Merge pull request #3 from FabianWilkens/testing

Update to 1.11.0
2024-09-03 19:56:33 +02:00 · 2022-12-31 12:58:21 +01:00 · 2022-12-31 12:58:21 +01:00 · c789b82928
commit c789b82928
parent a76e15bd52 f2bd90492a
19 changed files with 543 additions and 200 deletions
--- a/2
+++ b/2
@ -13,7 +13,7 @@
 		setup_root=1
 		setup_nourl=0
 		setup_private=1
-		setup_public=0
+		setup_public=1
 		upgrade=1
 		upgrade=0	from_commit=CommitHash
 		backup_restore=1
--- a/conf/app.src
+++ b/conf/app.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/paperless-ngx/paperless-ngx/releases/download/ngx-1.6.0/paperless-ngx-1.6.0.tar.xz
+SOURCE_URL=https://github.com/paperless-ngx/paperless-ngx/releases/download/v1.11.0/paperless-ngx-v1.11.0.tar.xz
-SOURCE_SUM=f4971abf258382fb171a8d11f4c6181ca03b42334deb6d9305a04ea8f8eab91e
+SOURCE_SUM=6b175daf2b9c7411b9a63f747ad62661c9733d87072c16a494394a189d2e240f
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -13,6 +13,8 @@ location __PATH__/ {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  client_max_body_size 25M;
  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
 }
--- a/conf/paperless.conf.example
+++ b/conf/paperless.conf.example
@ -3,11 +3,11 @@
 # Debug. Only enable this for development.
-#PAPERLESS_DEBUG=false
+PAPERLESS_DEBUG=false
 # Required services
-PAPERLESS_REDIS=redis://localhost:6379
+PAPERLESS_REDIS=redis://localhost:6379/__REDIS_DB__
 PAPERLESS_DBHOST=localhost
 PAPERLESS_DBPORT=5432
@ -18,15 +18,17 @@ PAPERLESS_DBPASS=__DB_PWD__
 # Paths and folders
-PAPERLESS_CONSUMPTION_DIR=__DATA_DIR__/consume
+PAPERLESS_SCRATCH_DIR=/tmp/__APP__
-PAPERLESS_DATA_DIR=__DATA_DIR__/data
+PAPERLESS_CONSUMPTION_DIR=__DATADIR__/consume
 PAPERLESS_DATA_DIR=__DATADIR__/data
 #PAPERLESS_TRASH_DIR=
-PAPERLESS_MEDIA_ROOT=__DATA_DIR__/media
+PAPERLESS_MEDIA_ROOT=__DATADIR__/media
 #PAPERLESS_STATICDIR=../static
 #PAPERLESS_FILENAME_FORMAT=
 # Security and hosting
 PAPERLESS_URL=https://__DOMAIN__
 PAPERLESS_SECRET_KEY=__PAPERLESS_SECRET_KEY__
 PAPERLESS_ALLOWED_HOSTS=__DOMAIN__
 PAPERLESS_CORS_ALLOWED_HOSTS=https://__DOMAIN__
@ -38,7 +40,7 @@ PAPERLESS_CORS_ALLOWED_HOSTS=https://__DOMAIN__
 # OCR settings
-PAPERLESS_OCR_LANGUAGE=eng+fra
+PAPERLESS_OCR_LANGUAGE=eng
 #PAPERLESS_OCR_MODE=skip
 #PAPERLESS_OCR_OUTPUT_TYPE=pdfa
 #PAPERLESS_OCR_PAGES=1
@ -84,4 +86,3 @@ PAPERLESS_CONSUMER_IGNORE_PATTERNS=[".DS_STORE/*", "._*", ".stfolder/*", ".*"]
 # YunoHost tweaks
 PAPERLESS_LOGOUT_REDIRECT_URL=https://__MAIN_DOMAIN__/yunohost/sso/?action=logout
 PAPERLESS_PORT=__PORT__
--- a/conf/systemd-consumer.service
+++ b/conf/systemd-consumer.service
@ -0,0 +1,43 @@
 [Unit]
 Description=Paperless consumer
 Requires=redis.service
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/src/
 ExecStart=__FINALPATH__/venv/bin/python3 manage.py document_consumer
 StandardOutput=append:/var/log/__APP__/__APP__-consumer.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
 CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
 CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
 CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
 CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
 CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
 [Install]
 WantedBy=multi-user.target
--- a/conf/systemd-scheduler.service
+++ b/conf/systemd-scheduler.service
@ -0,0 +1,43 @@
 [Unit]
 Description=Paperless scheduler
 Requires=redis.service
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/src/
 ExecStart=__FINALPATH__/venv/bin/celery --app paperless beat --loglevel INFO
 StandardOutput=append:/var/log/__APP__/__APP__-scheduler.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
 CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
 CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
 CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
 CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
 CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
 [Install]
 WantedBy=multi-user.target
--- a/conf/systemd-task-queue.service
+++ b/conf/systemd-task-queue.service
@ -0,0 +1,44 @@
 [Unit]
 Description=Paperless task-queue
 Requires=redis.service
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/src/
 ExecStart=__FINALPATH__/venv/bin/celery --app paperless worker --loglevel INFO
 StandardOutput=append:/var/log/__APP__/__APP__-task-queue.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 #PrivateTmp - Must be disabled for full functionality
 #PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
 CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
 CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
 CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
 CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
 CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
 [Install]
 WantedBy=multi-user.target
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -1,22 +1,23 @@
 [Unit]
-Description=Scan, index and archive all your physical documents
+Description=Paperless webserver
 After=network.target
 Wants=network.target
 Requires=redis.service
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__/
+WorkingDirectory=__FINALPATH__/src/
-ExecStart=__FINALPATH__/venv/bin/python3 manage.py runserver
+ExecStart=__FINALPATH__/venv/bin/uvicorn --port=__PORT__ --log-level=warning paperless.asgi:application
 StandardOutput=append:/var/log/__APP__/__APP__.log
 StandardError=inherit
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
 # .. but this should be a good baseline
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
-PrivateTmp=yes
+#PrivateTmp - Must be disabled for full functionality
 #PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 RestrictNamespaces=yes
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -1,2 +1,13 @@
 * This app require a dedicated domain.
-* There no LDAP or SSO. ⚠️ The admin user will recieve a mail after the installation.
+* There is no LDAP or SSO support.
 * Paperless is performing OCR on documents and images. English is installed by default. More languages can be installed:
  * Display a list of all Tesseract language packs `apt-cache search tesseract-ocr`
  * Install additional language packs
    * Example for french `sudo apt-get install tesseract-ocr-fra`
    * Example for german `sudo apt-get install tesseract-ocr-deu`
  * Modify config to add new languages
    * Open config-panel: https://my-domain.tld/yunohost/admin/#/apps/$app_id/config-panel
    * You can combine multiple languages like this:
      * One language: eng
      * Two languages: eng+fra
--- a/doc/screenshots/documents-wchrome-dark.png
+++ b/doc/screenshots/documents-wchrome-dark.png
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "Scan, index and archive all your physical documents",
        "fr": "Scannez, triez et archivez tous vos documents papiers"
    },
-    "version": "1.6~ynh1",
+    "version": "1.11.0~ynh1",
    "url": "https://paperless-ngx.com",
    "upstream": {
        "license": "GPL-3.0-or-later",
@ -21,7 +21,7 @@
        "name": "Tagada"
    },
    "requirements": {
-        "yunohost": ">= 4.3.0"
+        "yunohost": ">= 11.0.0"
    },
    "multi_instance": true,
    "services": [
@ -38,6 +38,26 @@
            {
                "name": "admin",
                "type": "user"
            },
            {
                "name": "admin_pw",
                "type": "password",
                "ask": {
                    "en": "Please chose a password for admin user."
                }
            },
            {
                "name": "is_public",
                "type": "boolean",
                "default": false
            },
            {
                "name": "is_public_api",
                "type": "boolean",
                "default": false,
                "ask": {
                    "en": "Should Paperless-ngx be accessible for apps."
                }
            }
        ]
    }
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -5,7 +5,7 @@
 #=================================================
 # dependencies used by the app
-pkg_dependencies="redis-tools redis-server postgresql postgresql-contrib python3 python3-pip python3-dev python3-venv imagemagick fonts-liberation optipng gnupg libpq-dev libmagic-dev mime-support"
+pkg_dependencies="python3 python3-pip python3-dev python3-venv default-libmysqlclient-dev fonts-liberation imagemagick gnupg libpq-dev libmagic-dev mime-support libzbar0 poppler-utils postgresql postgresql-contrib "
 ocr_pkg_dependencies="unpaper ghostscript icc-profiles-free qpdf liblept5 libxml2 pngquant zlib1g tesseract-ocr"
 raspberry_pkg_dependencies="libatlas-base-dev libxslt1-dev"
--- a/scripts/backup
+++ b/scripts/backup
@ -31,7 +31,6 @@ app=$YNH_APP_INSTANCE_NAME
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 #=================================================
@ -66,8 +65,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # SPECIFIC BACKUP
@ -82,12 +81,15 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 #=================================================
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path="/etc/systemd/system/$app-consumer.service"
 ynh_backup --src_path="/etc/systemd/system/$app-scheduler.service"
 ynh_backup --src_path="/etc/systemd/system/$app-task-queue.service"
 #=================================================
 # BACKUP VARIOUS FILES
 #=================================================
-ynh_backup --src_path="/etc/$app/"
+#ynh_backup --src_path="/etc/$app/"
 #=================================================
 # BACKUP THE MYSQL DATABASE
--- a/scripts/change_url
+++ b/scripts/change_url
@ -24,16 +24,22 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 port=$(ynh_app_setting_get --app=$app --key=port)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key)
 #=================================================
 # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
 #=================================================
-ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1
+ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
 # Backup the current version of the app
 ynh_backup_before_upgrade
@ -68,14 +74,17 @@ fi
 #=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
+ynh_script_progression --message="Stopping a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name="$app-consumer" --action="stop" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="stop" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="stop" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # MODIFY URL IN NGINX CONF
 #=================================================
-ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1
+ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
@ -104,22 +113,34 @@ fi
 #=================================================
 # SPECIFIC MODIFICATIONS
 #=================================================
-# ...
+# MODIFY A CONFIGURATION
 #=================================================
 ynh_script_progression --message="Modifying a configuration file..." --weight=1
 domain="$new_domain"
 path_url="$new_path"
 ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf"
 chmod 400 "$final_path/paperless.conf"
 chown $app:$app "$final_path/paperless.conf"
 #=================================================
 # GENERIC FINALISATION
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=nginx --action=reload
@ -127,4 +148,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Change of URL completed for $app" --time --last
+ynh_script_progression --message="Change of URL completed for $app" --last
--- a/scripts/install
+++ b/scripts/install
@ -7,6 +7,7 @@
 #=================================================
 source _common.sh
 source ynh_redis
 source /usr/share/yunohost/helpers
 #=================================================
@ -26,25 +27,18 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
 is_public=$YNH_APP_ARG_IS_PUBLIC
 is_public_api=$YNH_APP_ARG_IS_PUBLIC_API
 admin=$YNH_APP_ARG_ADMIN
 admin_pw=$YNH_APP_ARG_ADMIN_PW
 app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
-### About --weight and --time
+ynh_script_progression --message="Validating installation parameters..." --weight=1
 ### ynh_script_progression will show to your final users the progression of each scripts.
 ### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
 ### --time is a packager option, it will show you the execution time since the previous call.
 ### This option should be removed before releasing your app.
 ### Use the execution time, given by --time, to estimate the weight of a step.
 ### A common way to do it is to set a weight equal to the execution time in second +1.
 ### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
 ynh_script_progression --message="Validating installation parameters..." --time --weight=1
 ### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
 ### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
 final_path=/opt/yunohost/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -54,7 +48,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
-ynh_script_progression --message="Storing installation settings..." --time --weight=1
+ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -65,7 +59,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
-ynh_script_progression --message="Finding an available port..." --time --weight=1
+ynh_script_progression --message="Finding an available port..." --weight=1
 # Find an available port
 port=$(ynh_find_port --port=8095)
@ -74,16 +68,16 @@ ynh_app_setting_set --app=$app --key=port --value=$port
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing dependencies..." --time --weight=1
+ynh_script_progression --message="Installing dependencies..." --weight=1
 # FIXME: Only on a Raspberry Pi (armv6 v7?)
 # ynh_add_app_dependencies $raspberry_pkg_dependencies
-ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Configuring system user..." --time --weight=1
+ynh_script_progression --message="Configuring system user..." --weight=1
 # Create a system user
 ynh_system_user_create --username=$app --home_dir="$final_path"
@ -91,17 +85,18 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 # CREATE A POSTGRESQL DATABASE
 #=================================================
-ynh_script_progression --message="Creating a PostgreSQL database..." --time --weight=1
+ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
 db_name=$(ynh_sanitize_dbid --db_name=$app)
 db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-ynh_script_progression --message="Setting up source files..." --time --weight=1
+ynh_script_progression --message="Setting up source files..." --weight=1
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
@ -114,9 +109,7 @@ chown -R $app:$app "$final_path"
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
+ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 ### `ynh_add_nginx_config` will use the file conf/nginx.conf
 # Create a dedicated NGINX config
 ynh_add_nginx_config
@ -130,19 +123,26 @@ ynh_script_progression --message="Installing Python dependencies..."
 pushd $final_path
 	python3 -m venv venv
-	venv/bin/pip install --upgrade pip
+	chown -R "$app:" "$final_path"
-	venv/bin/pip install -r requirements.txt
+(
 	source "$final_path/venv/bin/activate"
 	ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel
 	ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt"
 	deactivate
 )
 popd
 #=================================================
 # CREATE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Creating a data directory..." --time --weight=1
+ynh_script_progression --message="Creating a data directory..." --weight=1
 datadir=/home/yunohost.app/$app
 ynh_app_setting_set --app=$app --key=datadir --value=$datadir
-mkdir -p $datadir/{consume,data,media}
+mkdir -p "$datadir/consume"
 mkdir -p "$datadir/data"
 mkdir -p "$datadir/media"
 chmod 750 "$datadir"
 chmod -R o-rwx "$datadir"
@ -151,49 +151,63 @@ chown -R $app:www-data "$datadir"
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
-ynh_script_progression --message="Adding a configuration file..." --time --weight=1
+ynh_script_progression --message="Adding a configuration file..." --weight=1
 redis_db=$(ynh_redis_get_free_db)
 ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
 paperless_secret_key=$(ynh_string_random)
-ynh_app_setting_set --app=$app --key=paperless_secret_key 
+ynh_app_setting_set --app=$app --key=paperless_secret_key  --value=$paperless_secret_key
 ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf"
 chmod 400 "$final_path/paperless.conf"
 chown $app:$app "$final_path/paperless.conf"
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
 # Create a dedicated systemd config
 ynh_add_systemd_config
 #=================================================
 # SETUP THE DATABASE
 #=================================================
-ynh_script_progression --message="Setting up the database..." --time --weight=1
+ynh_script_progression --message="Setting up the database..." --weight=1
-pushd $final_path
+pushd "$final_path/src"
-	ynh_exec_as $app python3 manage.py migrate
+(
 	source "$final_path/venv/bin/activate"
 	ynh_exec_as $app $final_path/venv/bin/python manage.py migrate
 	deactivate
 )
 popd
 #=================================================
 # CREATE THE ADMIN USER
 #=================================================
-ynh_script_progression --message="Creating the admin user..." --time --weight=1
+ynh_script_progression --message="Creating the admin user..." --weight=1
-pushd $final_path
+pushd "$final_path/src"
 (
 	source "$final_path/venv/bin/activate"
 	email=$(ynh_user_get_info $admin 'mail')
-	ynh_exec_as $app python3 manage.py createsuperuser --noinput --username "$admin" --email "$email"
+	ynh_exec_as $app env "DJANGO_SUPERUSER_PASSWORD=$admin_pw" $final_path/venv/bin/python3 manage.py createsuperuser --noinput --username "$admin" --email "$email"
 	deactivate
 )
 popd
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..." --weight=1
 # Create a dedicated systemd config
 ynh_add_systemd_config --service="$app" --template="systemd.service"
 ynh_add_systemd_config --service="$app-consumer" --template="systemd-consumer.service"
 ynh_add_systemd_config --service="$app-scheduler" --template="systemd-scheduler.service"
 ynh_add_systemd_config --service="$app-task-queue" --template="systemd-task-queue.service"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # SETUP LOGROTATE
 #=================================================
-ynh_script_progression --message="Configuring log rotation..." --time --weight=1
+ynh_script_progression --message="Configuring log rotation..." --weight=1
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
@ -201,39 +215,54 @@ ynh_use_logrotate
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
-yunohost service add $app --log="/var/log/$app/$app.log"
+yunohost service add "$app" --log="/var/log/$app/$app.log"
 yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log"
 yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log"
 yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
-# Start a systemd service
+ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
-ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1
+#ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
 # Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 # FIXME fail2ban
 # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
 #=================================================
 # SETUP SSOWAT
 #=================================================
-#ynh_script_progression --message="Configuring permissions..." --time --weight=1
+ynh_script_progression --message="Configuring permissions..." --weight=1
-# .main already exist so nothing to do here...
+# Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	ynh_permission_update --permission="main" --add="visitors"
 fi
 ynh_permission_create --permission="api" --url="/api" --allowed="all_users" --auth_header="false" --label="$app API" --show_tile="false" --protected="false"
 if [ $is_public_api -eq 1 ]
 then
 	ynh_permission_update --permission="api" --add="visitors"
 fi
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=nginx --action=reload
@ -241,4 +270,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Installation of $app completed" --time --last
+ynh_script_progression --message="Installation of $app completed" --last
--- a/scripts/remove
+++ b/scripts/remove
@ -7,12 +7,13 @@
 #=================================================
 source _common.sh
 source ynh_redis
 source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
@ -22,6 +23,7 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 #=================================================
 # STANDARD REMOVE
@ -32,22 +34,28 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
 if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
-	ynh_script_progression --message="Removing $app service integration..." --time --weight=1
+	ynh_script_progression --message="Removing $app service integration..." --weight=1
-	yunohost service remove $app
+	yunohost service remove "$app"
 	yunohost service remove "$app-consumer"
 	yunohost service remove "$app-scheduler"
 	yunohost service remove "$app-task-queue"
 fi
 #=================================================
 # STOP AND REMOVE SERVICE
 #=================================================
-ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1
+ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
 # Remove the dedicated systemd config
-ynh_remove_systemd_config
+ynh_remove_systemd_config --service="$app"
 ynh_remove_systemd_config --service="$app-consumer"
 ynh_remove_systemd_config --service="$app-scheduler"
 ynh_remove_systemd_config --service="$app-task-queue"
 #=================================================
 # REMOVE LOGROTATE CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
@ -55,7 +63,7 @@ ynh_remove_logrotate
 #=================================================
 # REMOVE THE POSTGRESQL DATABASE
 #=================================================
-ynh_script_progression --message="Removing the PostgreSQL database..." --time --weight=1
+ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
 # Remove a database if it exists, along with the associated user
 ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
@ -63,7 +71,7 @@ ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Removing app main directory..." --time --weight=1
+ynh_script_progression --message="Removing app main directory..." --weight=1
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
@ -75,14 +83,14 @@ ynh_secure_remove --file="$final_path"
 # Remove the data directory if --purge option is used
 if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
 then
-	ynh_script_progression --message="Removing app data directory..." --time --weight=1
+	ynh_script_progression --message="Removing app data directory..." --weight=1
 	ynh_secure_remove --file="$datadir"
 fi
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
+ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
@ -90,28 +98,29 @@ ynh_remove_nginx_config
 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Removing dependencies..." --time --weight=1
+ynh_script_progression --message="Removing dependencies..." --weight=1
 # Remove metapackage and its dependencies
 ynh_redis_remove_db "$redis_db"
 ynh_remove_app_dependencies
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing Fail2Ban configuration..." --time --weight=1
+#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
 # Remove the dedicated Fail2Ban config
-ynh_remove_fail2ban_config
+#ynh_remove_fail2ban_config
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
 # REMOVE VARIOUS FILES
 #=================================================
-ynh_script_progression --message="Removing various files..." --time --weight=1
+ynh_script_progression --message="Removing various files..." --weight=1
 # Remove a directory securely
-ynh_secure_remove --file="/etc/$app"
+#ynh_secure_remove --file="/etc/$app"
 # Remove the log files
 ynh_secure_remove --file="/var/log/$app"
@ -121,7 +130,7 @@ ynh_secure_remove --file="/var/log/$app"
 #=================================================
 # REMOVE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Removing the dedicated system user..." --weight=1
 # Delete a system user
 ynh_system_user_delete --username=$app
@ -130,4 +139,4 @@ ynh_system_user_delete --username=$app
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Removal of $app completed" --time --last
+ynh_script_progression --message="Removal of $app completed" --last
--- a/scripts/restore
+++ b/scripts/restore
@ -8,6 +8,7 @@
 # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source ../settings/scripts/ynh_redis
 source /usr/share/yunohost/helpers
 #=================================================
@ -24,7 +25,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
@ -34,29 +35,27 @@ admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key)
 redis_db=$(ynh_redis_get_free_db)
 ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
-ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
+ynh_script_progression --message="Validating restoration parameters..." --weight=1
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 #=================================================
 # STANDARD RESTORATION STEPS
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app --home_dir="$final_path"
@ -64,103 +63,153 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Restoring the app main directory..." --time --weight=1
+ynh_script_progression --message="Restoring the app main directory..." --weight=1
 ynh_restore_file --origin_path="$final_path"
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chown -R $app:$app "$final_path"
 #=================================================
 # RESTORE THE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Restoring the data directory..." --time --weight=1
+ynh_script_progression --message="Restoring the data directory..." --weight=1
 ynh_restore_file --origin_path="$datadir" --not_mandatory
-mkdir -p $datadir/{consume,data,media}
+mkdir -p "$datadir/consume"
 mkdir -p "$datadir/data"
 mkdir -p "$datadir/media"
 chmod 750 "$datadir"
 chmod -R o-rwx "$datadir"
-chown -R $app:www-data "$datadir"
+chown -R $app:$app "$datadir"
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=1
 ynh_add_config --template="../settings/conf/paperless.conf.example" --destination="$final_path/paperless.conf"
 chmod 400 "$final_path/paperless.conf"
 chown $app:$app "$final_path/paperless.conf"
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
 #=================================================
-ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1
+#ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
-ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+#ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+#ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
-ynh_systemd_action --action=restart --service_name=fail2ban
+#ynh_systemd_action --action=restart --service_name=fail2ban
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
 # REINSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1
+ynh_script_progression --message="Reinstalling dependencies..." --weight=1
 # Define and install dependencies
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies
 #=================================================
 # INSTALL PYTHON DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Installing Python dependencies..."
 pushd $final_path
 	ynh_secure_remove --file="$final_path/venv"
 	python3 -m venv venv
 	chown -R "$app:" "$final_path"
 (
 	source "$final_path/venv/bin/activate"
 	ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel
 	ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt"
 	deactivate
 )
 popd
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
 #=================================================
-ynh_script_progression --message="Restoring the PostgresSQL database..." --time --weight=1
+ynh_script_progression --message="Restoring the PostgresSQL database..." --weight=1
-db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
 #=================================================
 # RESTORE VARIOUS FILES
 #=================================================
-ynh_script_progression --message="Restoring various files..." --time --weight=1
+#ynh_script_progression --message="Restoring various files..." --weight=1
-ynh_restore_file --origin_path="/etc/$app/"
+#ynh_restore_file --origin_path="/etc/$app/"
 #=================================================
 # RESTORE SYSTEMD
 #=================================================
-ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1
+ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
-systemctl enable $app.service --quiet
+ynh_restore_file --origin_path="/etc/systemd/system/$app-consumer.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-scheduler.service"
 ynh_restore_file --origin_path="/etc/systemd/system/$app-task-queue.service"
 systemctl enable "$app.service" --quiet
 systemctl enable "$app-consumer.service" --quiet
 systemctl enable "$app-scheduler.service" --quiet
 systemctl enable "$app-task-queue.service" --quiet
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
 #=================================================
-ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
 mkdir -p "/var/log/$app"
 chown -R $app: "/var/log/$app"
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
-yunohost service add $app --log="/var/log/$app/$app.log"
+yunohost service add "$app" --log="/var/log/$app/$app.log"
 yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log"
 yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log"
 yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 #=================================================
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Restoration completed for $app" --time --last
+ynh_script_progression --message="Restoration completed for $app" --last
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -7,40 +7,37 @@
 #=================================================
 source _common.sh
 source ynh_redis
 source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
-paperless_secret_key=$(ynh_app_setting_get --app=app --key=paperless_secret_key)
+redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key)
 #=================================================
 # CHECK VERSION
 #=================================================
 ### This helper will compare the version of the currently installed app and the version of the upstream package.
 ### $upgrade_type can have 2 different values
 ### - UPGRADE_APP if the upstream app version has changed
 ### - UPGRADE_PACKAGE if only the YunoHost package has changed
 ### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
 ### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
 upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
 # Backup the current version of the app
 ynh_backup_before_upgrade
@ -56,14 +53,17 @@ ynh_abort_if_errors
 #=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
+ynh_script_progression --message="Stopping a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name="$app-consumer" --action="stop" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="stop" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="stop" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 #
 # N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
@ -83,10 +83,30 @@ ynh_script_progression --message="Ensuring downward compatibility..." --time --w
 #	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 #fi
 ### If nobody installed your app before 4.1,
 ### then you may safely remove these lines
 # Cleaning legacy permissions
 #if ynh_legacy_permissions_exists; then
 #	ynh_legacy_permissions_delete_all
 #
 #	ynh_app_setting_delete --app=$app --key=is_public
 #fi
 #
 #if ! ynh_permission_exists --permission="admin"; then
 #	# Create the required permissions
 #	ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
 #fi
 #
 ## Create a permission if needed
 #if ! ynh_permission_exists --permission="api"; then
 #	ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
 #fi
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
 # Create a dedicated user (if not existing)
 ynh_system_user_create --username=$app --home_dir="$final_path"
@ -97,30 +117,29 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
-	ynh_script_progression --message="Upgrading source files..." --time --weight=1
+	ynh_script_progression --message="Upgrading source files..." --weight=1
-	# Download, check integrity, uncompress and patch the source from app.src
+	ynh_setup_source --dest_dir="$final_path" --keep="paperless.conf"
 	ynh_setup_source --dest_dir="$final_path"
 fi
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chown -R $app:$app "$final_path"
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
+ynh_script_progression --message="Upgrading dependencies..." --weight=1
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 #=================================================
 # SPECIFIC UPGRADE
@ -131,84 +150,94 @@ ynh_script_progression --message="Installing Python dependencies..."
 pushd $final_path
 	python3 -m venv venv
-	venv/bin/pip install --upgrade pip
+	chown -R "$app:" "$final_path"
-	venv/bin/pip install -r requirements.txt
+(
 	source "$final_path/venv/bin/activate"
 	ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel
 	ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt"
 	deactivate
 )
 popd
 #=================================================
 # UPDATE A CONFIG FILE
 #=================================================
-ynh_script_progression --message="Updating a configuration file..." --time --weight=1
+ynh_script_progression --message="Updating a configuration file..." --weight=1
 ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf"
-ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
+chmod 400 "$final_path/paperless.conf"
-
+chown $app:$app "$final_path/paperless.conf"
 # FIXME: this should be handled by the core in the future
 # You may need to use chmod 600 instead of 400,
 # for example if the app is expected to be able to modify its own config
 chmod 400 "$final_path/some_config_file"
 chown $app:$app "$final_path/some_config_file"
 ### For more complex cases where you want to replace stuff using regexes,
 ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
 ### When doing so, you also need to manually call ynh_store_file_checksum
 ###
 ### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
 ### ynh_store_file_checksum --file="$final_path/some_config_file"
 #=================================================
 # SETUP THE DATABASE
 #=================================================
-ynh_script_progression --message="Setting up the database..." --time --weight=1
+ynh_script_progression --message="Setting up the database..." --weight=1
-pushd $final_path
+pushd "$final_path/src"
-	ynh_exec_as $app python3 manage.py migrate
+(
 	source "$final_path/venv/bin/activate"
 	ynh_exec_as $app $final_path/venv/bin/python manage.py migrate
 	deactivate
 )
 popd
 #=================================================
 # SETUP SYSTEMD
 #=================================================
-ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
 # Create a dedicated systemd config
-ynh_add_systemd_config
+ynh_add_systemd_config --service="$app" --template="systemd.service"
 ynh_add_systemd_config --service="$app-consumer" --template="systemd-consumer.service"
 ynh_add_systemd_config --service="$app-scheduler" --template="systemd-scheduler.service"
 ynh_add_systemd_config --service="$app-task-queue" --template="systemd-task-queue.service"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # SETUP LOGROTATE
 #=================================================
-ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
 # Use logrotate to manage app-specific logfile(s)
-ynh_use_logrotate --non-append
+ynh_use_logrotate --logfile="/var/log/$app/$app.log"
 ynh_use_logrotate --logfile="/var/log/$app/$app-consumer.log"
 ynh_use_logrotate --logfile="/var/log/$app/$app-scheduler.log"
 ynh_use_logrotate --logfile="/var/log/$app/$app-task-queue.log"
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
-yunohost service add $app --log="/var/log/$app/$app.log"
+yunohost service add "$app" --log="/var/log/$app/$app.log"
 yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log"
 yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log"
 yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log"
 ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log"
 ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log"
 #=================================================
 # UPGRADE FAIL2BAN
 #=================================================
-ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
+#ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
 # Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 ynh_systemd_action --service_name=nginx --action=reload
@ -216,4 +245,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Upgrade of $app completed" --time --last
+ynh_script_progression --message="Upgrade of $app completed" --last
--- a/scripts/ynh_redis
+++ b/scripts/ynh_redis
@ -0,0 +1,39 @@
 #!/bin/bash
 # get the first available redis database
 #
 # usage: ynh_redis_get_free_db
 # | returns: the database number to use
 ynh_redis_get_free_db() {
 	local result max db
 	result=$(redis-cli INFO keyspace)
 	# get the num
 	max=$(cat /etc/redis/redis.conf | grep ^databases | grep -Eow "[0-9]+")
 	db=0
 	# default Debian setting is 15 databases
 	for i in $(seq 0 "$max")
 	do
 		if ! echo "$result" | grep -q "db$i"
 		then
 			db=$i
 			break 1
 		fi
 		db=-1
 	done
 	test "$db" -eq -1 && ynh_die --message="No available Redis databases..."
 	echo "$db"
 }
 # Create a master password and set up global settings
 # Please always call this script in install and restore scripts
 #
 # usage: ynh_redis_remove_db database
 # | arg: database - the database to erase
 ynh_redis_remove_db() {
 	local db=$1
 	redis-cli -n "$db" flushall
 }