
 cpe = " cpe:2.3:a:joinmastodon:mastodon"
 fund = "https://joinmastodon.org/sponsors" 
 [integration]
 yunohost = ">= 11.2"
 architectures = "all"
 multi_instance = true
 ldap = true 
 sso = false
 disk = "2G"
 ram.build = "1G" 
 ram.runtime = "500M"
 [install]
    [install.domain]
    # this is a generic question - ask strings are automatically handled by Yunohost's core
    type = "domain"
    full_domain = true
    [install.init_main_permission]
    type = "group"
    default = "visitors"
    [install.language]
    ask.en = "Choose the application language"
    ask.fr = "Choisissez la langue de l'application"
    type = "select"
    choices = ["en_EN", "fr_FR"]
    default = "fr_FR"
    [install.admin]
    # this is a generic question - ask strings are automatically handled by Yunohost's core
    type = "user"
 [resources]
    [resources.sources]
        [resources.sources.main]
        url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.4.tar.gz"
        sha256 = "524bac8c4108acc07b001caf44951446cb587f9626d8e0d15ed2f5811b980aaa"
        autoupdate.strategy = "latest_github_release"
    [resources.system_user]
    allow_email = true
    [resources.install_dir]
    [resources.permissions]
    main.url = "/"
    api.url = "/api"
    api.allowed = "visitors"
    api.auth_header = false
    api.show_tile = false
    api.protected = true
    [resources.ports]
    web.default = 3000
    stream.default = 4000
    [resources.apt]
    packages = "imagemagick, ffmpeg, libpq-dev, libxml2-dev, libxslt1-dev, file, git-core, g++, libprotobuf-dev, protobuf-compiler, pkg-config, gcc, autoconf, bison, build-essential, libssl-dev, libyaml-dev, libreadline6-dev, zlib1g-dev, libncurses5-dev, libffi-dev, libgdbm6, libgdbm-dev, redis-tools, redis-server, postgresql, postgresql-contrib, libidn11-dev, libicu-dev, libjemalloc-dev, curl, apt-transport-https"
        [resources.apt.extras.yarn]
        repo = "deb https://dl.yarnpkg.com/debian/ stable main"
        key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
        packages = "yarn"
    [resources.database]
    type = "postgresql"
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -9,12 +9,13 @@ pkg_dependencies="imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git
 build_pkg_dependencies=""
 memory_needed="2560" # maybe requirement depends on arch, armhf need less and is setted inside lsb_release switch
-ruby_version=3.0.3
+ruby_version=3.0.6
 nodejs_version=16
 # Workaround for Mastodon on Bullseye
 # See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463
-if [ "$(lsb_release --codename --short)" = "bullseye" ]; then
+if [ "$(lsb_release --codename --short)" = "bullseye" ];
 then
 	case $YNH_ARCH in
 		amd64)
 			ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so"
--- a/scripts/backup
+++ b/scripts/backup
@ -10,27 +10,6 @@
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 #=================================================
 # MANAGE SCRIPT FAILURE
 #=================================================
 ynh_clean_setup () {
 	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
 ynh_print_info --message="Loading installation settings..."
 app=$YNH_APP_INSTANCE_NAME
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
 #=================================================
@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
 # BACKUP THE APP MAIN DIR
 #=================================================
-ynh_backup --src_path="$final_path"
+ynh_backup --src_path="$install_dir"
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
@ -50,6 +29,11 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
 # BACKUP LOGROTATE
 #=================================================
 ynh_backup --src_path="/etc/logrotate.d/$app"
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -11,117 +11,29 @@ source ynh_install_ruby__2
 source ynh_add_swap
 source /usr/share/yunohost/helpers
 #=================================================
 # MANAGE SCRIPT FAILURE
 #=================================================
 ynh_clean_setup () {
 	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 #=================================================
 # RETRIEVE ARGUMENTS FROM THE MANIFEST
 #=================================================
 domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
 admin=$YNH_APP_ARG_ADMIN
 app=$YNH_APP_INSTANCE_NAME
 admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
 # Set `service` settings to support `yunohost app shell` command
 ynh_app_setting_set --app="$app" --key=service --value="$app-web.service"
 #=================================================
-# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+# APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC)
 #=================================================
 ynh_script_progression --message="Validating installation parameters..." --weight=1
 final_path=/var/www/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 # Register (book) web path
 ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
 ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=language --value=$language
 ynh_app_setting_set --app=$app --key=admin --value=$admin
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
 ynh_script_progression --message="Finding an available port..." --weight=1
 # Find an available port
 port_web=$(ynh_find_port --port=3000)
 ynh_app_setting_set --app=$app --key=port_web --value=$port_web
 port_stream=$(ynh_find_port --port=4000)
 ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --weight=1
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
 ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
 ynh_script_progression --message="Configuring system user..." --weight=1
 # Create a system user
 ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 # CREATE A POSTGRESQL DATABASE
 #=================================================
 ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
 db_name=$(ynh_sanitize_dbid --db_name="${app}_production")
 db_user=$(ynh_sanitize_dbid --db_name=$app)
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_app_setting_set --app=$app --key=db_user --value=$db_user
 ynh_psql_test_if_first_run
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
 ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;"
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
 ynh_script_progression --message="Setting up source files..." --weight=1
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$final_path/live"
+ynh_setup_source --dest_dir="$install_dir/live"
-chmod 750 "$final_path"
+chown -R $app:www-data "$install_dir"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 #=================================================
-# NGINX CONFIGURATION
+# INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Configuring NGINX web server..." --weight=1
+ynh_script_progression --message="Installing Ruby and NodeJS..." --weight=1
-# Create a dedicated NGINX config
+ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
-ynh_add_nginx_config
+ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 #=================================================
 # SPECIFIC SETUP
@ -153,7 +65,7 @@ fi
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=1
-config="$final_path/live/.env.production"
+config="$install_dir/live/.env.production"
 language="$(echo $language | head -c 2)"
@ -166,28 +78,29 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base
 otp_secret=$(ynh_string_random --length=128)
 ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret"
 # We need rake to build vapid keys, we generate them later once the app is installed
 vapid_private_key=""
 vapid_public_key=""
 ynh_add_config --template="../conf/.env.production.sample" --destination="$config"
 chmod 400 "$config"
 chown $app:$app "$config"
-ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$final_path/live/config/settings.yml"
+ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$install_dir/live/config/settings.yml"
-ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$final_path/live/config/settings.yml"
+ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$install_dir/live/config/settings.yml"
-ynh_store_file_checksum --file="$final_path/live/config/settings.yml"
+ynh_store_file_checksum --file="$install_dir/live/config/settings.yml"
-chmod 400 "$final_path/live/config/settings.yml"
+chmod 400 "$install_dir/live/config/settings.yml"
-chown $app:$app "$final_path/live/config/settings.yml"
+chown $app:$app "$install_dir/live/config/settings.yml"
 #=================================================
 # BUILD APP
 #=================================================
 ynh_script_progression --message="Building app..." --weight=1
-pushd "$final_path/live"
+pushd "$install_dir/live"
 	# Building ruby packages
 	ynh_use_ruby
 	ynh_gem update --system
 	ynh_gem install bundler --no-document
@ -195,92 +108,65 @@ pushd "$final_path/live"
 	ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config without 'development test'
 	ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true
 	ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN)
 	# Building assets
 	ynh_use_nodejs
 	ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile
 	echo "SAFETY_ASSURED=1">> $config
-	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:setup --quiet
+	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet
 	# Generate vapid keys
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
-	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Admin > /dev/null
+	# Create the first admin user
-	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts modify "$admin" --approve
+	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null
 popd
-vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt")
+# Re-generate config with vapid keys
 vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/key.txt")
 ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key"
-
+vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/key.txt")
 vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt")
 ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key"
-
+ynh_secure_remove --file="$install_dir/live/key.txt"
 ynh_secure_remove --file="$final_path/live/key.txt"
 ynh_delete_file_checksum --file="$config"
 ynh_add_config --template="../conf/.env.production.sample" --destination="$config"
 chmod 400 "$config"
 chown $app:$app "$config"
-ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+#=================================================
-ynh_package_autoremove
+# SYSTEM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
-#=================================================
+# Create a dedicated NGINX config using the conf/nginx.conf template
-# SETUP SYSTEMD
+ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..." --weight=1
 # Create a dedicated systemd config
 ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service"
 yunohost service add "$app-web" --description="$app web service"
 ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service"
 yunohost service add "$app-sidekiq" --description="$app sidekiq service"
 ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service"
 yunohost service add "$app-streaming" --description="$app streaming service"
-#=================================================
+# Create a cron file
 # SETUP THE CRON FILE
 #=================================================
 ynh_script_progression --message="Setuping the cron file..." --weight=1
 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 # Use logrotate to manage application logfile(s)
 mkdir -p /var/log/$app
 chown $app:$app /var/log/$app
 ynh_use_logrotate
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 yunohost service add "$app-web" --description="$app web service"
 yunohost service add "$app-sidekiq" --description="$app sidekiq service"
 yunohost service add "$app-streaming" --description="$app streaming service"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
+ynh_script_progression --message="Starting all systemd services..." --weight=1
-ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on"
+ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on"
-ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded"
+ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded"
-ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening"
+ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening"
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	# Everyone can access the app.
 	# The "main" permission is automatically created before the install script.
 	ynh_permission_update --permission="main" --add="visitors"
 fi
 ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 #=================================================
 # RELOAD NGINX
 #=================================================
 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=nginx --action=reload
 #=================================================
 # END OF SCRIPT
--- a/scripts/remove
+++ b/scripts/remove
@ -12,22 +12,11 @@ source ynh_add_swap
 source /usr/share/yunohost/helpers
 #=================================================
-# LOAD SETTINGS
+# REMOVE SYSTEM CONFIGURATIONS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
+# REMOVE SYSTEMD SERVICE 
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$(ynh_app_setting_get --app=$app --key=db_user)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # STANDARD REMOVE
 #=================================================
 # REMOVE SERVICE INTEGRATION IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
 if ynh_exec_warn_less yunohost service status "$app-web" >/dev/null
@ -48,59 +37,23 @@ then
 	yunohost service remove "$app-streaming"
 fi
 #=================================================
 # STOP AND REMOVE SERVICE
 #=================================================
 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
 # Remove the dedicated systemd config
 ynh_remove_systemd_config --service="$app-web"
 ynh_remove_systemd_config --service="$app-sidekiq"
 ynh_remove_systemd_config --service="$app-streaming"
 #=================================================
 # REMOVE THE POSTGRESQL DATABASE
 #=================================================
 ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
 # Remove a database if it exists, along with the associated user
 ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
 ynh_script_progression --message="Removing app main directory..." --weight=1
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
-#=================================================
+# Remove a cron file
-# REMOVE DEPENDENCIES
+ynh_secure_remove --file="/etc/cron.d/$app"
-#=================================================
+
-ynh_script_progression --message="Removing dependencies..." --weight=1
+# Remote logrotate config
 ynh_remove_logrotate
 # Remove metapackage and its dependencies
 ynh_remove_ruby
 ynh_remove_nodejs
 ynh_remove_app_dependencies
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
 # REMOVE VARIOUS FILES
 #=================================================
 ynh_script_progression --message="Removing various files..." --weight=1
 # Remove a cron file
 ynh_secure_remove --file="/etc/cron.d/$app"
 # Remove swap
 ynh_del_swap
@ -111,16 +64,6 @@ if [ -n "$(grep 'kthreadd' /proc/2/status 2>/dev/null)" ]; then
 else
    	ynh_script_progression --message="No swap will be deleted as you are inside a container. Please take care of having more than 2,5G memory available..."
 fi
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # REMOVE DEDICATED USER
 #=================================================
 ynh_script_progression --message="Removing the dedicated system user..." --weight=1
 # Delete a system user
 ynh_system_user_delete --username=$app
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -12,86 +12,24 @@ source ../settings/scripts/ynh_install_ruby__2
 source ../settings/scripts/ynh_add_swap
 source /usr/share/yunohost/helpers
 #=================================================
 # MANAGE SCRIPT FAILURE
 #=================================================
 ynh_clean_setup () {
 	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
 ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$(ynh_app_setting_get --app=$app --key=db_user)
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..." --weight=1
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 #=================================================
 # STANDARD RESTORATION STEPS
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
 ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
 ynh_script_progression --message="Restoring the app main directory..." --weight=1
-ynh_restore_file --origin_path="$final_path"
+ynh_restore_file --origin_path="$install_dir"
-chmod 750 "$final_path"
+chmod 750 "$install_dir"
-chmod -R o-rwx "$final_path"
+chmod -R o-rwx "$install_dir"
-chown -R $app:www-data "$final_path"
+chown -R $app:www-data "$install_dir"
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
 # REINSTALL DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Reinstalling dependencies..." --weight=1
 # Define and install dependencies
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
 ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
 #=================================================
 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
 ynh_psql_test_if_first_run
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;"
 ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
@ -115,62 +53,60 @@ if [ $total_memory -lt $memory_needed ]; then
 	fi
 fi
 #=================================================
 # REINSTALL DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Reinstalling Ruby and NodeJS..." --weight=1
 ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 #=================================================
 # BUILD APP
 #=================================================
 ynh_script_progression --message="Building app..." --weight=1
-pushd "$final_path/live"
+pushd "$install_dir/live"
 	ynh_use_ruby
 	ynh_gem update --system
 	ynh_gem install bundler --no-document
 	ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install --redownload -j$(getconf _NPROCESSORS_ONLN)
 popd
-ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+#=================================================
-ynh_package_autoremove
+# RESTORE SYSTEM CONFIGURATIONS
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
-#=================================================
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 # RESTORE VARIOUS FILES
 #=================================================
 ynh_script_progression --message="Restoring various files..." --weight=1
 ynh_restore_file --origin_path="/etc/cron.d/$app"
 #=================================================
 # RESTORE SYSTEMD
 #=================================================
 ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
 ynh_restore_file --origin_path="/etc/systemd/system/$app-web.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-sidekiq.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-streaming.service"
 systemctl enable "$app-web" "$app-sidekiq" "$app-streaming" --quiet
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 yunohost service add "$app-web" --description="$app web service"
 yunohost service add "$app-sidekiq" --description="$app sidekiq service"
 yunohost service add "$app-streaming" --description="$app streaming service"
-#=================================================
+ynh_restore_file --origin_path="/etc/cron.d/$app"
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on"
+mkdir -p /var/log/$app
-ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded"
+chown -R $app:$app /var/log/$app
-ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening"
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
-# RELOAD NGINX
+# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
+ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
 ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on"
 ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded"
 ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening"
 ynh_systemd_action --service_name=nginx --action=reload
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -11,109 +11,16 @@ source ynh_install_ruby__2
 source ynh_add_swap
 source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
 ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$(ynh_app_setting_get --app=$app --key=db_user)
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 admin_mail=$(ynh_user_get_info --username=$admin --key='mail')
 port_web=$(ynh_app_setting_get --app=$app --key=port_web)
 port_stream=$(ynh_app_setting_get --app=$app --key=port_stream)
 secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base)
 otp_secret=$(ynh_app_setting_get --app=$app --key=otp_secret)
 vapid_private_key=$(ynh_app_setting_get --app=$app --key=vapid_private_key)
 vapid_public_key=$(ynh_app_setting_get --app=$app --key=vapid_public_key)
 config="$final_path/live/.env.production"
 #=================================================
 # CHECK VERSION
 #=================================================
 ynh_script_progression --message="Checking version..." --weight=1
 upgrade_type=$(ynh_check_app_version_changed)
-
+config="$install_dir/live/.env.production"
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
 ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
 # Backup the current version of the app
 ynh_backup_before_upgrade
 ynh_clean_setup () {
 	# Restore it if the upgrade fails
 	ynh_restore_upgradebackup
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped"
 ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped"
 ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped"
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 # Create a permission if needed
 if ! ynh_permission_exists --permission="api"; then
 	ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 fi
 # If port_web doesn't exist, create it, needed for old install
 if [[ -z "$port_web" ]]; then
 	port_web=3000
 	ynh_app_setting_set --app=$app --key=port_web --value=$port_web
 fi
 # If port_web doesn't exist, create it, needed for old install
 if [[ -z "$port_stream" ]]; then
 	port_stream=4000
 	ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream
 fi
 # If db_user doesn't exist, create it, needed for old install
 if [[ -z "$db_user" ]]; then
 	db_user=$(ynh_sanitize_dbid --db_name=$app)
 	ynh_app_setting_set --app=$app --key=db_user --value=$db_user
 fi
 # If db_pwd doesn't exist, create it, needed for old install
 if [[ -z "$db_pwd" ]]; then
 	db_pwd=$(ynh_string_random)
 	ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
 	ynh_psql_test_if_first_run
 	sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres
 	ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config"
 fi
 # Remove paperclip_secret
 ynh_app_setting_delete --app=$app --key=paperclip_secret
@ -149,71 +56,31 @@ if [[ -z "$redis_namespace" ]]; then
 	ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace
 fi
 # If service doesn't exist, create it
 if [[ -z "$service" ]]; then
 	# Set `service` settings to support `yunohost app shell` command
 	ynh_app_setting_set --app="$app" --key=service --value="$app-web.service"
 fi
 #Remove previous added repository
 ynh_remove_extra_repo
 #=================================================
-# CREATE DEDICATED USER
+# STOP SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
+ynh_script_progression --message="Stopping a systemd service..." --weight=1
-# Create a dedicated user (if not existing)
+ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=/var/log/$app/$app-web.log --line_match="Stopped"
-ynh_system_user_create --username=$app --home_dir="$final_path"
+ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Stopped"
 ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=/var/log/$app/$app-streaming.log --line_match="Stopped"
-#=================================================
+# Rename the database to match packaging v2 defaults db_name (`$app_production` to `$app`)
-# DOWNLOAD, CHECK AND UNPACK SOURCE
+if [[ $db_name = *'_production' ]]; then
-#=================================================
+	ynh_psql_execute_as_root --sql="ALTER DATABASE $db_name RENAME TO $app;"
-
+	db_name=$app
-if [ "$upgrade_type" == "UPGRADE_APP" ]
+	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
 	# Download Mastodon
 	tmpdir="$(mktemp -d)"
 	mkdir $tmpdir/system
 	if [ -d "$final_path/live/public/system" ]; then
 		mv --verbose --no-target-directory --backup=numbered "$final_path/live/public/system" "$final_path/system.tmp"
 	fi
 	rsync -a "$config" "$tmpdir/."
 	ynh_secure_remove --file="$final_path/live"
 	ynh_setup_source --dest_dir="$final_path/live"
 	if [ -d "$final_path/system.tmp" ]; then
 		mv --verbose --no-target-directory "$final_path/system.tmp" "$final_path/live/public/system"
 	fi
 	rsync -a "$tmpdir/.env.production" "$final_path/live/."
 	ynh_secure_remove --file="$tmpdir"
 	# Clean files which are not needed anymore
 	ynh_secure_remove --file="$final_path/live/config/initializers/timeout.rb"
 fi
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..." --weight=1
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies
 ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
 # ADD SWAP IF NEEDED and not contenerized
 #=================================================
@ -235,11 +102,37 @@ if [ $total_memory -lt $memory_needed ]; then
 fi
 #=================================================
-# BUILD APP
+# UPGRADE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Building app..." --weight=1
+ynh_script_progression --message="Upgrading Ruby and NodeJS..." --weight=1
-pushd "$final_path/live"
+ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 #=================================================
 # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
 	# Download Mastodon
 	ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/"
 	chmod 750 "$install_dir"
 	chmod -R o-rwx "$install_dir"
 	chown -R $app:www-data "$install_dir"
 fi
 #=================================================
 # BUILD ASSETS
 #=================================================
 ynh_script_progression --message="Building assets..." --weight=1
 pushd "$install_dir/live"
 	ynh_use_ruby
 	ynh_gem update --system
 	ynh_gem install bundler --no-document
@ -251,13 +144,34 @@ pushd "$final_path/live"
 	ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate
 	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear
 popd
-ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+#=================================================
-ynh_package_autoremove
+# REAPPLY SYSTEM CONFIGURATIONS
 #=================================================
 ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
 ynh_add_nginx_config
 # Create a dedicated systemd config
 ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service"
 yunohost service add "$app-web" --description="$app web service"
 ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service"
 yunohost service add "$app-sidekiq" --description="$app sidekiq service"
 ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service"
 yunohost service add "$app-streaming" --description="$app streaming service"
 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 # Use logrotate to manage app-specific logfile(s)
 mkdir -p /var/log/$app
 chown $app:$app /var/log/$app
 ynh_use_logrotate --non-append
 #=================================================
 # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
 #=================================================
 # UPDATE A CONFIG FILE
 #=================================================
@ -271,48 +185,24 @@ chmod 400 "$config"
 chown $app:$app "$config"
 #=================================================
-# SETUP SYSTEMD
+# APPLY MIGRATIONS
 #=================================================
-ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
+ynh_script_progression --message="Applying migrations..." --weight=1
-# Create a dedicated systemd config
+pushd "$install_dir/live"
-ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service"
+	ynh_use_ruby
-ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service"
+	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate
-ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service"
+	ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear
-
+popd
 #=================================================
 # SETUP THE CRON FILE
 #=================================================
 ynh_script_progression --message="Setuping the cron file..." --weight=1
 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 yunohost service add "$app-web" --description="$app web service"
 yunohost service add "$app-sidekiq" --description="$app sidekiq service"
 yunohost service add "$app-streaming" --description="$app streaming service"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on"
+ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on"
-ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded"
+ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded"
-ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening"
+ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening"
 #=================================================
 # RELOAD NGINX
 #=================================================
 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=nginx --action=reload
 #=================================================
 # END OF SCRIPT
--- a/scripts/ynh_install_ruby__2
+++ b/scripts/ynh_install_ruby__2
@ -36,7 +36,7 @@ build_pkg_dependencies="$build_pkg_dependencies $build_ruby_dependencies"
 # However, $PATH is duplicated into $ruby_path to outlast any manipulation of $PATH
 # You can use the variable `$ynh_ruby_load_path` to quickly load your Ruby version
 #  in $PATH for an usage into a separate script.
-# Exemple: $ynh_ruby_load_path $final_path/script_that_use_gem.sh`
+# Exemple: $ynh_ruby_load_path $install_dir/script_that_use_gem.sh`
 #
 #
 # Finally, to start a Ruby service with the correct version, 2 solutions
@ -81,7 +81,7 @@ ynh_use_ruby () {
 	ynh_ruby_load_path="PATH=$PATH"
 	# Sets the local application-specific Ruby version
-	pushd $final_path
+	pushd $install_dir
 		$rbenv_install_dir/bin/rbenv local $ruby_version
 	popd
 }
--- a/sources/patches/app-blurhash-bugfix.patch
+++ b/sources/patches/app-blurhash-bugfix.patch
@ -1,60 +0,0 @@
 diff --git a/Gemfile b/Gemfile
 index 7c36bc6b8..3f691d102 100644
 --- a/Gemfile
 +++ b/Gemfile
@@ -22,7 +22,8 @@
 gem 'fog-core', '<= 2.1.0'
 gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.1'
 -gem 'blurhash', '~> 0.1'
 +gem 'blurhash', github: 'Gargron/blurhash', ref: '870a34e01ce7d09a7bd4d700435e1764ca823246'
 +
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
 diff --git a/Gemfile.lock b/Gemfile.lock
 index 7c36bc6b8..3f691d102 100644
 --- a/Gemfile.lock
 +++ b/Gemfile.lock
@@ -7,6 +7,13 @@
       hkdf (~> 0.2)
       jwt (~> 2.0)
 +GIT
 +  remote: https://github.com/Gargron/blurhash.git
 +  revision: 870a34e01ce7d09a7bd4d700435e1764ca823246
 +  ref: 870a34e01ce7d09a7bd4d700435e1764ca823246
 +  specs:
 +    blurhash (0.1.6)
 +
 GEM
   remote: https://rubygems.org/
   specs:
@@ -120,8 +127,6 @@
     bindata (2.4.10)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
 -    blurhash (0.1.6)
 -      ffi (~> 1.14)
     bootsnap (1.13.0)
       msgpack (~> 1.2)
     brakeman (5.3.1)
@@ -448,7 +453,7 @@
     openssl-signature_algorithm (1.2.1)
       openssl (> 2.0, < 3.1)
     orm_adapter (0.5.0)
 -    ox (2.14.11)
 +    ox (2.14.13)
     parallel (1.22.1)
     parser (3.1.2.1)
       ast (~> 2.4.1)
@@ -738,7 +743,7 @@
   aws-sdk-s3 (~> 1.114)
   better_errors (~> 2.9)
   binding_of_caller (~> 1.0)
 -  blurhash (~> 0.1)
 +  blurhash!
   bootsnap (~> 1.13.0)
   brakeman (~> 5.3)
   browser
--- a/sources/patches/app-sso.patch
+++ b/sources/patches/app-sso.patch
@ -1,56 +0,0 @@
 diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
 index 7c36bc6b8..3f691d102 100644
 --- a/app/controllers/application_controller.rb
 +++ b/app/controllers/application_controller.rb
@@ -69,7 +69,7 @@ class ApplicationController < ActionController::Base
   end
   def after_sign_out_path_for(_resource_or_scope)
 -    new_user_session_path
 +    "https://#{File.read('/etc/yunohost/current_host')}/yunohost/sso/?action=logout"
   end
   protected
 diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
 index 5232e6cfd..160348674 100644
 --- a/config/initializers/devise.rb
 +++ b/config/initializers/devise.rb
@@ -180,7 +180,7 @@ Devise.setup do |config|
   # given strategies, for example, `config.http_authenticatable = [:database]` will
   # enable it only for database authentication. The supported strategies are:
   # :database      = Support basic authentication with authentication key + password
 -  config.http_authenticatable = [:pam, :database]
 +  config.http_authenticatable = [:two_factor_ldap, :pam, :database]
   # If 401 status code should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 diff --git a/lib/devise/two_factor_ldap_authenticatable.rb b/lib/devise/two_factor_ldap_authenticatable.rb
 index 065aa2de8..0eb4be10c 100644
 --- a/lib/devise/two_factor_ldap_authenticatable.rb
 +++ b/lib/devise/two_factor_ldap_authenticatable.rb
@@ -5,13 +5,13 @@ require 'devise/strategies/base'
 module Devise
   module Strategies
 -    class TwoFactorLdapAuthenticatable < Base
 +    class TwoFactorLdapAuthenticatable < Authenticatable
       def valid?
 -        valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
 +        (valid_for_params_auth? || valid_for_http_auth?) && mapping.to.respond_to?(:authenticate_with_ldap)
       end
       def authenticate!
 -        resource = mapping.to.authenticate_with_ldap(params[scope])
 +        resource = mapping.to.authenticate_with_ldap(authentication_hash.merge(:password => password))
         if resource && !resource.otp_required_for_login?
           success!(resource)
@@ -23,7 +23,7 @@ module Devise
       protected
       def valid_params?
 -        params[scope] && params[scope][:password].present?
 +        super && params[scope][:password].present?
       end
     end
   end
--- a/tests.toml
+++ b/tests.toml
@ -0,0 +1,26 @@
 test_format = 1.0
 [default]
    # ------------
    # Tests to run
    # ------------
    exclude = ["install.multi", "change_url"]
    # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url
    # -------------------------------
    # Default args to use for install
    # -------------------------------
    # Nothing to do here...yet
    # -------------------------------
    # Commits to test upgrade from
    # -------------------------------
    test_upgrade_from.bda899e.name = "Upgrade from 4.1.2~ynh1"
    test_upgrade_from.bda899e.args.domain="domain.tld"
    test_upgrade_from.bda899e.args.is_public=1
    test_upgrade_from.bda899e.args.admin="john"
    test_upgrade_from.bda899e.args.language="fr_FR"