.github/workflows/autoblack.yml

@@ -0,0 +1,35 @@
+name: Check / auto apply Black
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  black:
+    name: Check / auto apply black
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check files using the black formatter
+        uses: psf/black@stable
+        id: black
+        with:
+          options: "."
+        continue-on-error: true
+      - shell: pwsh
+        id: check_files_changed
+        run: |
+          # Diff HEAD with the previous commit
+          $diff = git diff
+          $HasDiff = $diff.Length -gt 0
+          Write-Host "::set-output name=files_changed::$HasDiff"
+      - name: Create Pull Request
+        if: steps.check_files_changed.outputs.files_changed == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: "Format Python code with Black"
+          commit-message: ":art: Format Python code with Black"
+          body: |
+            This pull request uses the [psf/black](https://github.com/psf/black) formatter.
+          base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
+          branch: actions/black

.github/workflows/i18n.yml

@@ -0,0 +1,29 @@
+name: Autoreformat locale files
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  i18n:
+    name: Autoreformat locale files
+    runs-on: ubuntu-latest
+    steps:
+        - uses: actions/checkout@v4
+        - name: Apply reformating scripts
+          id: action_reformat
+          run: |
+              python3 test/remove_stale_i18n_strings.py
+              python3 test/autofix_locale_format.py
+              python3 test/reformat_locales.py
+              git diff -w --exit-code
+        - name: Create Pull Request
+          if: ${{ failure() }}
+          uses: peter-evans/create-pull-request@v6
+          with:
+            token: ${{ secrets.GITHUB_TOKEN }}
+            title: "Reformat locale files"
+            commit-message: ":robot: Reformat locale files"
+            body: |
+              Automatic pull request using the scripts in `test/`
+            base: ${{ github.head_ref }}
+            branch: actions/i18nreformat

.github/workflows/tox.yml

@@ -0,0 +1,49 @@
+name: Tests
+
+on:
+  push:
+      branches:
+          - dev
+          - bullseye
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install apt dependencies
+      run: sudo apt install ldap-utils slapd libsasl2-dev libldap2-dev libssl-dev
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Test with tox
+      run: tox -e py39-pytest
+
+  invalidcode:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Linter
+      run: tox -e py39-invalidcode
+    - name: Mypy
+      run: tox -e py39-mypy

.gitignore

@@ -1,5 +1,8 @@
 *.py[co]
 
+# Documentation
+doc/_build/
+
 # Packages
 *.egg
 *.egg-info
@@ -10,6 +13,7 @@ dist
 build
 eggs
 parts
+bin
 cache
 var
 sdist
@@ -30,5 +34,11 @@ pip-log.txt
 # Mr Developer
 .mr.developer.cfg
 
-# moulinette lib
-src/yunohost/locales
+# Moulinette
+doc/*.json
+moulinette/package.py
+# track only test namespace
+lib/**
+!lib/test
+data/actionsmap/**
+!data/actionsmap/test.yml

CONTRIBUTORS.md

@@ -0,0 +1,70 @@
+Moulinette contributors
+=======================
+
+YunoHost is built and maintained by the YunoHost project community.
+Everyone is encouraged to submit issues and changes, and to contribute in other ways -- see https://yunohost.org/contribute to find out how.
+
+--
+
+Initial Moulinette was built by Kload & jerome, for YunoHost v2.
+
+Most of actual Moulinette code was written by jerome, with help of numerous contributors.
+
+Translation is made by a bunch of lovely people all over the world.
+
+We would like to thank anyone who ever helped the YunoHost project <3
+
+
+Moulinette Contributors
+-----------------------
+
+- Kload
+- Jérôme Lebleu
+- Adrien 'beudbeud' Beudin
+- titoko
+- Laurent 'Bram' Peuch
+- Julien 'ju' Malik
+- npze
+- lmangani
+- Valentin 'zamentur' / 'ljf' Grimaud
+- dblugeon
+
+
+Moulinette Translators
+----------------------
+
+If you want to help translation, please visit https://translate.yunohost.org/projects/yunohost/yunohost/
+
+
+### Dutch
+
+- marut
+
+### English
+
+- Anmol
+
+### French
+
+- Bobo
+- Laurent Peuch
+- Jean-Baptiste Holcroft
+- Jérôme Lebleu
+
+### German
+
+- David Bartke
+- Felix Bartels
+- Marvin Gärtner
+
+### Hindi
+
+- Anmol
+
+### Portuguese
+
+- frju
+
+### Spanish
+
+- Juanu

LICENSE

@@ -7,15 +7,15 @@
 
                             Preamble
 
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
+  The GNU Affero General Public License is a free, copyleft license
+for software and other kinds of works, specifically designed to ensure
 cooperation with the community in the case of network server software.
 
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
+  The licenses for most software and other practical works are
+designed to take away your freedom to share and change the works.  By
+contrast, our General Public Licenses are intended to guarantee your
+freedom to share and change all versions of a program--to make sure it
+remains free software for all its users.
 
   When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -60,11 +60,12 @@ modification follow.
 
   0. Definitions.
 
-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
+  "This License" refers to version 3 of the GNU Affero General Public
+License.
 
+  "Copyright" also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+ 
   "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
@@ -376,12 +377,12 @@ that material) supplement the terms of this License with terms:
   All other non-permissive additional terms are considered "further
 restrictions" within the meaning of section 10.  If the Program as you
 received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
+governed by this License along with a term that is a further restriction,
+you may remove that term.  If a license document contains a further
+restriction but permits relicensing or conveying under this License, you
+may add to a covered work material governed by the terms of that license
+document, provided that the further restriction does not survive such
+relicensing or conveying.
 
   If you add terms to a covered work in accord with this section, you
 must place, in the relevant source files, a statement of the
@@ -550,34 +551,34 @@ shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.
 
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
+  Notwithstanding any other provision of this License, you have permission
+to link or combine any covered work with a work licensed under version 3
+of the GNU General Public License into a single combined work, and to
+convey the resulting work.  The terms of this License will continue to
+apply to the part which is the covered work, but the work with which it is
+combined will remain governed by version 3 of the GNU General Public
+License.
 
   14. Revised Versions of this License.
 
   The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
+the GNU Affero General Public License from time to time.  Such new
+versions will be similar in spirit to the present version, but may differ
+in detail to address new problems or concerns.
 
   Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
+Program specifies that a certain numbered version of the GNU Affero
+General Public License "or any later version" applies to it, you have
+the option of following the terms and conditions either of that
+numbered version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number
+of the GNU Affero General Public License, you may choose any version
+ever published by the Free Software Foundation.
 
   If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
+versions of the GNU Affero General Public License can be used, that
+proxy's public statement of acceptance of a version permanently
+authorizes you to choose that version for the Program.
 
   Later license versions may give you additional or different
 permissions.  However, no additional obligations are imposed on any
@@ -616,9 +617,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
 
-                     END OF TERMS AND CONDITIONS
+                       END OF TERMS AND CONDITIONS
 
-            How to Apply These Terms to Your New Programs
+              How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -633,9 +634,9 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
+    it under the terms of the GNU Affero General Public License as
+    published by the Free Software Foundation, either version 3 of the
+    License, or (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of

README.md

@@ -1,2 +1,46 @@
-Please report issues here (no registration needed):
-https://dev.yunohost.org/projects/yunohost/issues
+<h1 align="center">Moulinette</h1>
+
+<div align="center">
+ 
+![Version](https://img.shields.io/github/v/tag/yunohost/moulinette?label=version&sort=semver)
+[![Tests status](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml/badge.svg)](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/YunoHost/moulinette.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/YunoHost/moulinette/context:python)
+[![GitHub license](https://img.shields.io/github/license/YunoHost/moulinette)](https://github.com/YunoHost/moulinette/blob/dev/LICENSE)
+
+ 
+Moulinette is a small Python framework meant to easily create programs with unified CLI and API.
+
+In particular, it is used as a base framework for the YunoHost project.
+ 
+</div>
+
+Issues
+------
+
+- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
+
+Overview
+--------
+
+Moulinette allows to create a YAML "actionmaps" that describes what commands are available. Moulinette will automatically make these commands available through the CLI and Web API, and will be mapped to a python function. Moulinette also provide some general helpers, for example for logging, i18n, authentication, or common file system operations.
+
+<div align="center"><img src="doc/actionsmap.png" width="700" /></div>
+
+Translation
+-----------
+
+You can help translate Moulinette on our [translation platform](https://translate.yunohost.org/engage/yunohost/?utm_source=widget)
+
+<div align="center"><img src="https://translate.yunohost.org/widgets/yunohost/-/moulinette/horizontal-auto.svg" alt="Translation status" /></div>
+
+Developpers
+-----------
+
+- You can learn how to get started with developing on YunoHost by reading [this piece of documentation](https://yunohost.org/dev).
+- Specific doc for moulinette: https://moulinette.readthedocs.org
+- Run tests with:
+
+```
+$ pip install tox
+$ tox
+```

bin/yunohost

@@ -1,208 +0,0 @@
-#! /usr/bin/python
-# -*- coding: utf-8 -*-
-
-import sys
-import os
-
-# Either we are in a development environment or not
-IN_DEVEL = False
-
-# Level for which loggers will log
-LOGGERS_LEVEL = 'INFO'
-TTY_LOG_LEVEL = 'SUCCESS'
-
-# Handlers that will be used by loggers
-#  - file: log to the file LOG_DIR/LOG_FILE
-#  - tty: log to current tty
-LOGGERS_HANDLERS = ['file', 'tty']
-
-# Directory and file to be used by logging
-LOG_DIR = '/var/log/yunohost'
-LOG_FILE = 'yunohost-cli.log'
-
-# Check and load - as needed - development environment
-if not __file__.startswith('/usr/'):
-    IN_DEVEL = True
-if IN_DEVEL:
-    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
-    if os.path.isdir(os.path.join(basedir, 'moulinette')):
-        sys.path.insert(0, basedir)
-    LOG_DIR = os.path.join(basedir, 'log')
-
-
-# Initialization & helpers functions -----------------------------------
-
-def _die(message, title='Error:'):
-    """Print error message and exit"""
-    try:
-        from moulinette.interfaces.cli import colorize
-    except ImportError:
-        colorize = lambda msg, c: msg
-    print('%s %s' % (colorize(title, 'red'), message))
-    sys.exit(1)
-
-def _parse_cli_args():
-    """Parse additional arguments for the cli"""
-    import argparse
-
-    parser = argparse.ArgumentParser(add_help=False)
-    parser.add_argument('--no-cache',
-        action='store_false', default=True, dest='use_cache',
-        help="Don't use actions map cache",
-    )
-    parser.add_argument('--output-as',
-        choices=['json', 'plain'], default=None,
-        help="Output result in another format",
-    )
-    parser.add_argument('--debug',
-        action='store_true', default=False,
-        help="Log and print debug messages",
-    )
-    parser.add_argument('--verbose',
-        action='store_true', default=False,
-        help="Be more verbose in the output",
-    )
-    parser.add_argument('--quiet',
-        action='store_true', default=False,
-        help="Don't produce any output",
-    )
-    parser.add_argument('--admin-password',
-        default=None, dest='password', metavar='PASSWORD',
-        help="The admin password to use to authenticate",
-    )
-    # deprecated arguments
-    parser.add_argument('--plain',
-        action='store_true', default=False, help=argparse.SUPPRESS
-    )
-    parser.add_argument('--json',
-        action='store_true', default=False, help=argparse.SUPPRESS
-    )
-
-    opts, args = parser.parse_known_args()
-
-    # output compatibility
-    if opts.plain:
-        opts.output_as = 'plain'
-    elif opts.json:
-        opts.output_as = 'json'
-
-    return (parser, opts, args)
-
-def _init_moulinette(debug=False, verbose=False, quiet=False):
-    """Configure logging and initialize the moulinette"""
-    from moulinette import init
-
-    # Define loggers handlers
-    handlers = set(LOGGERS_HANDLERS)
-    if quiet and 'tty' in handlers:
-        handlers.remove('tty')
-    elif verbose and 'tty' not in handlers:
-        handlers.append('tty')
-
-    root_handlers = set(handlers)
-    if not debug:
-        root_handlers.remove('tty')
-
-    # Define loggers level
-    level = LOGGERS_LEVEL
-    tty_level = TTY_LOG_LEVEL
-    if verbose:
-        tty_level = 'INFO'
-    if debug:
-        tty_level = level = 'DEBUG'
-
-    # Custom logging configuration
-    logging = {
-        'version': 1,
-        'disable_existing_loggers': True,
-        'formatters': {
-            'tty-debug': {
-                'format': '%(relativeCreated)-4d %(fmessage)s'
-            },
-            'precise': {
-                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-        },
-        'filters': {
-            'action': {
-                '()': 'moulinette.utils.log.ActionFilter',
-            },
-        },
-        'handlers': {
-            'tty': {
-                'level': tty_level,
-                'class': 'moulinette.interfaces.cli.TTYHandler',
-                'formatter': 'tty-debug' if debug else '',
-            },
-            'file': {
-                'class': 'logging.FileHandler',
-                'formatter': 'precise',
-                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
-                'filters': ['action'],
-            },
-        },
-        'loggers': {
-            'yunohost': {
-                'level': level,
-                'handlers': handlers,
-                'propagate': False,
-            },
-            'moulinette': {
-                'level': level,
-                'handlers': [],
-                'propagate': True,
-            },
-        },
-        'root': {
-            'level': level,
-            'handlers': root_handlers,
-        },
-    }
-
-    # Create log directory
-    if not os.path.isdir(LOG_DIR):
-        try:
-            os.makedirs(LOG_DIR, 0750)
-        except os.error as e:
-            _die(str(e))
-
-    # Initialize moulinette
-    init(logging_config=logging, _from_source=IN_DEVEL)
-
-def _retrieve_namespaces():
-    """Return the list of namespaces to load"""
-    from moulinette.actionsmap import ActionsMap
-    ret = ['yunohost']
-    for n in ActionsMap.get_namespaces():
-        # Append YunoHost modules
-        if n.startswith('ynh_'):
-            ret.append(n)
-    return ret
-
-
-# Main action ----------------------------------------------------------
-
-if __name__ == '__main__':
-    parser, opts, args = _parse_cli_args()
-    _init_moulinette(opts.debug, opts.verbose, opts.quiet)
-
-    # Check that YunoHost is installed
-    if not os.path.isfile('/etc/yunohost/installed') and \
-       (len(args) < 2 or (args[0] +' '+ args[1] != 'tools postinstall' and \
-                          args[0] +' '+ args[1] != 'backup restore')):
-        from moulinette.interfaces.cli import get_locale
-
-        # Init i18n
-        m18n.load_namespace('yunohost')
-        m18n.set_locale(get_locale())
-
-        # Print error and exit
-        _die(m18n.n('yunohost_not_installed'), m18n.g('error'))
-
-    # Execute the action
-    from moulinette import cli
-    ret = cli(_retrieve_namespaces(), args,
-            use_cache=opts.use_cache, output_as=opts.output_as,
-            password=opts.password, parser_kwargs={'top_parser': parser}
-    )
-    sys.exit(ret)

bin/yunohost-api

@@ -1,208 +0,0 @@
-#! /usr/bin/python
-# -*- coding: utf-8 -*-
-
-import sys
-import os.path
-
-# Either we are in a development environment or not
-IN_DEVEL = False
-
-# Default server configuration
-DEFAULT_HOST = 'localhost'
-DEFAULT_PORT = 6787
-
-# Level for which loggers will log
-LOGGERS_LEVEL = 'INFO'
-
-# Handlers that will be used by loggers
-#  - file: log to the file LOG_DIR/LOG_FILE
-#  - api: serve logs through the api
-#  - console: log to stderr
-LOGGERS_HANDLERS = ['file', 'api']
-
-# Directory and file to be used by logging
-LOG_DIR = '/var/log/yunohost'
-LOG_FILE = 'yunohost-api.log'
-
-# Check and load - as needed - development environment
-if not __file__.startswith('/usr/'):
-    IN_DEVEL = True
-if IN_DEVEL:
-    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
-    if os.path.isdir(os.path.join(basedir, 'moulinette')):
-        sys.path.insert(0, basedir)
-    LOG_DIR = os.path.join(basedir, 'log')
-
-
-# Initialization & helpers functions -----------------------------------
-
-def _die(message, title='Error:'):
-    """Print error message and exit"""
-    try:
-        from moulinette.interfaces.cli import colorize
-    except ImportError:
-        colorize = lambda msg, c: msg
-    print('%s %s' % (colorize(title, 'red'), message))
-    sys.exit(1)
-
-def _parse_api_args():
-    """Parse main arguments for the api"""
-    import argparse
-
-    parser = argparse.ArgumentParser(add_help=False,
-        description="Run the YunoHost API to manage your server.",
-    )
-    srv_group = parser.add_argument_group('server configuration')
-    srv_group.add_argument('-h', '--host',
-        action='store', default=DEFAULT_HOST,
-        help="Host to listen on (default: %s)" % DEFAULT_HOST,
-    )
-    srv_group.add_argument('-p', '--port',
-        action='store', default=DEFAULT_PORT, type=int,
-        help="Port to listen on (default: %d)" % DEFAULT_PORT,
-    )
-    srv_group.add_argument('--no-websocket',
-        action='store_true', default=True, dest='use_websocket',
-        help="Serve without WebSocket support, used to handle "
-        "asynchronous responses such as the messages",
-    )
-    glob_group = parser.add_argument_group('global arguments')
-    glob_group.add_argument('--no-cache',
-        action='store_false', default=True, dest='use_cache',
-        help="Don't use actions map cache",
-    )
-    glob_group.add_argument('--debug',
-        action='store_true', default=False,
-        help="Set log level to DEBUG",
-    )
-    glob_group.add_argument('--verbose',
-        action='store_true', default=False,
-        help="Be verbose in the output",
-    )
-    glob_group.add_argument('--help',
-        action='help', help="Show this help message and exit",
-    )
-
-    return parser.parse_args()
-
-def _init_moulinette(use_websocket=True, debug=False, verbose=False):
-    """Configure logging and initialize the moulinette"""
-    from moulinette import init
-
-    # Define loggers handlers
-    handlers = set(LOGGERS_HANDLERS)
-    if not use_websocket and 'api' in handlers:
-        handlers.remove('api')
-    if verbose and 'console' not in handlers:
-        handlers.add('console')
-    root_handlers = handlers - set(['api'])
-
-    # Define loggers level
-    level = LOGGERS_LEVEL
-    if debug:
-        level = 'DEBUG'
-
-    # Custom logging configuration
-    logging = {
-        'version': 1,
-        'disable_existing_loggers': True,
-        'formatters': {
-            'console': {
-                'format': '%(relativeCreated)-5d %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-            'precise': {
-                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-        },
-        'filters': {
-            'action': {
-                '()': 'moulinette.utils.log.ActionFilter',
-            },
-        },
-        'handlers': {
-            'api': {
-                'class': 'moulinette.interfaces.api.APIQueueHandler',
-            },
-            'file': {
-                'class': 'logging.handlers.WatchedFileHandler',
-                'formatter': 'precise',
-                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
-                'filters': ['action'],
-            },
-            'console': {
-                'class': 'logging.StreamHandler',
-                'formatter': 'console',
-                'stream': 'ext://sys.stdout',
-                'filters': ['action'],
-            },
-        },
-        'loggers': {
-            'yunohost': {
-                'level': level,
-                'handlers': handlers,
-                'propagate': False,
-            },
-            'moulinette': {
-                'level': level,
-                'handlers': [],
-                'propagate': True,
-            },
-        },
-        'root': {
-            'level': level,
-            'handlers': root_handlers,
-        },
-    }
-
-    # Create log directory
-    if not os.path.isdir(LOG_DIR):
-        try:
-            os.makedirs(LOG_DIR, 0750)
-        except os.error as e:
-            _die(str(e))
-
-    # Initialize moulinette
-    init(logging_config=logging, _from_source=IN_DEVEL)
-
-def _retrieve_namespaces():
-    """Return the list of namespaces to load"""
-    from moulinette.actionsmap import ActionsMap
-    ret = ['yunohost']
-    for n in ActionsMap.get_namespaces():
-        # Append YunoHost modules
-        if n.startswith('ynh_'):
-            ret.append(n)
-    return ret
-
-
-# Callbacks for additional routes --------------------------------------
-
-def is_installed():
-    """
-    Check whether YunoHost is installed or not
-
-    """
-    installed = False
-    if os.path.isfile('/etc/yunohost/installed'):
-        installed = True
-    return { 'installed': installed }
-
-
-# Main action ----------------------------------------------------------
-
-if __name__ == '__main__':
-    opts = _parse_api_args()
-    _init_moulinette(opts.use_websocket, opts.debug, opts.verbose)
-
-    # Run the server
-    from moulinette import api, MoulinetteError
-    from yunohost.utils.packages import ynh_packages_version
-    ret = api(_retrieve_namespaces(),
-            host=opts.host, port=opts.port,
-            routes={
-                ('GET', '/installed'): is_installed,
-                ('GET', '/version'): ynh_packages_version,
-            },
-            use_cache=opts.use_cache, use_websocket=opts.use_websocket
-    )
-    sys.exit(ret)

data/bash-completion.d/yunohost

@@ -1,12 +0,0 @@
-#
-# Bash completion for yunohost
-#
-
-_python_argcomplete() {
-    local IFS=''
-    COMPREPLY=( $(IFS="$IFS"                   COMP_LINE="$COMP_LINE"                   COMP_POINT="$COMP_POINT"                   _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS"                   _ARGCOMPLETE=1                   "$1" 8>&1 9>&2 1>/dev/null 2>/dev/null) )
-    if [[ $? != 0 ]]; then
-        unset COMPREPLY
-    fi
-}
-complete -o nospace -o default -F _python_argcomplete "yunohost"

data/helpers

@@ -1,7 +0,0 @@
-# -*- shell-script -*-
-
-# TODO : use --regex to validate against a namespace
-for helper in $(run-parts --list /usr/share/yunohost/helpers.d 2>/dev/null) ; do
-    [ -r $helper ] && . $helper || true
-done
-

data/helpers.d/filesystem

@@ -1,41 +0,0 @@
-CAN_BIND=1
-
-# Bind a directory or copy it on error
-#
-# usage: ynh_bind_or_cp srcdir destdir as_root
-# | arg: srcdir - directory to bind or copy
-# | arg: destdir - mountpoint or destination directory
-# | arg: as_root - 1 to execute commands as root
-ynh_bind_or_cp() {
-    SRCDIR=$1
-    DESTDIR=$2
-    SUDO_CMD="sudo"
-    [[ "$3" != "1" ]] && SUDO_CMD=""
-
-    if [[ $CAN_BIND == 1 ]]; then
-        $SUDO_CMD mkdir -p $DESTDIR
-        $SUDO_CMD mount --bind "$SRCDIR" "$DESTDIR"
-        if [[ $? == 0 ]]; then
-            for m in $(mount | grep " $SRCDIR" | awk '{ print $3 }'); do
-                $SUDO_CMD mount --bind "$m" "${DESTDIR}${m#${SRCDIR}}"
-            done
-            return
-        fi
-        echo "Error: bind mounting seems to be disabled on your system."
-        echo "You have maybe to check your apparmor configuration."
-        CAN_BIND=0
-    fi
-    $SUDO_CMD cp -r "$SRCDIR" "$DESTDIR"
-}
-
-# Create a directory under /tmp
-#
-# usage: ynh_mkdir_tmp
-# | ret: the created directory path
-ynh_mkdir_tmp() {
-    TMPDIR="/tmp/$(ynh_string_random 6)"
-    while [ -d $TMPDIR ]; do
-        TMPDIR="/tmp/$(ynh_string_random 6)"
-    done
-    mkdir -p "$TMPDIR" && echo "$TMPDIR"
-}

data/helpers.d/ip

@@ -1,52 +0,0 @@
-# Validate an IP address
-#
-# example: ynh_validate_ip 4 111.222.333.444
-#
-# usage: ynh_validate_ip <family> <ip_address>
-#
-# exit code : 0 for valid ip addresses, 1 otherwise
-ynh_validate_ip()
-{
-  # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
-  
-  IP_ADDRESS_FAMILY=$1
-  IP_ADDRESS=$2
-  
-  [ "$IP_ADDRESS_FAMILY" == "4" ] || [ "$IP_ADDRESS_FAMILY" == "6" ] || return 1
-  
-  python /dev/stdin << EOF
-import socket
-import sys
-family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
-try:
-    socket.inet_pton(family["$IP_ADDRESS_FAMILY"], "$IP_ADDRESS")
-except socket.error:
-    sys.exit(1)
-sys.exit(0)
-EOF
-}
-
-# Validate an IPv4 address
-#
-# example: ynh_validate_ip4 111.222.333.444
-#
-# usage: ynh_validate_ip4 <ip_address>
-#
-# exit code : 0 for valid ipv4 addresses, 1 otherwise
-ynh_validate_ip4()
-{
-  ynh_validate_ip 4 $1
-}
-
-
-# Validate an IPv6 address
-#
-# example: ynh_validate_ip6 2000:dead:beef::1
-#
-# usage: ynh_validate_ip6 <ip_address>
-#
-# exit code : 0 for valid ipv6 addresses, 1 otherwise
-ynh_validate_ip6()
-{
-  ynh_validate_ip 6 $1
-}

data/helpers.d/mysql

@@ -1,92 +0,0 @@
-MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql
-
-# Open a connection as a user
-#
-# example: ynh_mysql_connect_as 'user' 'pass' <<< "UPDATE ...;"
-# example: ynh_mysql_connect_as 'user' 'pass' < /path/to/file.sql
-#
-# usage: ynh_mysql_connect_as user pwd [db]
-# | arg: user - the user name to connect as
-# | arg: pwd - the user password
-# | arg: db - the database to connect to
-ynh_mysql_connect_as() {
-    mysql -u "$1" --password="$2" -B "${3:-}"
-}
-
-# Execute a command as root user
-#
-# usage: ynh_mysql_execute_as_root sql [db]
-# | arg: sql - the SQL command to execute
-# | arg: db - the database to connect to
-ynh_mysql_execute_as_root() {
-    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
-        "${2:-}" <<< "$1"
-}
-
-# Execute a command from a file as root user
-#
-# usage: ynh_mysql_execute_file_as_root sql [db]
-# | arg: file - the file containing SQL commands
-# | arg: db - the database to connect to
-ynh_mysql_execute_file_as_root() {
-    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
-        "${2:-}" < "$1"
-}
-
-# Create a database and grant optionnaly privilegies to a user
-#
-# usage: ynh_mysql_create_db db [user [pwd]]
-# | arg: db - the database name to create
-# | arg: user - the user to grant privilegies
-# | arg: pwd - the password to identify user by
-ynh_mysql_create_db() {
-    db=$1
-
-    sql="CREATE DATABASE ${db};"
-
-    # grant all privilegies to user
-    if [[ $# -gt 1 ]]; then
-        sql+=" GRANT ALL PRIVILEGES ON ${db}.* TO '${2}'@'localhost'"
-        [[ -n ${3:-} ]] && sql+=" IDENTIFIED BY '${3}'"
-        sql+=" WITH GRANT OPTION;"
-    fi
-
-    ynh_mysql_execute_as_root "$sql"
-}
-
-# Drop a database
-#
-# usage: ynh_mysql_drop_db db
-# | arg: db - the database name to drop
-ynh_mysql_drop_db() {
-    ynh_mysql_execute_as_root "DROP DATABASE ${1};"
-}
-
-# Dump a database
-#
-# example: ynh_mysql_dump_db 'roundcube' > ./dump.sql
-#
-# usage: ynh_mysql_dump_db db
-# | arg: db - the database name to dump
-# | ret: the mysqldump output
-ynh_mysql_dump_db() {
-    mysqldump -u "root" -p"$(sudo cat $MYSQL_ROOT_PWD_FILE)" "$1"
-}
-
-# Create a user
-#
-# usage: ynh_mysql_create_user user pwd [host]
-# | arg: user - the user name to create
-# | arg: pwd - the password to identify user by
-ynh_mysql_create_user() {
-    ynh_mysql_execute_as_root \
-        "CREATE USER '${1}'@'localhost' IDENTIFIED BY '${2}';"
-}
-
-# Drop a user
-#
-# usage: ynh_mysql_drop_user user
-# | arg: user - the user name to drop
-ynh_mysql_drop_user() {
-    ynh_mysql_execute_as_root "DROP USER '${1}'@'localhost';"
-}

data/helpers.d/package

@@ -1,88 +0,0 @@
-# Check either a package is installed or not
-#
-# example: ynh_package_is_installed 'yunohost' && echo "ok"
-#
-# usage: ynh_package_is_installed name
-# | arg: name - the package name to check
-ynh_package_is_installed() {
-    dpkg-query -W -f '${Status}' "$1" 2>/dev/null \
-        | grep -c "ok installed" &>/dev/null
-}
-
-# Get the version of an installed package
-#
-# example: version=$(ynh_package_version 'yunohost')
-#
-# usage: ynh_package_version name
-# | arg: name - the package name to get version
-# | ret: the version or an empty string
-ynh_package_version() {
-    if ynh_package_is_installed "$1"; then
-        dpkg-query -W -f '${Version}' "$1" 2>/dev/null
-    else
-        echo ''
-    fi
-}
-
-# Update package index files
-#
-# usage: ynh_package_update
-ynh_package_update() {
-    sudo apt-get -y -qq update
-}
-
-# Install package(s)
-#
-# usage: ynh_package_install name [name [...]]
-# | arg: name - the package name to install
-ynh_package_install() {
-    sudo apt-get -y -qq install $@
-}
-
-# Build and install a package from an equivs control file
-#
-# example: generate an empty control file with `equivs-control`, adjust its
-#          content and use helper to build and install the package:
-#              ynh_package_install_from_equivs /path/to/controlfile
-#
-# usage: ynh_package_install_from_equivs controlfile
-# | arg: controlfile - path of the equivs control file
-ynh_package_install_from_equivs() {
-    ynh_package_is_installed 'equivs' \
-        || ynh_package_install equivs
-
-    # retrieve package information
-    pkgname=$(grep '^Package: ' $1 | cut -d' ' -f 2)
-    pkgversion=$(grep '^Version: ' $1 | cut -d' ' -f 2)
-    [[ -z "$pkgname" || -z "$pkgversion" ]] \
-        && echo "Invalid control file" && exit 1
-    controlfile=$(readlink -f "$1")
-
-    # update packages cache
-    ynh_package_update
-
-    # build and install the package
-    TMPDIR=$(ynh_mkdir_tmp)
-    (cd $TMPDIR \
-     && equivs-build "$controlfile" 1>/dev/null \
-     && sudo dpkg --force-depends \
-          -i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
-     && sudo apt-get -f -y -qq install) \
-        && ([[ -n "$TMPDIR" ]] && rm -rf $TMPDIR)
-}
-
-# Remove package(s)
-#
-# usage: ynh_package_remove name [name [...]]
-# | arg: name - the package name to remove
-ynh_package_remove() {
-    sudo apt-get -y -qq remove $@
-}
-
-# Remove package(s) and their uneeded dependencies
-#
-# usage: ynh_package_autoremove name [name [...]]
-# | arg: name - the package name to remove
-ynh_package_autoremove() {
-    sudo apt-get -y -qq autoremove $@
-}

data/helpers.d/setting

@@ -1,27 +0,0 @@
-# Get an application setting
-#
-# usage: ynh_app_setting_get app key
-# | arg: app - the application id
-# | arg: key - the setting to get
-ynh_app_setting_get() {
-    sudo yunohost app setting "$1" "$2" --output-as plain
-}
-
-# Set an application setting
-#
-# usage: ynh_app_setting_set app key value
-# | arg: app - the application id
-# | arg: key - the setting name to set
-# | arg: value - the setting value to set
-ynh_app_setting_set() {
-    sudo yunohost app setting "$1" "$2" -v "$3"
-}
-
-# Delete an application setting
-#
-# usage: ynh_app_setting_delete app key
-# | arg: app - the application id
-# | arg: key - the setting to delete
-ynh_app_setting_delete() {
-    sudo yunohost app setting -d "$1" "$2"
-}

data/helpers.d/string

@@ -1,11 +0,0 @@
-# Generate a random string
-#
-# example: pwd=$(ynh_string_random 8)
-#
-# usage: ynh_string_random [length]
-# | arg: length - the string length to generate (default: 24)
-ynh_string_random() {
-    dd if=/dev/urandom bs=1 count=200 2> /dev/null \
-      | tr -c -d '[A-Za-z0-9]' \
-      | sed -n 's/\(.\{'"${1:-24}"'\}\).*/\1/p'
-}

data/helpers.d/user

@@ -1,29 +0,0 @@
-# Check if a YunoHost user exists
-#
-# example: ynh_user_exists 'toto' || exit 1
-#
-# usage: ynh_user_exists username
-# | arg: username - the username to check
-ynh_user_exists() {
-    sudo yunohost user list --output-as json | grep -q "\"username\": \"${1}\""
-}
-
-# Retrieve a YunoHost user information
-#
-# example: mail=$(ynh_user_get_info 'toto' 'mail')
-#
-# usage: ynh_user_get_info username key
-# | arg: username - the username to retrieve info from
-# | arg: key - the key to retrieve
-# | ret: string - the key's value
-ynh_user_get_info() {
-    sudo yunohost user info "$1" --output-as plain | ynh_get_plain_key "$2"
-}
-
-# Check if a user exists on the system
-#
-# usage: ynh_system_user_exists username
-# | arg: username - the username to check
-ynh_system_user_exists() {
-    getent passwd "$1" &>/dev/null
-}

data/helpers.d/utils

@@ -1,26 +0,0 @@
-# Extract a key from a plain command output
-#
-# example: yunohost user info tata --output-as plain | ynh_get_plain_key mail
-#
-# usage: ynh_get_plain_key key [subkey [subsubkey ...]]
-# | ret: string - the key's value
-ynh_get_plain_key() {
-    prefix="#"
-    founded=0
-    key=$1
-    shift
-    while read line; do
-        if [[ "$founded" == "1" ]] ; then
-            [[ "$line" =~ ^${prefix}[^#] ]] && return
-            echo $line
-        elif [[ "$line" =~ ^${prefix}${key}$ ]]; then
-            if [[ -n "${1:-}" ]]; then
-                prefix+="#"
-                key=$1
-                shift
-            else
-                founded=1
-            fi
-        fi
-    done
-}

data/hooks/backup/05-conf_ldap

@@ -1,14 +0,0 @@
-backup_dir="${1}/conf/ldap"
-sudo mkdir -p "$backup_dir"
-
-# Fix for first jessie yunohost where slapd.conf is called slapd-yuno.conf
-# without slapcat doesn't work
-[[ ! -f /etc/ldap/slapd.conf ]] \
-  && sudo mv /etc/ldap/slapd-yuno.conf /etc/ldap/slapd.conf
-
-# Back up the configuration
-sudo cp -a /etc/ldap/slapd.conf "${backup_dir}/slapd.conf"
-sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
-
-# Back up the database
-sudo slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"

data/hooks/backup/08-conf_ssh

@@ -1,8 +0,0 @@
-backup_dir="$1/conf/ssh"
-sudo mkdir -p $backup_dir
-
-if [ -d /etc/ssh/ ]; then
-    sudo cp -a /etc/ssh/. $backup_dir
-else
-    echo "SSH is not installed"
-fi

data/hooks/backup/11-conf_ynh_mysql

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/mysql"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/mysql $backup_dir/

data/hooks/backup/14-conf_ssowat

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/ssowat"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/ssowat/. $backup_dir

data/hooks/backup/17-data_home

@@ -1,10 +0,0 @@
-backup_dir="$1/data/home"
-sudo mkdir -p $backup_dir
-
-. /usr/share/yunohost/helpers
-
-for f in $(find /home/* -type d -prune | awk -F/ '{print $NF}'); do
-    if [[ ! "$f" =~ ^yunohost|lost\+found ]]; then
-        ynh_bind_or_cp "/home/$f" "${backup_dir}/$f" 1
-    fi
-done

data/hooks/backup/20-conf_ynh_firewall

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/firewall"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/firewall* $backup_dir

data/hooks/backup/21-conf_ynh_certs

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/certs"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/certs/. $backup_dir

data/hooks/backup/23-data_mail

@@ -1,5 +0,0 @@
-backup_dir="$1/data/mail"
-
-. /usr/share/yunohost/helpers
-
-ynh_bind_or_cp /var/mail $backup_dir 1

data/hooks/backup/26-conf_xmpp

@@ -1,5 +0,0 @@
-backup_dir="$1/conf/xmpp"
-sudo mkdir -p $backup_dir/{etc,var}
-
-sudo cp -a /etc/metronome/. $backup_dir/etc
-sudo cp -a /var/lib/metronome/. $backup_dir/var

data/hooks/backup/29-conf_nginx

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/nginx"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/nginx/conf.d/. $backup_dir

data/hooks/backup/32-conf_cron

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/cron"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/cron.d/yunohost* $backup_dir/

data/hooks/backup/40-conf_ynh_currenthost

@@ -1,7 +0,0 @@
-backup_dir="$1/conf/ynh/"
-backup_dir_legacy="$1/yunohost/"
-sudo mkdir -p $backup_dir
-sudo mkdir -p $backup_dir_legacy
-
-sudo cp -a /etc/yunohost/current_host $backup_dir
-sudo cp -a /etc/yunohost/current_host $backup_dir_legacy

data/hooks/conf_regen/01-yunohost

@@ -1,25 +0,0 @@
-set -e 
-
-force=$1
-
-cd /usr/share/yunohost/templates/yunohost
-
-sudo mkdir -p /etc/yunohost
-
-if [ ! -f /etc/yunohost/current_host ]; then
-    echo "yunohost.org" | sudo tee /etc/yunohost/current_host
-fi
-
-if [ ! -f /etc/yunohost/firewall.yml ]; then
-    sudo cp firewall.yml /etc/yunohost/firewall.yml
-fi
-
-if [ ! -f /etc/yunohost/services.yml ]; then
-    sudo cp services.yml /etc/yunohost/services.yml
-fi
-
-# Allow users to access /media directory
-if [ ! -d /etc/skel/media ]; then
-    mkdir -p /media
-    ln -s /media /etc/skel/
-fi

data/hooks/conf_regen/02-ssl

@@ -1,64 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ ! -f /etc/yunohost/installed ]; then
-        sudo cp $1 $2
-    else
-        if [ $force ]; then
-            sudo yunohost service safecopy \
-              -s ssl $1 $2 --force
-        else
-            sudo yunohost service safecopy \
-              -s ssl $1 $2
-        fi
-    fi
-}
-
-cd /usr/share/yunohost/templates/ssl
-ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
-
-sudo mkdir -p /etc/yunohost/certs/yunohost.org
-sudo mkdir -p $ssl_dir/{ca,certs,crl,newcerts}
-
-safe_copy openssl.cnf $ssl_dir/openssl.cnf
-
-[ -f $ssl_dir/serial ] \
-  || (echo "00" | sudo tee $ssl_dir/serial)
-
-[ -f $ssl_dir/index.txt ] \
-  || sudo touch $ssl_dir/index.txt
-
-if [ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]; then
-    sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-      -days 3650 -out $ssl_dir/ca/cacert.pem \
-      -keyout $ssl_dir/ca/cakey.pem -nodes -batch
-    sudo cp $ssl_dir/ca/cacert.pem \
-      /etc/yunohost/certs/yunohost.org/ca.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
-      /etc/ssl/certs/ca-yunohost_crt.pem
-    sudo update-ca-certificates
-fi
-
-if [ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]; then
-    sudo openssl req -new -config $ssl_dir/openssl.cnf \
-      -days 730 -out $ssl_dir/certs/yunohost_csr.pem \
-      -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 
-    sudo openssl ca -config $ssl_dir/openssl.cnf \
-      -days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-      -out $ssl_dir/certs/yunohost_crt.pem -batch
-
-    last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
-    sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
-    sudo chmod 640 $last_cert
-
-    sudo cp $ssl_dir/certs/yunohost_key.pem \
-      /etc/yunohost/certs/yunohost.org/key.pem
-    sudo cp $last_cert \
-      /etc/yunohost/certs/yunohost.org/crt.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
-      /etc/ssl/certs/yunohost_crt.pem
-    sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
-      /etc/ssl/private/yunohost_key.pem
-fi

data/hooks/conf_regen/03-ssh

@@ -1,30 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ $force ]; then
-        sudo yunohost service safecopy \
-          -s ssh \
-          $1 $2 \
-          --force
-    else
-        sudo yunohost service safecopy \
-          -s ssh \
-          $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/ssh
-
-# Only overwrite SSH configuration on an ISO installation
-if [ ! -f /etc/yunohost/from_script ]; then
-
-    # Do not listen to IPv6 if unavailable
-    if [ ! -f /proc/net/if_inet6 ]; then
-        sudo sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
-    fi
-    safe_copy sshd_config /etc/ssh/sshd_config
-    
-    sudo service ssh restart
-fi

data/hooks/conf_regen/06-slapd

@@ -1,71 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ ! -f /etc/yunohost/installed ]; then
-        sudo cp $1 $2
-    else
-        if [[ "$force" == "True" ]]; then
-            sudo yunohost service safecopy \
-              -s slapd $1 $2 --force
-        else
-            sudo yunohost service safecopy \
-              -s slapd $1 $2
-        fi
-    fi
-}
-
-cd /usr/share/yunohost/templates/slapd
-
-# Remove legacy configuration file
-[ ! -f /etc/yunohost/installed ] \
-  || sudo yunohost service saferemove -s slapd \
-    /etc/ldap/slapd-yuno.conf
-
-# Retrieve current backend
-backend=$(sudo slapcat -n 0 | sed -n 's/^dn: olcDatabase={1}\(.*\),cn=config$/\1/p')
-
-# Save current database in case of a backend change
-BACKEND_CHANGE=0
-BACKUP_DIR="/var/backups/dc=yunohost,dc=org-${backend}-$(date +%s)"
-if [[ -n "$backend" && "$backend" != "mdb" && "$force" == "True" ]]; then
-    BACKEND_CHANGE=1
-    sudo mkdir -p "$BACKUP_DIR"
-    sudo slapcat -b dc=yunohost,dc=org \
-      -l "${BACKUP_DIR}/dc=yunohost-dc=org.ldif"
-fi
-
-safe_copy sudo.schema /etc/ldap/schema/sudo.schema
-safe_copy mailserver.schema /etc/ldap/schema/mailserver.schema
-safe_copy ldap.conf /etc/ldap/ldap.conf
-safe_copy slapd.default /etc/default/slapd
-safe_copy slapd.conf /etc/ldap/slapd.conf
-
-# Fix some permissions
-sudo chown root:openldap /etc/ldap/slapd.conf
-sudo chown -R openldap:openldap /etc/ldap/schema/
-sudo chown -R openldap:openldap /etc/ldap/slapd.d/
-
-# Check the slapd config file at first
-sudo slaptest -Q -u -f /etc/ldap/slapd.conf
-
-if [[ $BACKEND_CHANGE -eq 1 ]]; then
-    # Regenerate LDAP config directory and import database as root
-    # since the admin user may be unavailable
-    sudo sh -c "rm -Rf /etc/ldap/slapd.d;
-mkdir /etc/ldap/slapd.d;
-slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
-chown -R openldap:openldap /etc/ldap/slapd.d;
-slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
-  -l '${BACKUP_DIR}/dc=yunohost-dc=org.ldif';
-chown -R openldap:openldap /var/lib/ldap" 2>&1
-else
-    # Regenerate LDAP config directory from slapd.conf
-    sudo rm -Rf /etc/ldap/slapd.d
-    sudo mkdir /etc/ldap/slapd.d
-    sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
-    sudo chown -R openldap:openldap /etc/ldap/slapd.d/
-fi
-
-sudo service slapd force-reload

data/hooks/conf_regen/09-nslcd

@@ -1,26 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s nslcd \
-          $1 $2 \
-          --force
-    else
-        sudo yunohost service safecopy \
-          -s nslcd \
-          $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/nslcd
-
-safe_copy nslcd.conf /etc/nslcd.conf
-
-# Fix: Add a blank line at the end of the file
-# to avoid nscld restart failure
-echo -e "\n" | sudo tee -a /etc/nslcd.conf
-
-sudo service nslcd restart

data/hooks/conf_regen/12-metronome

@@ -1,66 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s metronome \
-          $1 $2 \
-          --force
-    else
-        sudo yunohost service safecopy \
-          -s metronome \
-          $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/metronome
-
-# Copy configuration files
-main_domain=$(cat /etc/yunohost/current_host)
-cat metronome.cfg.lua.sed \
-  | sed "s/{{ main_domain }}/$main_domain/g" \
-  | sudo tee metronome.cfg.lua
-safe_copy metronome.cfg.lua /etc/metronome/metronome.cfg.lua
-
-need_restart=False
-sudo mkdir -p /etc/metronome/conf.d
-
-domain_list=$(sudo yunohost domain list --output-as plain)
-
-# Copy a configuration file for each YunoHost domain 
-for domain in $domain_list; do
-    sanitzed_domain="$(echo $domain | sed 's/\./%2e/g')"
-    sudo mkdir -p /var/lib/metronome/$sanitzed_domain/pep
-
-    cat domain.cfg.lua.sed \
-      | sed "s/{{ domain }}/$domain/g" \
-      | sudo tee $domain.cfg.lua
-    if [[ $(safe_copy $domain.cfg.lua /etc/metronome/conf.d/$domain.cfg.lua | tail -n1) == "True" ]]; then
-        need_restart=True
-    fi
-done
-
-# Remove old domains files
-for file in /etc/metronome/conf.d/*; do
-    domain=$(echo $file \
-             | sed 's|/etc/metronome/conf.d/||' \
-             | sed 's|.cfg.lua||')
-    sanitzed_domain="$(echo $domain | sed 's/\./%2e/g')"
-    [[ $domain_list =~ $domain ]] \
-      || ([[ $(sudo yunohost service saferemove -s metronome $file | tail -n1) == "True" ]] \
-        && sudo rm -rf /var/lib/metronome/$sanitzed_domain)
-done
-
-# Create domain directory
-sudo chown -R metronome: /var/lib/metronome/
-sudo chown -R metronome: /etc/metronome/conf.d/
-
-# Restart if need be
-if [[ "$need_restart" == "True" ]]; then
-    sudo service metronome restart
-else
-    sudo service metronome reload \
-      || sudo service metronome restart
-fi

data/hooks/conf_regen/15-nginx

@@ -1,86 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [ ! -f /etc/yunohost/installed ]; then
-        sudo cp $1 $2
-    else
-        if [[ "$force" == "True" ]]; then
-            sudo yunohost service safecopy \
-              -s nginx \
-              $1 $2 \
-              --force
-        else
-            sudo yunohost service safecopy \
-              -s nginx \
-              $1 $2
-        fi
-    fi
-}
-
-cd /usr/share/yunohost/templates/nginx
-
-# Copy plain single configuration files
-files="ssowat.conf
-global.conf
-yunohost_admin.conf
-yunohost_admin.conf.inc
-yunohost_api.conf.inc
-yunohost_panel.conf.inc"
-
-for file in $files; do
-    safe_copy $file /etc/nginx/conf.d/$file
-done
-
-
-if [ -f /etc/yunohost/installed ]; then
-
-    need_restart=False
-    domain_list=$(sudo yunohost domain list --output-as plain)
-
-    # Copy a configuration file for each YunoHost domain
-    for domain in $domain_list; do
-        sudo mkdir -p /etc/nginx/conf.d/$domain.d
-        cat server.conf.sed \
-          | sed "s/{{ domain }}/$domain/g" \
-          | sudo tee $domain.conf
-        [[ $(safe_copy $domain.conf /etc/nginx/conf.d/$domain.conf | tail -n1) == "True" ]] \
-          && need_restart=True
-
-        [ -f /etc/nginx/conf.d/$domain.d/yunohost_local.conf ] \
-          && [[ $main_domain != $domain ]] \
-          && sudo yunohost service saferemove -s nginx \
-              /etc/nginx/conf.d/$domain.d/yunohost_local.conf
-    done
-
-
-    # Copy 'yunohost.local' to the main domain conf directory
-    main_domain=$(cat /etc/yunohost/current_host)
-    safe_copy yunohost_local.conf \
-      /etc/nginx/conf.d/$main_domain.d/yunohost_local.conf
-
-
-    # Remove old domains files
-    for file in /etc/nginx/conf.d/*.*.conf; do
-        domain=$(echo $file \
-                  | sed 's|/etc/nginx/conf.d/||' \
-                  | sed 's|.conf||')
-        [[ $domain_list =~ $domain ]] \
-          || ([[ $(sudo yunohost service saferemove -s nginx $file) == "True" ]] \
-            && (sudo rm -r /etc/nginx/conf.d/$domain.d || true))
-    done
-
-else
-    [ ! -f /etc/nginx/sites-available/default ] \
-      || sudo rm -f /etc/nginx/sites-enabled/default
-    need_restart=True
-fi
-
-# Restart if need be
-if [[ "$need_restart" == "True" ]]; then
-    sudo service nginx restart
-else
-    sudo service nginx reload \
-      || sudo service nginx restart
-fi

data/hooks/conf_regen/19-postfix

@@ -1,56 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s postfix \
-          $1 $2 \
-          --force
-    else
-        sudo yunohost service safecopy \
-          -s postfix \
-          $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/postfix
-
-# Copy plain single configuration files
-files="header_checks
-ldap-accounts.cf
-ldap-aliases.cf
-ldap-domains.cf
-master.cf
-sender_canonical
-smtp_reply_filter"
-
-for file in $files; do
-    safe_copy $file /etc/postfix/$file
-done
-
-main_domain=$(cat /etc/yunohost/current_host)
-
-# Replace main domain in the main configuration file
-cat main.cf.sed \
-  | sed "s/{{ main_domain }}/$main_domain/g" \
-  | sudo tee main.cf
-
-# And adapt it to IPv4-only hosts
-if [ ! -f /proc/net/if_inet6 ]; then
-    sudo sed -i \
-      's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \
-      main.cf
-
-    sudo sed -i \
-      's/inet_interfaces = all/inet_interfaces = all\ninet_protocols = ipv4/' \
-      main.cf
-fi
-
-if [[ $(safe_copy main.cf /etc/postfix/main.cf) == "True" ]]; then
-    sudo service postfix restart
-else
-    sudo service postfix reload \
-      || sudo service postfix restart
-fi

data/hooks/conf_regen/22-email-legacy

@@ -1,43 +0,0 @@
-set -e
-
-# Execute this hook only if we force the configuration regeneration
-if [[ "$1" == "True" ]]; then
-
-    # Add new email services
-    sudo yunohost service add rspamd -l /var/log/mail.log \
-      || echo "rspamd is already listed in services"
-
-    sudo yunohost service add rmilter -l /var/log/mail.log \
-      || echo "rmilter is already listed in services"
-
-    sudo yunohost service add redis-server -l /var/log/redis/redis-server.log \
-      || echo "redis-server is already listed in services"
-
-    # Remove previous email services
-    systemctl is-enabled spamassassin > /dev/null 2>&1 \
-      && sudo systemctl disable spamassassin
-    systemctl is-active spamassassin > /dev/null \
-      && sudo systemctl stop spamassassin
-    sudo rm -f /etc/cron.daily/spamassassin
-    sudo yunohost service status spamassassin > /dev/null 2>&1 \
-      && sudo yunohost service remove spamassassin
-
-    # 'systemctl is-enabled' does not work for service with no systemd unit file
-    sudo ls /etc/rc2.d/S??amavis > /dev/null 2>&1 \
-      || sudo systemctl disable amavis
-    sudo systemctl is-active amavis > /dev/null  \
-      && sudo systemctl stop amavis
-    sudo yunohost service status amavis > /dev/null 2>&1 \
-      && sudo yunohost service remove amavis
-
-    # 'systemctl is-enabled' does not work for service with no systemd unit file
-    sudo ls /etc/rc2.d/S??postgrey > /dev/null 2>&1 \
-      || sudo systemctl disable postgrey
-    sudo systemctl is-active postgrey > /dev/null  \
-      && sudo systemctl stop postgrey
-    sudo yunohost service status postgrey > /dev/null 2>&1 \
-      && sudo yunohost service remove postgrey
-
-fi
-
-exit 0

data/hooks/conf_regen/25-dovecot

@@ -1,51 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s dovecot $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s dovecot $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/dovecot
-
-# Create vmail user
-sudo id vmail > /dev/null 2>&1 \
-  || sudo adduser --system --ingroup mail --uid 500 vmail
-
-
-# Replace main domain in the main configuration file
-main_domain=$(cat /etc/yunohost/current_host)
-cat dovecot.conf.sed \
-  | sed "s/{{ main_domain }}/$main_domain/g" \
-  | sudo tee dovecot.conf
-
-
-# Handle IPv4 only systems
-if [ ! -f /proc/net/if_inet6 ];
-then
-  sudo sed -i 's/^listen.*/listen = \*/' dovecot.conf
-fi
-
-
-safe_copy dovecot.conf /etc/dovecot/dovecot.conf
-safe_copy dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf
-
-
-# Setup Sieve
-sudo mkdir -p /etc/dovecot/global_script
-sudo chmod -R 770 /etc/dovecot/global_script
-
-safe_copy dovecot.sieve /etc/dovecot/global_script/dovecot.sieve
-sudo chmod 660 /etc/dovecot/global_script/dovecot.sieve > /dev/null 2>&1 \
-  || safe_copy dovecot.sieve /etc/dovecot/global_script/dovecot.sieve
-sudo sievec /etc/dovecot/global_script/dovecot.sieve
-sudo chmod 660 /etc/dovecot/global_script/dovecot.svbin
-sudo chown -R vmail:mail /etc/dovecot/global_script
-
-sudo service dovecot restart

data/hooks/conf_regen/28-rmilter

@@ -1,43 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s rmilter $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s rmilter $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/rmilter
-
-# Copy Rmilter configuration
-safe_copy rmilter.conf /etc/rmilter.conf
-
-# Override socket configuration
-safe_copy rmilter.socket /etc/systemd/system/rmilter.socket
-
-# Create DKIM key for each YunoHost domain
-sudo mkdir -p /etc/dkim
-domain_list=$(sudo yunohost domain list --output-as plain)
-
-for domain in $domain_list; do
-    [ -f /etc/dkim/$domain.mail.key ] \
-      || (sudo opendkim-genkey --domain=$domain \
-                               --selector=mail\
-                               --directory=/etc/dkim \
-          && sudo mv /etc/dkim/mail.private /etc/dkim/$domain.mail.key \
-          && sudo mv /etc/dkim/mail.txt /etc/dkim/$domain.mail.txt)
-
-    sudo chown _rmilter /etc/dkim/$domain.mail.key
-    sudo chmod 400      /etc/dkim/$domain.mail.key
-done
-
-# Reload systemd daemon, ensure that the socket is listening and stop
-# the service. It will be started again by the socket as needed.
-sudo systemctl daemon-reload
-sudo systemctl start rmilter.socket
-sudo systemctl stop rmilter.service 2>&1 || true

data/hooks/conf_regen/31-rspamd

@@ -1,30 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s rspamd $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s rspamd $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/rspamd
-
-# Copy Rspamd configuration
-safe_copy metrics.conf /etc/rspamd/metrics.conf
-
-# Install Rspamd sieve script
-safe_copy rspamd.sieve /etc/dovecot/global_script/rspamd.sieve
-sudo sievec /etc/dovecot/global_script/rspamd.sieve
-sudo chmod 660 /etc/dovecot/global_script/rspamd.svbin
-sudo chown -R vmail:mail /etc/dovecot/global_script
-
-# Ensure that the socket is listening and stop the service.
-sudo systemctl stop rspamd.service 2>&1 || true
-sudo systemctl start rspamd.socket
-
-sudo systemctl restart dovecot

data/hooks/conf_regen/34-mysql

@@ -1,35 +0,0 @@
-set -e
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s mysql $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s mysql $1 $2
-    fi
-}
-
-function randpass () {
-    [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]"
-    cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
-    echo
-}
-
-cd /usr/share/yunohost/templates/mysql
-
-if [[ "$(safe_copy my.cnf /etc/mysql/my.cnf | tail -n1)" == "True" ]]; then
-    sudo service mysql restart
-fi
-
-if [ ! -f /etc/yunohost/mysql ]; then
-    [[ $(/bin/ps aux | grep '[m]ysqld') == "0" ]] \
-      && sudo service mysql start
-
-    mysql_password=$(randpass 10 0)
-    sudo mysqladmin -u root -pyunohost password $mysql_password
-    echo $mysql_password | sudo tee /etc/yunohost/mysql
-    sudo chmod 400 /etc/yunohost/mysql
-fi

data/hooks/conf_regen/37-avahi-daemon

@@ -1,19 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s avahi-daemon $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s avahi-daemon $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/avahi-daemon
-
-if [[ "$(safe_copy avahi-daemon.conf /etc/avahi/avahi-daemon.conf | tail -n1)" == "True" ]]; then
-    sudo service avahi-daemon restart
-fi

data/hooks/conf_regen/40-glances

@@ -1,19 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s glances $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s glances $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/glances
-
-if [[ "$(safe_copy glances.default /etc/default/glances | tail -n1)" == "True" ]]; then
-    sudo service glances restart
-fi

data/hooks/conf_regen/43-dnsmasq

@@ -1,53 +0,0 @@
-set -e 
-
-force=$1
-
-. /usr/share/yunohost/helpers
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s dnsmasq $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s dnsmasq $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/dnsmasq
-
-# Get IPv4 address
-ip=$(curl -s -4 https://ip.yunohost.org 2>/dev/null || true)
-ynh_validate_ip4 $ip || ip='0.0.0.0'
-
-# Get IPv6 IP address
-ipv6=$(curl -s -6 http://ip6.yunohost.org 2>/dev/null || true)
-ynh_validate_ip6 $ipv6 || ipv6=''
-
-sudo mkdir -p /etc/dnsmasq.d
-
-domain_list=$(sudo yunohost domain list --output-as plain)
-
-# Copy a configuration file for each YunoHost domain 
-for domain in $domain_list; do
-    cat domain.sed \
-      | sed "s/{{ domain }}/$domain/g" \
-      | sed "s/{{ ip }}/$ip/g" \
-      | sudo tee $domain
-
-    if [[ "$ipv6" != "" ]]; then
-        echo "address=/$domain/$ipv6" | sudo tee -a $domain
-    fi
-
-    safe_copy $domain /etc/dnsmasq.d/$domain
-done
-
-# Remove old domains files
-for file in /etc/dnsmasq.d/*.*; do
-    domain=$(echo $file | sed 's|/etc/dnsmasq.d/||')
-    [[ $domain_list =~ $domain ]] \
-      || sudo yunohost service saferemove -s dnsmasq $file
-done
-
-sudo service dnsmasq reload \
-  || sudo service dnsmasq restart

data/hooks/conf_regen/46-nsswitch

@@ -1,19 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s nsswitch $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s nsswitch $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/nsswitch
-
-if [[ "$(safe_copy nsswitch.conf /etc/nsswitch.conf | tail -n1)" == "True" ]]; then
-    sudo service nscd restart
-fi

data/hooks/conf_regen/52-fail2ban

@@ -1,28 +0,0 @@
-set -e 
-
-force=$1
-
-function safe_copy () {
-    if [[ "$force" == "True" ]]; then
-        sudo yunohost service safecopy \
-          -s fail2ban $1 $2 --force
-    else
-        sudo yunohost service safecopy \
-          -s fail2ban $1 $2
-    fi
-}
-
-cd /usr/share/yunohost/templates/fail2ban
-
-sudo mkdir -p /etc/fail2ban/filter.d
-safe_copy yunohost.conf /etc/fail2ban/filter.d/yunohost.conf
-
-# Compatibility: change from HDB to MDB on Jessie
-version=$(sed 's/\..*//' /etc/debian_version)
-[[ "$version" == '8' ]] \
-  && sudo cp jail-jessie.conf jail.conf \
-  || sudo cp jail-wheezy.conf jail.conf
-
-if [[ $(safe_copy jail.conf /etc/fail2ban/jail.conf | tail -n1) == "True" ]]; then
-    sudo service fail2ban restart
-fi

data/hooks/post_backup_create/99-umount

@@ -1,13 +0,0 @@
-
-tmp_dir=$1
-retcode=$2
-
-FAILURE=0
-
-# Iterate over inverted ordered mountpoints to prevent issues
-for m in $(mount | grep " ${tmp_dir}" | awk '{ print $3 }' | tac); do
-    sudo umount $m
-    [[ $? != 0 ]] && FAILURE=1
-done
-
-exit $FAILURE

data/hooks/restore/05-conf_ldap

@@ -1,58 +0,0 @@
-backup_dir="${1}/conf/ldap"
-
-if [[ $EUID -ne 0 ]]; then
-
-    # We need to execute this script as root, since the ldap
-    # service will be shut down during the operation (and sudo
-    # won't be available)
-    sudo /bin/bash $(readlink -f $0) $1
-
-else
-
-    service slapd stop || true
-
-    # Create a directory for backup
-    TMPDIR="/tmp/$(date +%s)"
-    mkdir -p "$TMPDIR"
-
-    die() {
-        state=$1
-        error=$2
-
-        # Restore saved configuration and database
-        [[ $state -ge 1 ]] \
-          && (rm -rf /etc/ldap/slapd.d &&
-              mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
-        [[ $state -ge 2 ]] \
-          && (rm -rf /var/lib/ldap &&
-              mv "${TMPDIR}/ldap" /var/lib/ldap)
-        chown -R openldap: /etc/ldap/slapd.d /var/lib/ldap
-
-        service slapd start
-        rm -rf "$TMPDIR"
-
-        # Print an error message and exit
-        printf "%s" "$error" 1>&2
-        exit 1
-    }
-
-    # Restore the configuration
-    mv /etc/ldap/slapd.d "$TMPDIR"
-    mkdir -p /etc/ldap/slapd.d
-    cp -a "${backup_dir}/slapd.conf" /etc/ldap/slapd.conf
-    slapadd -F /etc/ldap/slapd.d -b cn=config \
-        -l "${backup_dir}/cn=config.master.ldif" \
-      || die 1 "Unable to restore LDAP configuration"
-    chown -R openldap: /etc/ldap/slapd.d
-
-    # Restore the database
-    mv /var/lib/ldap "$TMPDIR"
-    mkdir -p /var/lib/ldap
-    slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
-        -l "${backup_dir}/dc=yunohost-dc=org.ldif" \
-      || die 2 "Unable to restore LDAP database"
-    chown -R openldap: /var/lib/ldap
-
-    service slapd start
-    rm -rf "$TMPDIR"
-fi

data/hooks/restore/08-conf_ssh

@@ -1,9 +0,0 @@
-backup_dir="$1/conf/ssh"
-
-if [ -d /etc/ssh/ ]; then
-    sudo cp -a $backup_dir/. /etc/ssh
-    sudo service ssh restart
-else
-    echo "SSH is not installed"
-fi
-

data/hooks/restore/11-conf_ynh_mysql

@@ -1,6 +0,0 @@
-backup_dir="$1/conf/ynh/mysql"
-
-sudo service mysql restart
-sudo cp -a $backup_dir/mysql /etc/yunohost/mysql
-mysqlpwd=$(sudo cat /etc/yunohost/mysql)
-sudo mysqladmin flush-privileges -p"$mysqlpwd"

data/hooks/restore/14-conf_ssowat

@@ -1,3 +0,0 @@
-backup_dir="$1/conf/ssowat"
-
-sudo cp -a $backup_dir/. /etc/ssowat

data/hooks/restore/17-data_home

@@ -1,3 +0,0 @@
-backup_dir="$1/data/home"
-
-sudo cp -a $backup_dir/. /home

data/hooks/restore/20-conf_ynh_firewall

@@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/firewall"
-
-sudo cp -a $backup_dir/. /etc/yunohost
-sudo yunohost firewall reload

data/hooks/restore/21-conf_ynh_certs

@@ -1,8 +0,0 @@
-backup_dir="$1/conf/ynh/certs"
-
-sudo mkdir -p /etc/yunohost/certs/
-
-sudo cp -a $backup_dir/. /etc/yunohost/certs/
-sudo yunohost app ssowatconf
-sudo service nginx reload
-sudo service metronome reload

data/hooks/restore/23-data_mail

@@ -1,7 +0,0 @@
-backup_dir="$1/data/mail"
-
-sudo cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
-
-# Restart services to use migrated certs
-sudo service postfix restart
-sudo service dovecot restart

data/hooks/restore/26-conf_xmpp

@@ -1,7 +0,0 @@
-backup_dir="$1/conf/xmpp"
-
-sudo cp -a $backup_dir/etc/. /etc/metronome
-sudo cp -a $backup_dir/var/. /var/lib/metronome
-
-# Restart to apply new conf and certs
-sudo service metronome restart

data/hooks/restore/29-conf_nginx

@@ -1,7 +0,0 @@
-backup_dir="$1/conf/nginx"
-
-# Copy all conf except apps specific conf located in DOMAIN.d
-sudo find $backup_dir/ -mindepth 1 -maxdepth 1 -name '*.d' -or -exec sudo cp -a {} /etc/nginx/conf.d/ \;
-
-# Restart to use new conf and certs
-sudo service nginx restart

data/hooks/restore/32-conf_cron

@@ -1,6 +0,0 @@
-backup_dir="$1/conf/cron"
-
-sudo cp -a $backup_dir/. /etc/cron.d
-
-# Restart just in case
-sudo service cron restart

data/hooks/restore/40-conf_ynh_currenthost

@@ -1 +0,0 @@
-

data/other/ldap_scheme.yml

@@ -1,56 +0,0 @@
-parents:
-    ou=users:
-        ou: users
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=domains:
-        ou: domains
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=apps:
-        ou: apps
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=groups:
-        ou: groups
-        objectClass:
-            - organizationalUnit
-            - top
-    ou=sudo:
-        ou: sudo
-        objectClass:
-            - organizationalUnit
-            - top
-
-children:
-    cn=admins,ou=groups:
-        cn: admins
-        gidNumber: "4001"
-        memberUid: admin
-        objectClass:
-            - posixGroup
-            - top
-
-    cn=sftpusers,ou=groups:
-        cn: sftpusers
-        gidNumber: "4002"
-        memberUid: admin
-        objectClass:
-            - posixGroup
-            - top
-
-    cn=admin,ou=sudo:
-        cn: admin
-        sudoUser: admin
-        sudoHost: ALL
-        sudoCommand: ALL
-        sudoOption: "!authenticate"
-        objectClass:
-            - sudoRole
-            - top

data/templates/avahi-daemon/avahi-daemon.conf

@@ -1,68 +0,0 @@
-# This file is part of avahi.
-#
-# avahi is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2 of the
-# License, or (at your option) any later version.
-#
-# avahi is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
-# License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with avahi; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA.
-
-# See avahi-daemon.conf(5) for more information on this configuration
-# file!
-
-[server]
-host-name=yunohost
-domain-name=local
-#browse-domains=0pointer.de, zeroconf.org
-use-ipv4=yes
-use-ipv6=yes
-#allow-interfaces=eth0
-#deny-interfaces=eth1
-#check-response-ttl=no
-#use-iff-running=no
-#enable-dbus=yes
-#disallow-other-stacks=no
-#allow-point-to-point=no
-#cache-entries-max=4096
-#clients-max=4096
-#objects-per-client-max=1024
-#entries-per-entry-group-max=32
-ratelimit-interval-usec=1000000
-ratelimit-burst=1000
-
-[wide-area]
-enable-wide-area=yes
-
-[publish]
-#disable-publishing=no
-#disable-user-service-publishing=no
-#add-service-cookie=no
-#publish-addresses=yes
-#publish-hinfo=yes
-#publish-workstation=yes
-#publish-domain=yes
-#publish-dns-servers=192.168.50.1, 192.168.50.2
-#publish-resolv-conf-dns-servers=yes
-#publish-aaaa-on-ipv4=yes
-#publish-a-on-ipv6=no
-
-[reflector]
-#enable-reflector=no
-#reflect-ipv=no
-
-[rlimits]
-#rlimit-as=
-rlimit-core=0
-rlimit-data=4194304
-rlimit-fsize=0
-rlimit-nofile=768
-rlimit-stack=4194304
-rlimit-nproc=3

data/templates/dnsmasq/domain.sed

@@ -1,7 +0,0 @@
-resolv-file=
-address=/{{ domain }}/{{ ip }}
-txt-record={{ domain }},"v=spf1 mx a -all"
-mx-host={{ domain }},{{ domain }},5
-srv-host=_xmpp-client._tcp.{{ domain }},{{ domain }},5222,0,5
-srv-host=_xmpp-server._tcp.{{ domain }},{{ domain }},5269,0,5
-srv-host=_jabber._tcp.{{ domain }},{{ domain }},5269,0,5

data/templates/dovecot/dovecot-ldap.conf

@@ -1,9 +0,0 @@
-hosts = 127.0.0.1
-auth_bind = yes
-ldap_version = 3
-base = ou=users,dc=yunohost,dc=org
-user_attrs = uidNumber=500,gidNumber=8,mailuserquota=quota_rule=*:bytes=%$
-user_filter = (&(objectClass=inetOrgPerson)(uid=%n))
-pass_filter = (&(objectClass=inetOrgPerson)(uid=%n))
-default_pass_scheme = SSHA
-

data/templates/dovecot/dovecot.conf.sed

@@ -1,90 +0,0 @@
-# 2.1.7: /etc/dovecot/dovecot.conf
-# OS: Linux 3.2.0-3-686-pae i686 Debian wheezy/sid ext4
-listen = *, ::
-auth_mechanisms = plain login
-login_greeting = Dovecot ready!!
-mail_gid = 8
-mail_home = /var/mail/%n
-mail_location = maildir:/var/mail/%n
-mail_uid = 500
-passdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-protocols = imap sieve
-mail_plugins = $mail_plugins quota
-service auth {
-  unix_listener /var/spool/postfix/private/auth {
-    group = postfix
-    mode = 0660
-    user = postfix
-  }
-  unix_listener auth-master {
-    group = mail
-    mode = 0660
-    user = vmail
-  }
-}
-
-protocol sieve {
-}
-
-ssl_ca = </etc/ssl/certs/ca-yunohost_crt.pem
-ssl_cert = </etc/ssl/certs/yunohost_crt.pem
-ssl_key = </etc/ssl/private/yunohost_key.pem
-ssl_protocols = !SSLv2 !SSLv3
-userdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-protocol imap {
-  imap_client_workarounds =
-  mail_plugins = $mail_plugins imap_quota antispam
-}
-protocol lda {
-  auth_socket_path = /var/run/dovecot/auth-master
-  mail_plugins = quota sieve
-  postmaster_address = postmaster@{{ main_domain }}
-}
-
-plugin {
-  sieve = /var/mail/sievescript/%n/.dovecot.sieve
-  sieve_dir = /var/mail/sievescript/%n/scripts/
-  sieve_before = /etc/dovecot/global_script/
-}
-
-plugin {
-  antispam_debug_target = syslog
-  antispam_verbose_debug = 0
-  antispam_backend = pipe
-  antispam_spam = Junk;SPAM
-  antispam_trash = Trash
-  antispam_pipe_program = /usr/bin/rspamc
-  antispam_pipe_program_args = -h;localhost:11334;-P;q1
-  antispam_pipe_program_spam_arg = learn_spam
-  antispam_pipe_program_notspam_arg = learn_ham
-}
-
-plugin {
-  autosubscribe = Trash
-  autosubscribe2 = Junk
-}
-
-plugin {
-  quota = maildir:User quota
-  quota_rule2 = SPAM:ignore
-  quota_rule3 = Trash:ignore
-}
-
-plugin {
-  quota_warning = storage=95%% quota-warning 95 %u
-  quota_warning2 = storage=80%% quota-warning 80 %u
-  quota_warning3 = -storage=100%% quota-warning below %u # user is no longer over quota
-}
-
-service quota-warning {
-  executable = script /usr/bin/quota-warning.sh
-  user = vmail
-  unix_listener quota-warning {
-  }
-}

data/templates/dovecot/dovecot.sieve

@@ -1,4 +0,0 @@
-require "fileinto"; 
-    if header :contains "X-Spam-Flag" "YES" { 
-        fileinto "Junk"; 
-    }

data/templates/fail2ban/jail-jessie.conf

@@ -1,584 +0,0 @@
-# Fail2Ban configuration file.
-#
-# This file was composed for Debian systems from the original one
-# provided now under /usr/share/doc/fail2ban/examples/jail.conf
-# for additional examples.
-#
-# Comments: use '#' for comment lines and ';' for inline comments
-#
-# To avoid merges during upgrades DO NOT MODIFY THIS FILE
-# and rather provide your changes in /etc/fail2ban/jail.local
-#
-
-# The DEFAULT allows a global definition of the options. They can be overridden
-# in each jail afterwards.
-
-[DEFAULT]
-
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
-# ban a host which matches an address in this list. Several addresses can be
-# defined using space separator.
-ignoreip = 127.0.0.1/8
-
-# External command that will take an tagged arguments to ignore, e.g. <ip>,
-# and return true if the IP is to be ignored. False otherwise.
-#
-# ignorecommand = /path/to/command <ip>
-ignorecommand =
-
-# "bantime" is the number of seconds that a host is banned.
-bantime  = 600
-
-# A host is banned if it has generated "maxretry" during the last "findtime"
-# seconds.
-findtime = 600
-maxretry = 3
-
-# "backend" specifies the backend used to get files modification.
-# Available options are "pyinotify", "gamin", "polling" and "auto".
-# This option can be overridden in each jail as well.
-#
-# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
-#            If pyinotify is not installed, Fail2ban will use auto.
-# gamin:     requires Gamin (a file alteration monitor) to be installed.
-#            If Gamin is not installed, Fail2ban will use auto.
-# polling:   uses a polling algorithm which does not require external libraries.
-# auto:      will try to use the following backends, in order:
-#            pyinotify, gamin, polling.
-backend = auto
-
-# "usedns" specifies if jails should trust hostnames in logs,
-#   warn when reverse DNS lookups are performed, or ignore all hostnames in logs
-#
-# yes:   if a hostname is encountered, a reverse DNS lookup will be performed.
-# warn:  if a hostname is encountered, a reverse DNS lookup will be performed,
-#        but it will be logged as a warning.
-# no:    if a hostname is encountered, will not be used for banning,
-#        but it will be logged as info.
-usedns = warn
-
-#
-# Destination email address used solely for the interpolations in
-# jail.{conf,local} configuration files.
-destemail = root@localhost
-
-#
-# Name of the sender for mta actions
-sendername = Fail2Ban
-
-# Email address of the sender
-sender = fail2ban@localhost
-
-#
-# ACTIONS
-#
-
-# Default banning action (e.g. iptables, iptables-new,
-# iptables-multiport, shorewall, etc) It is used to define
-# action_* variables. Can be overridden globally or per
-# section within jail.local file
-banaction = iptables-multiport
-
-# email action. Since 0.8.1 upstream fail2ban uses sendmail
-# MTA for the mailing. Change mta configuration parameter to mail
-# if you want to revert to conventional 'mail'.
-mta = sendmail
-
-# Default protocol
-protocol = tcp
-
-# Specify chain where jumps would need to be added in iptables-* actions
-chain = INPUT
-
-#
-# Action shortcuts. To be used to define action parameter
-
-# The simplest action to take: ban only
-action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report to the destemail.
-action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
-
-# ban & send an e-mail with whois report and relevant log lines
-# to the destemail.
-action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
-
-# Choose default action.  To change, just override value of 'action' with the
-# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
-# globally (section [DEFAULT]) or per specific section
-action = %(action_)s
-
-#
-# JAILS
-#
-
-# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
-# was shipped in Debian. Enable any defined here jail by including
-#
-# [SECTION_NAME]
-# enabled = true
-
-#
-# in /etc/fail2ban/jail.local.
-#
-# Optionally you may override any other parameter (e.g. banaction,
-# action, port, logpath, etc) in that section within jail.local
-
-[ssh]
-
-enabled  = true
-port     = ssh
-filter   = sshd
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[dropbear]
-
-enabled  = false
-port     = ssh
-filter   = dropbear
-logpath  = /var/log/auth.log
-maxretry = 6
-
-# Generic filter for pam. Has to be used with action which bans all ports
-# such as iptables-allports, shorewall
-[pam-generic]
-
-enabled  = true
-# pam-generic filter can be customized to monitor specific subset of 'tty's
-filter   = pam-generic
-# port actually must be irrelevant but lets leave it all for some possible uses
-port     = all
-banaction = iptables-allports
-port     = anyport
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[xinetd-fail]
-
-enabled   = false
-filter    = xinetd-fail
-port      = all
-banaction = iptables-multiport-log
-logpath   = /var/log/daemon.log
-maxretry  = 2
-
-
-[ssh-ddos]
-
-enabled  = false
-port     = ssh
-filter   = sshd-ddos
-logpath  = /var/log/auth.log
-maxretry = 6
-
-
-# Here we use blackhole routes for not requiring any additional kernel support
-# to store large volumes of banned IPs
-
-[ssh-route]
-
-enabled = false
-filter = sshd
-action = route
-logpath = /var/log/sshd.log
-maxretry = 6
-
-# Here we use a combination of Netfilter/Iptables and IPsets
-# for storing large volumes of banned IPs
-#
-# IPset comes in two versions. See ipset -V for which one to use
-# requires the ipset package and kernel support.
-[ssh-iptables-ipset4]
-
-enabled  = false
-port     = ssh
-filter   = sshd
-banaction = iptables-ipset-proto4
-logpath  = /var/log/sshd.log
-maxretry = 6
-
-[ssh-iptables-ipset6]
-
-enabled  = false
-port     = ssh
-filter   = sshd
-banaction = iptables-ipset-proto6
-logpath  = /var/log/sshd.log
-maxretry = 6
-
-
-#
-# HTTP servers
-#
-
-[apache]
-
-enabled  = false
-port     = http,https
-filter   = apache-auth
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-# default action is now multiport, so apache-multiport jail was left
-# for compatibility with previous (<0.7.6-2) releases
-[apache-multiport]
-
-enabled   = false
-port      = http,https
-filter    = apache-auth
-logpath   = /var/log/apache*/*error.log
-maxretry  = 6
-
-[apache-noscript]
-
-enabled  = false
-port     = http,https
-filter   = apache-noscript
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-[apache-overflows]
-
-enabled  = false
-port     = http,https
-filter   = apache-overflows
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-[apache-modsecurity]
-
-enabled  = false
-filter   = apache-modsecurity
-port     = http,https
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-[apache-nohome]
-
-enabled  = false
-filter   = apache-nohome
-port     = http,https
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-# Ban attackers that try to use PHP's URL-fopen() functionality
-# through GET/POST variables. - Experimental, with more than a year
-# of usage in production environments.
-
-[php-url-fopen]
-
-enabled = false
-port    = http,https
-filter  = php-url-fopen
-logpath = /var/www/*/logs/access_log
-
-# A simple PHP-fastcgi jail which works with lighttpd.
-# If you run a lighttpd server, then you probably will
-# find these kinds of messages in your error_log:
-#   ALERT – tried to register forbidden variable ‘GLOBALS’
-#   through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
-
-[lighttpd-fastcgi]
-
-enabled = false
-port    = http,https
-filter  = lighttpd-fastcgi
-logpath = /var/log/lighttpd/error.log
-
-# Same as above for mod_auth
-# It catches wrong authentifications
-
-[lighttpd-auth]
-
-enabled = false
-port    = http,https
-filter  = suhosin
-logpath = /var/log/lighttpd/error.log
-
-[nginx-http-auth]
-
-enabled = false
-filter  = nginx-http-auth
-port    = http,https
-logpath = /var/log/nginx/error.log
-
-# Monitor roundcube server
-
-[roundcube-auth]
-
-enabled  = false
-filter   = roundcube-auth
-port     = http,https
-logpath  = /var/log/roundcube/userlogins
-
-
-[sogo-auth]
-
-enabled  = false
-filter   = sogo-auth
-port     = http, https
-# without proxy this would be:
-# port    = 20000
-logpath  = /var/log/sogo/sogo.log
-
-
-#
-# FTP servers
-#
-
-[vsftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = vsftpd
-logpath  = /var/log/vsftpd.log
-# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
-# if you want to rely on PAM failed login attempts
-# vsftpd's failregex should match both of those formats
-maxretry = 6
-
-
-[proftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = proftpd
-logpath  = /var/log/proftpd/proftpd.log
-maxretry = 6
-
-
-[pure-ftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = pure-ftpd
-logpath  = /var/log/syslog
-maxretry = 6
-
-
-[wuftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = wuftpd
-logpath  = /var/log/syslog
-maxretry = 6
-
-
-#
-# Mail servers
-#
-
-[postfix]
-
-enabled  = true
-port     = smtp,ssmtp,submission
-filter   = postfix
-logpath  = /var/log/mail.log
-
-
-[couriersmtp]
-
-enabled  = false
-port     = smtp,ssmtp,submission
-filter   = couriersmtp
-logpath  = /var/log/mail.log
-
-
-#
-# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
-# all relevant ports get banned
-#
-
-[courierauth]
-
-enabled  = false
-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter   = courierlogin
-logpath  = /var/log/mail.log
-
-
-[sasl]
-
-enabled  = true
-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter   = postfix-sasl
-# You might consider monitoring /var/log/mail.warn instead if you are
-# running postfix since it would provide the same log lines at the
-# "warn" level but overall at the smaller filesize.
-logpath  = /var/log/mail.log
-
-[dovecot]
-
-enabled = true
-port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter  = dovecot
-logpath = /var/log/mail.log
-
-# To log wrong MySQL access attempts add to /etc/my.cnf:
-# log-error=/var/log/mysqld.log
-# log-warning = 2
-[mysqld-auth]
-
-enabled  = false
-filter   = mysqld-auth
-port     = 3306
-logpath  = /var/log/mysqld.log
-
-
-# DNS Servers
-
-
-# These jails block attacks against named (bind9). By default, logging is off
-# with bind9 installation. You will need something like this:
-#
-# logging {
-#     channel security_file {
-#         file "/var/log/named/security.log" versions 3 size 30m;
-#         severity dynamic;
-#         print-time yes;
-#     };
-#     category security {
-#         security_file;
-#     };
-# };
-#
-# in your named.conf to provide proper logging
-
-# !!! WARNING !!!
-#   Since UDP is connection-less protocol, spoofing of IP and imitation
-#   of illegal actions is way too simple.  Thus enabling of this filter
-#   might provide an easy way for implementing a DoS against a chosen
-#   victim. See
-#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
-#   Please DO NOT USE this jail unless you know what you are doing.
-#[named-refused-udp]
-#
-#enabled  = false
-#port     = domain,953
-#protocol = udp
-#filter   = named-refused
-#logpath  = /var/log/named/security.log
-
-[named-refused-tcp]
-
-enabled  = false
-port     = domain,953
-protocol = tcp
-filter   = named-refused
-logpath  = /var/log/named/security.log
-
-[freeswitch]
-
-enabled  = false
-filter   = freeswitch
-logpath  = /var/log/freeswitch.log
-maxretry = 10
-action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
-           iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
-
-[ejabberd-auth]
-
-enabled  = false
-filter   = ejabberd-auth
-port     = xmpp-client
-protocol = tcp
-logpath  = /var/log/ejabberd/ejabberd.log
-
-
-# Multiple jails, 1 per protocol, are necessary ATM:
-# see https://github.com/fail2ban/fail2ban/issues/37
-[asterisk-tcp]
-
-enabled  = false
-filter   = asterisk
-port     = 5060,5061
-protocol = tcp
-logpath  = /var/log/asterisk/messages
-
-[asterisk-udp]
-
-enabled  = false
-filter	 = asterisk
-port     = 5060,5061
-protocol = udp
-logpath  = /var/log/asterisk/messages
-
-
-# Jail for more extended banning of persistent abusers
-# !!! WARNING !!!
-#   Make sure that your loglevel specified in fail2ban.conf/.local
-#   is not at DEBUG level -- which might then cause fail2ban to fall into
-#   an infinite loop constantly feeding itself with non-informative lines
-[recidive]
-
-enabled  = false
-filter   = recidive
-logpath  = /var/log/fail2ban.log
-action   = iptables-allports[name=recidive]
-           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
-bantime  = 604800  ; 1 week
-findtime = 86400   ; 1 day
-maxretry = 5
-
-# See the IMPORTANT note in action.d/blocklist_de.conf for when to
-# use this action
-#
-# Report block via blocklist.de fail2ban reporting service API
-# See action.d/blocklist_de.conf for more information
-[ssh-blocklist]
-
-enabled  = false
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           sendmail-whois[name=SSH, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
-           blocklist_de[email="%(sender)s", apikey="xxxxxx", service="%(filter)s"]
-logpath  = /var/log/sshd.log
-maxretry = 20
-
-
-# consider low maxretry and a long bantime
-# nobody except your own Nagios server should ever probe nrpe
-[nagios]
-enabled  = false
-filter   = nagios
-action   = iptables[name=Nagios, port=5666, protocol=tcp]
-           sendmail-whois[name=Nagios, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
-logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
-maxretry = 1
-
-[nginx]
-
-enabled = true
-port    = http,https
-filter  = apache-auth
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
-
-[nginx-noscript]
-
-enabled = false
-port    = http,https
-filter  = apache-noscript
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
-
-[nginx-overflows]
-
-enabled = false
-port    = http,https
-filter  = apache-overflows
-logpath = /var/log/nginx*/*error.log
-maxretry = 4
-
-[yunohost]
-
-enabled  = true
-port     = http,https
-protocol = tcp
-filter   = yunohost
-logpath  = /var/log/nginx/*.log

data/templates/fail2ban/jail-wheezy.conf

@@ -1,346 +0,0 @@
-# Fail2Ban configuration file.
-#
-# This file was composed for Debian systems from the original one
-#  provided now under /usr/share/doc/fail2ban/examples/jail.conf
-#  for additional examples.
-#
-# To avoid merges during upgrades DO NOT MODIFY THIS FILE
-# and rather provide your changes in /etc/fail2ban/jail.local
-#
-# Author: Yaroslav O. Halchenko <debian@onerussian.com>
-#
-# $Revision$
-#
-
-# The DEFAULT allows a global definition of the options. They can be overridden
-# in each jail afterwards.
-
-[DEFAULT]
-
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host
-ignoreip = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
-bantime  = 600
-maxretry = 3
-
-# "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto".
-# yoh: For some reason Debian shipped python-gamin didn't work as expected
-#      This issue left ToDo, so polling is default backend for now
-backend = auto
-
-#
-# Destination email address used solely for the interpolations in
-# jail.{conf,local} configuration files.
-destemail = root@localhost
-
-#
-# ACTIONS
-#
-
-# Default banning action (e.g. iptables, iptables-new,
-# iptables-multiport, shorewall, etc) It is used to define
-# action_* variables. Can be overridden globally or per
-# section within jail.local file
-banaction = iptables-multiport
-
-# email action. Since 0.8.1 upstream fail2ban uses sendmail
-# MTA for the mailing. Change mta configuration parameter to mail
-# if you want to revert to conventional 'mail'.
-mta = sendmail
-
-# Default protocol
-protocol = tcp
-
-# Specify chain where jumps would need to be added in iptables-* actions
-chain = INPUT
-
-#
-# Action shortcuts. To be used to define action parameter
-
-# The simplest action to take: ban only
-action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report to the destemail.
-action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report and relevant log lines
-# to the destemail.
-action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
-
-# Choose default action.  To change, just override value of 'action' with the
-# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
-# globally (section [DEFAULT]) or per specific section
-action = %(action_)s
-
-#
-# JAILS
-#
-
-# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
-# was shipped in Debian. Enable any defined here jail by including
-#
-# [SECTION_NAME]
-# enabled = true
-
-#
-# in /etc/fail2ban/jail.local.
-#
-# Optionally you may override any other parameter (e.g. banaction,
-# action, port, logpath, etc) in that section within jail.local
-
-[ssh]
-
-enabled  = true
-port     = ssh
-filter   = sshd
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[dropbear]
-
-enabled  = false
-port     = ssh
-filter   = sshd
-logpath  = /var/log/dropbear
-maxretry = 6
-
-# Generic filter for pam. Has to be used with action which bans all ports
-# such as iptables-allports, shorewall
-[pam-generic]
-
-enabled  = false
-# pam-generic filter can be customized to monitor specific subset of 'tty's
-filter   = pam-generic
-# port actually must be irrelevant but lets leave it all for some possible uses
-port     = all
-banaction = iptables-allports
-port     = anyport
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[xinetd-fail]
-
-enabled   = false
-filter    = xinetd-fail
-port      = all
-banaction = iptables-multiport-log
-logpath   = /var/log/daemon.log
-maxretry  = 2
-
-
-[ssh-ddos]
-
-enabled  = false
-port     = ssh
-filter   = sshd-ddos
-logpath  = /var/log/auth.log
-maxretry = 6
-
-#
-# HTTP servers
-#
-
-[apache]
-
-enabled  = false
-port     = http,https
-filter   = apache-auth
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-# default action is now multiport, so apache-multiport jail was left
-# for compatibility with previous (<0.7.6-2) releases
-[apache-multiport]
-
-enabled   = false
-port      = http,https
-filter    = apache-auth
-logpath   = /var/log/apache*/*error.log
-maxretry  = 6
-
-[apache-noscript]
-
-enabled  = false
-port     = http,https
-filter   = apache-noscript
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-[apache-overflows]
-
-enabled  = false
-port     = http,https
-filter   = apache-overflows
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-#
-# FTP servers
-#
-
-[vsftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = vsftpd
-logpath  = /var/log/vsftpd.log
-# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
-# if you want to rely on PAM failed login attempts
-# vsftpd's failregex should match both of those formats
-maxretry = 6
-
-
-[proftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = proftpd
-logpath  = /var/log/proftpd/proftpd.log
-maxretry = 6
-
-
-[pure-ftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = pure-ftpd
-logpath  = /var/log/auth.log
-maxretry = 6
-
-
-[wuftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = wuftpd
-logpath  = /var/log/auth.log
-maxretry = 6
-
-
-#
-# Mail servers
-#
-
-[postfix]
-
-enabled  = true
-port     = smtp,ssmtp
-filter   = postfix
-logpath  = /var/log/mail.log
-
-[couriersmtp]
-
-enabled  = false
-port     = smtp,ssmtp
-filter   = couriersmtp
-logpath  = /var/log/mail.log
-
-
-#
-# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
-# all relevant ports get banned
-#
-
-[courierauth]
-
-enabled  = false
-port     = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
-filter   = courierlogin
-logpath  = /var/log/mail.log
-
-
-[sasl]
-
-enabled  = true
-port     = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
-filter   = sasl
-# You might consider monitoring /var/log/mail.warn instead if you are
-# running postfix since it would provide the same log lines at the
-# "warn" level but overall at the smaller filesize.
-logpath  = /var/log/mail.log
-
-[dovecot]
-
-enabled = true
-port    = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
-filter  = dovecot
-logpath = /var/log/mail.log
-
-
-# DNS Servers
-
-
-# These jails block attacks against named (bind9). By default, logging is off
-# with bind9 installation. You will need something like this:
-#
-# logging {
-#     channel security_file {
-#         file "/var/log/named/security.log" versions 3 size 30m;
-#         severity dynamic;
-#         print-time yes;
-#     };
-#     category security {
-#         security_file;
-#     };
-# };
-#
-# in your named.conf to provide proper logging
-
-# !!! WARNING !!!
-#   Since UDP is connection-less protocol, spoofing of IP and imitation
-#   of illegal actions is way too simple.  Thus enabling of this filter
-#   might provide an easy way for implementing a DoS against a chosen
-#   victim. See
-#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
-#   Please DO NOT USE this jail unless you know what you are doing.
-#[named-refused-udp]
-#
-#enabled  = false
-#port     = domain,953
-#protocol = udp
-#filter   = named-refused
-#logpath  = /var/log/named/security.log
-
-[named-refused-tcp]
-
-enabled  = false
-port     = domain,953
-protocol = tcp
-filter   = named-refused
-logpath  = /var/log/named/security.log
-
-[nginx]
- 
-enabled = true
-port    = http,https
-filter  = apache-auth
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
- 
-[nginx-noscript]
- 
-enabled = false
-port    = http,https
-filter  = apache-noscript
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
- 
-[nginx-overflows]
- 
-enabled = false
-port    = http,https
-filter  = apache-overflows
-logpath = /var/log/nginx*/*error.log
-maxretry = 4
-
-[yunohost]
-
-enabled  = true
-port     = http,https
-protocol = tcp
-filter   = yunohost
-logpath  = /var/log/nginx/*.log
-maxretry = 6

data/templates/fail2ban/yunohost.conf

@@ -1,24 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Adrien Beudin
-#
-# $Revision: 2 $
-#
-
-[Definition]
-
-# Option:  failregex
-# Notes.:  regex to match the password failure messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = access.lua:[1-9]+: authenticate\(\): Connection failed for: .*, client: <HOST>
-            ^<HOST> -.*\"POST /yunohost/api/login HTTP/1.1\" 401 22
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex =

data/templates/glances/glances.default

@@ -1,5 +0,0 @@
-# Default is to launch glances with '-s' option.
-DAEMON_ARGS="-s -B 127.0.0.1"
-
-# Change to 'true' to have glances running at startup
-RUN="true"

data/templates/metronome/domain.cfg.lua.sed

@@ -1,15 +0,0 @@
-VirtualHost "{{ domain }}"
-  ssl = {
-        key = "/etc/yunohost/certs/{{ domain }}/key.pem";
-        certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem";
-  }
-  authentication = "ldap2"
-  ldap = {
-     hostname      = "localhost",
-     user = {
-       basedn        = "ou=users,dc=yunohost,dc=org",
-       filter        = "(&(objectClass=posixAccount)(mail=*@{{ domain }}))",
-       usernamefield = "mail",
-       namefield     = "cn",
-       },
-  }

data/templates/metronome/metronome.cfg.lua.sed

@@ -1,193 +0,0 @@
--- ** Metronome's config file example **
--- 
--- The format is exactly equal to Prosody's:
---
--- Lists are written { "like", "this", "one" } 
--- Lists can also be of { 1, 2, 3 } numbers, etc. 
--- Either commas, or semi-colons; may be used as seperators.
---
--- A table is a list of values, except each value has a name. An 
--- example would be:
---
--- ssl = { key = "keyfile.key", certificate = "certificate.crt" }
---
--- Tip: You can check that the syntax of this file is correct when you have finished
--- by running: luac -p metronome.cfg.lua
--- If there are any errors, it will let you know what and where they are, otherwise it 
--- will keep quiet.
-
----------- Server-wide settings ----------
--- Settings in this section apply to the whole server and are the default settings
--- for any virtual hosts
-
--- Server PID
-pidfile = "/var/run/metronome/metronome.pid"
-
--- HTTP server
-http_ports = { 5290 }
-http_interfaces = { "127.0.0.1", "::1" }
-
---https_ports = { 5291 }
---https_interfaces = { "127.0.0.1", "::1" }
-
--- Enable IPv6
-use_ipv6 = true
-
--- This is the list of modules Metronome will load on startup.
--- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-modules_enabled = {
-
-    -- Generally required
-        "roster"; -- Allow users to have a roster. Recommended ;)
-        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
-        "tls"; -- Add support for secure TLS on c2s/s2s connections
-        "dialback"; -- s2s dialback support
-        "disco"; -- Service discovery
-        --"discoitems"; -- Service discovery items
-        --"extdisco"; -- External Service Discovery
-
-    -- Not essential, but recommended
-        "private"; -- Private XML storage (for room bookmarks, etc.)
-        "vcard"; -- Allow users to set vCards
-        "privacy"; -- Support privacy lists
-
-    -- These are commented by default as they have a performance impact
-        --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
-
-    -- Nice to have
-        "version"; -- Replies to server version requests
-        "uptime"; -- Report how long server has been running
-        "time"; -- Let others know the time here on this server
-        "ping"; -- Replies to XMPP pings with pongs
-        "pep"; -- Enables users to publish their mood, activity, playing music and more
-        "message_carbons"; -- Allow clients to keep in sync with messages send on other resources
-        "register"; -- Allow users to register on this server using a client and change passwords
-        "adhoc"; -- Support for "ad-hoc commands" that can be executed with an XMPP client
-
-    -- Admin interfaces
-        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-        "admin_telnet"; -- Opens telnet console interface on localhost port 5582
-
-    -- HTTP modules
-        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-        --"websockets"; -- Enable WebSocket clients
-        --"http_files"; -- Serve static files from a directory over HTTP
-
-    -- Other specific functionality
---        "bidi"; -- Bidirectional Streams for S2S connections
---        "stream_management"; -- Stream Management support
-        --"groups"; -- Shared roster support
-        --"announce"; -- Send announcement to all online users
-        --"welcome"; -- Welcome users who register accounts
-        --"watchregistrations"; -- Alert admins of registrations
-        --"motd"; -- Send a message to users when they log in
-        "mam"; -- Nice archive management
-        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-        "offline"; -- Store offline messages
-        "c2s"; -- Handle client connections
-        "s2s"; -- Handle server-to-server connections
-
-    -- Debian: do not remove this module, or you lose syslog
-    -- support
-        "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-};
-
--- Discovery items
-disco_items = {
-    { "muc.{{ main_domain }}" },
-    { "pubsub.{{ main_domain }}" },
-    { "vjud.{{ main_domain }}" }
-};
-
--- BOSH configuration (mod_bosh)
-bosh_max_inactivity = 30
-consider_bosh_secure = true
-cross_domain_bosh = true
-
--- Disable account creation by default, for security
-allow_registration = false
-
--- SSL/TLS configuration
-ssl = {
-    options = {
-        "no_sslv2",
-        "no_sslv3",
-        "no_ticket",
-        "no_compression",
-        "cipher_server_preference"
-    };
-}
-
--- Force clients to use encrypted connections? This option will
--- prevent clients from authenticating unless they are using encryption.
-c2s_require_encryption = true
-
--- Force servers to use encrypted connections? This option will
--- prevent servers from connecting unless they are using encryption.
-s2s_require_encryption = true
-
--- Allow servers to use an unauthenticated encryption channel
-s2s_allow_encryption = true
-
-allow_unencrypted_plain_auth = false;
-
-s2s_secure = true
-s2s_secure_auth = false
-
---anonymous_login = false
-
--- Use LDAP storage backend for all stores
-storage = "ldap"
-
--- Logging configuration
-log = {
-    info = "/var/log/metronome/metronome.log"; -- Change 'info' to 'debug' for verbose logging
-    error = "/var/log/metronome/metronome.err";
-    -- "*syslog"; -- Uncomment this for logging to syslog
-    -- "*console"; -- Log to the console, useful for debugging with daemonize=false
-}
-
-
------- Components ------
--- You can specify components to add hosts that provide special services,
--- like multi-user conferences, and transports.
-
----Set up a local BOSH service
-Component "localhost" "http"
-    modules_enabled = { "bosh" }
-
----Set up a MUC (multi-user chat) room server
-Component "muc.{{ main_domain }}" "muc"
-    name = "{{ main_domain }} Chatrooms"
-
-    modules_enabled = {
-        "muc_limits";
-        "muc_log";
-        "muc_log_http";
-    }
-
-    muc_event_rate = 0.5
-    muc_burst_factor = 10
-
-    muc_log_http_config = {
-        url_base = "logs";
-        theme = "metronome";
-    }
-
----Set up a PubSub server
-Component "pubsub.{{ main_domain }}" "pubsub"
-    name = "{{ main_domain }} Publish/Subscribe"
-
-    unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
-
----Set up a VJUD service
-Component "vjud.{{ main_domain }}" "vjud"
-    ud_disco_name = "{{ main_domain }} User Directory"
-
-
------------ Virtual hosts -----------
--- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
--- Settings under each VirtualHost entry apply *only* to that host.
-
-Include "conf.d/*.cfg.lua"
-

data/templates/mysql/my.cnf

@@ -1,92 +0,0 @@
-# Example MySQL config file for small systems.
-#
-# This is for a system with little memory (<= 64M) where MySQL is only used
-# from time to time and it's important that the mysqld daemon
-# doesn't use much resources.
-#
-# MySQL programs look for option files in a set of
-# locations which depend on the deployment platform.
-# You can copy this option file to one of those
-# locations. For information about these locations, see:
-# http://dev.mysql.com/doc/mysql/en/option-files.html
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password       = your_password
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-skip-external-locking
-key_buffer_size = 16K
-max_allowed_packet = 1M
-table_open_cache = 4
-sort_buffer_size = 64K
-read_buffer_size = 256K
-read_rnd_buffer_size = 256K
-net_buffer_length = 2K
-thread_stack = 128K
-
-# to avoid corruption on powerfailure
-default-storage-engine=innodb
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (using the "enable-named-pipe" option) will render mysqld useless!
-# 
-#skip-networking
-server-id       = 1
-
-# Uncomment the following if you want to log updates
-#log-bin=mysql-bin
-
-# binary logging format - mixed recommended
-#binlog_format=mixed
-
-# Causes updates to non-transactional engines using statement format to be
-# written directly to binary log. Before using this option make sure that
-# there are no dependencies between transactional and non-transactional
-# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
-# t_innodb; otherwise, slaves may diverge from the master.
-#binlog_direct_non_transactional_updates=TRUE
-
-# Uncomment the following if you are using InnoDB tables
-#innodb_data_home_dir = /var/lib/mysql
-#innodb_data_file_path = ibdata1:10M:autoextend
-#innodb_log_group_home_dir = /var/lib/mysql
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-#innodb_buffer_pool_size = 16M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-#innodb_log_file_size = 5M
-#innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-#innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 8M
-sort_buffer_size = 8M
-
-[mysqlhotcopy]
-interactive-timeout

data/templates/nginx/global.conf

@@ -1 +0,0 @@
-server_tokens off;

data/templates/nginx/server.conf.sed

@@ -1,46 +0,0 @@
-server {
-    listen 80;
-    listen [::]:80;
-    server_name {{ domain }};
-
-    access_by_lua_file /usr/share/ssowat/access.lua;
-
-    include conf.d/{{ domain }}.d/*.conf;
-
-    location /yunohost/admin {
-        return 301 https://$http_host$request_uri;
-    }
-
-    access_log /var/log/nginx/{{ domain }}-access.log;
-    error_log /var/log/nginx/{{ domain }}-error.log;
-}
-
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name {{ domain }};
-
-    ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
-    ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
-    ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
-
-    add_header Strict-Transport-Security "max-age=31536000;";
-
-    # Uncomment the following directive after DH generation
-    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
-    #ssl_dhparam /etc/ssl/private/dh2048.pem;
-
-    access_by_lua_file /usr/share/ssowat/access.lua;
-
-    include conf.d/{{ domain }}.d/*.conf;
-
-    include conf.d/yunohost_admin.conf.inc;
-    include conf.d/yunohost_api.conf.inc;
-
-    access_log /var/log/nginx/{{ domain }}-access.log;
-    error_log /var/log/nginx/{{ domain }}-error.log;
-}

data/templates/nginx/ssowat.conf

@@ -1,3 +0,0 @@
-lua_shared_dict cache 10m;
-init_by_lua_file   /usr/share/ssowat/init.lua;
-server_names_hash_bucket_size 64;

data/templates/nginx/yunohost_admin.conf

@@ -1,44 +0,0 @@
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    location / {
-        return 302 https://$http_host/yunohost/admin;
-    }
-
-    location /yunohost/admin {
-        return 301 https://$http_host$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
-    ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
-    ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
-
-    add_header Strict-Transport-Security "max-age=31536000;";
-
-    location / {
-        return 302 https://$http_host/yunohost/admin;
-    }
-
-    location /yunohost {
-        # Block crawlers bot
-        if ($http_user_agent ~ (crawl|Googlebot|Slurp|spider|bingbot|tracker|click|parser|spider|facebookexternalhit) ) {
-            return 403;
-        }
-
-        # Redirect most of 404 to maindomain.tld/yunohost/sso
-        access_by_lua_file /usr/share/ssowat/access.lua;
-    }
-
-    include conf.d/yunohost_admin.conf.inc;
-    include conf.d/yunohost_api.conf.inc;
-}

data/templates/nginx/yunohost_admin.conf.inc

@@ -1,11 +0,0 @@
-location /yunohost/admin {
-    alias /usr/share/yunohost/admin/;
-    default_type text/html;
-    index index.html;
-
-    # Short cache on handlebars templates
-    location ~* \.(?:ms)$ {
-      expires 5m;
-      add_header Cache-Control "public";
-    }
-}

data/templates/nginx/yunohost_api.conf.inc

@@ -1,17 +0,0 @@
-location /yunohost/api/ {
-    proxy_read_timeout 3600s;
-    proxy_pass http://127.0.0.1:6787/;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-
-    # Custom 502 error page
-    error_page 502 /yunohost/api/error/502;
-}
-
-# Yunohost admin output complete 502 error page, so use only plain text.
-location = /yunohost/api/error/502 {
-    return 502 '502 - Bad Gateway';
-    add_header Content-Type text/plain;
-    internal;
-}

data/templates/nginx/yunohost_local.conf

@@ -1 +0,0 @@
-server_name $server_name yunohost.local;

data/templates/nginx/yunohost_panel.conf.inc

@@ -1,2 +0,0 @@
-sub_filter </head> '<script type="text/javascript" src="/ynhpanel.js"></script></head>';
-sub_filter_once on;

data/templates/nslcd/nslcd.conf

@@ -1,25 +0,0 @@
-# /etc/nslcd.conf
-# nslcd configuration file. See nslcd.conf(5)
-# for details.
-
-# The user and group nslcd should run as.
-uid nslcd
-gid nslcd
-
-# The location at which the LDAP server(s) should be reachable.
-uri ldap://localhost/
-
-# The search base that will be used for all queries.
-base dc=yunohost,dc=org
-
-# The LDAP protocol version to use.
-#ldap_version 3
-
-# The search scope.
-#scope sub
-
-# Build a full list of non-LDAP users on startup.
-nss_initgroups_ignoreusers ALLLOCAL
-
-# The minimum numeric user id to lookup.
-nss_min_uid 1000

data/templates/nsswitch/nsswitch.conf

@@ -1,21 +0,0 @@
-# /etc/nsswitch.conf
-#
-# Example configuration of GNU Name Service Switch functionality.
-# If you have the `glibc-doc-reference' and `info' packages installed, try:
-# `info libc "Name Service Switch"' for information about this file.
-
-passwd:         compat ldap
-group:          compat ldap
-shadow:         compat ldap
-gshadow:        files
-
-hosts:          files mdns4_minimal [NOTFOUND=return] dns
-networks:       files
-
-protocols:      db files
-services:       db files
-ethers:         db files
-rpc:            db files
-
-netgroup:       nis
-sudoers:	files ldap

data/templates/postfix/header_checks

@@ -1,4 +0,0 @@
-/^X-Originating-IP:/ IGNORE
-/^Received:/ IGNORE
-/^User-Agent:/ IGNORE
-/^X-Mailer:/ IGNORE

data/templates/postfix/ldap-accounts.cf

@@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = dc=yunohost,dc=org
-query_filter = (&(objectClass=mailAccount)(mail=%s))
-result_attribute = uid

data/templates/postfix/ldap-aliases.cf

@@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = dc=yunohost,dc=org
-query_filter = (&(objectClass=mailAccount)(mail=%s))
-result_attribute = maildrop

data/templates/postfix/ldap-domains.cf

@@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = ou=domains,dc=yunohost,dc=org
-query_filter = (&(objectClass=mailDomain)(virtualdomain=%s))
-result_attribute = virtualdomain

data/templates/postfix/main.cf.sed

@@ -1,148 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname Service ready
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# -- TLS for incoming connections
-# By default, TLS is disabled in the Postfix SMTP server, so no difference to
-# plain Postfix is visible. Explicitly switch it on with "smtpd_tls_security_level = may".
-smtpd_tls_security_level=may
-
-# Sending AUTH data over an unencrypted channel poses a security risk.
-# When TLS layer encryption is optional ("smtpd_tls_security_level = may"), it
-# may however still be useful to only offer AUTH when TLS is active. To maintain
-# compatibility with non-TLS clients, the default is to accept AUTH without
-# encryption. In order to change this behavior, we set "smtpd_tls_auth_only = yes".
-smtpd_tls_auth_only=yes
-smtpd_tls_cert_file=/etc/ssl/certs/yunohost_crt.pem
-smtpd_tls_key_file=/etc/ssl/private/yunohost_key.pem
-smtpd_tls_CAfile = /etc/ssl/certs/ca-yunohost_crt.pem
-smtpd_tls_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, 3DES
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtpd_tls_loglevel=1
-smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-smtpd_tls_mandatory_ciphers=high
-smtpd_tls_eecdh_grade = ultra
-
-# -- TLS for outgoing connections
-# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
-smtp_tls_security_level=may
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
-smtp_tls_mandatory_ciphers= $smtpd_tls_mandatory_ciphers
-smtp_tls_loglevel=1
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-myhostname = {{ main_domain }}
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydomain = {{ main_domain }}
-mydestination = localhost
-relayhost = 
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_command = procmail -a "$EXTENSION"
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-
-#### Fit to the maximum message size allowed by GMail or Yahoo ####
-message_size_limit = 26214400
-
-# Virtual Domains Control 
-virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf 
-virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf 
-virtual_mailbox_base = 
-virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf 
-virtual_alias_domains = 
-virtual_minimum_uid = 100 
-virtual_uid_maps = static:vmail 
-virtual_gid_maps = static:mail
-
-# Dovecot LDA 
-virtual_transport = dovecot 
-dovecot_destination_recipient_limit = 1
-
-# Enable SASL authentication for the smtpd daemon 
-smtpd_sasl_auth_enable = yes 
-smtpd_sasl_type = dovecot 
-smtpd_sasl_path = private/auth 
-# Fix some outlook's bugs 
-broken_sasl_auth_clients = yes 
-# Reject anonymous connections 
-smtpd_sasl_security_options = noanonymous 
-smtpd_sasl_local_domain =
-
-
-# Wait until the RCPT TO command before evaluating restrictions 
-smtpd_delay_reject = yes 
- 
-# Basics Restrictions 
-smtpd_helo_required = yes 
-strict_rfc821_envelopes = yes 
- 
-# Requirements for the connecting server 
-smtpd_client_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_rbl_client bl.spamcop.net, 
-    reject_rbl_client cbl.abuseat.org, 
-    reject_rbl_client zen.spamhaus.org, 
-    permit 
- 
-# Requirements for the HELO statement 
-smtpd_helo_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_hostname, 
-    reject_invalid_hostname, 
-    permit 
- 
-# Requirements for the sender address 
-smtpd_sender_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_sender, 
-    reject_unknown_sender_domain,
-    permit 
- 
-# Requirement for the recipient address 
-smtpd_recipient_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_recipient, 
-    reject_unknown_recipient_domain, 
-    reject_unauth_destination,
-    permit
-
-# SRS
-sender_canonical_maps = regexp:/etc/postfix/sender_canonical
-sender_canonical_classes = envelope_sender
-
-# Ignore some headers
-smtp_header_checks = regexp:/etc/postfix/header_checks
-
-smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
-
-# Rmilter
-milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
-milter_protocol = 6
-smtpd_milters = inet:localhost:11000
-
-# Skip email without checking if milter has died
-milter_default_action = accept

data/templates/postfix/master.cf

@@ -1,118 +0,0 @@
-#
-# Postfix master process configuration file.  For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master").
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
-# ==========================================================================
-smtp      inet  n       -       -       -       -       smtpd
-submission inet n       -       -       -       -       smtpd
-  -o smtpd_tls_security_level=encrypt
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-smtps     inet  n       -       -       -       -       smtpd
-  -o header_checks=pcre:/etc/postfix/header_checks
-  -o smtpd_tls_wrappermode=yes
-  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       -       -       -       qmqpd
-pickup    fifo  n       -       -       60      1       pickup
-cleanup   unix  n       -       -       -       0       cleanup
-qmgr      fifo  n       -       n       300     1       qmgr
-#qmgr     fifo  n       -       -       300     1       oqmgr
-tlsmgr    unix  -       -       -       1000?   1       tlsmgr
-rewrite   unix  -       -       -       -       -       trivial-rewrite
-bounce    unix  -       -       -       -       0       bounce
-defer     unix  -       -       -       -       0       bounce
-trace     unix  -       -       -       -       0       bounce
-verify    unix  -       -       -       -       1       verify
-flush     unix  n       -       -       1000?   0       flush
-proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       -       -       -       smtp
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       -       -       -       smtp
-	-o smtp_fallback_relay=
-#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       -       -       -       showq
-error     unix  -       -       -       -       -       error
-retry     unix  -       -       -       -       -       error
-discard   unix  -       -       -       -       -       discard
-local     unix  -       n       n       -       -       local
-virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       -       -       -       lmtp
-anvil     unix  -       -       -       -       1       anvil
-scache    unix  -       -       -       -       1       scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent.  See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop  unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-#  mailbox_transport = lmtp:inet:localhost
-#  virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix  -       n       n       -       -       pipe
-#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp      unix  -       n       n       -       -       pipe
-  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail    unix  -       n       n       -       -       pipe
-  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp     unix  -       n       n       -       -       pipe
-  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix	-	n	n	-	2	pipe
-  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman   unix  -       n       n       -       -       pipe
-  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-  ${nexthop} ${user}
-
-# Dovecot LDA 
-dovecot    unix  -       n       n       -       -       pipe 
-    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension}
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
-# ==========================================================================
-# Added using postfix-add-filter script:

data/templates/postfix/sender_canonical

@@ -1 +0,0 @@
-/^(.*)@(.*)$/     ${1}

data/templates/postfix/smtp_reply_filter

@@ -1,8 +0,0 @@
-# Google Mail bounces email sent via IPv6, while this works ok with IPv4.
-#
-# Convert Google Mail IPv6 complaint permanent error into a temporary error.
-# Turn 550 error containing gsmtp in the message into 450 error.
-# This way Postfix will attempt to deliver this e-mail using another MX
-# (via IPv4).
-#
-/^5(\d\d )5(.*information. \S+ - gsmtp.*)/ 4${1}4$2

data/templates/rmilter/rmilter.conf

@@ -1,18 +0,0 @@
-# systemd-specific settings for rmilter
-
-.include /etc/rmilter.conf.common
-
-# pidfile - path to pid file
-pidfile = /run/rmilter/rmilter.pid;
-
-# rmilter is socket-activated under systemd
-bind_socket = fd:3;
-
-# DKIM signing
-dkim {
-    domain {
-        key = /etc/dkim;
-        domain = "*";
-        selector = "mail";
-    };
-};

data/templates/rmilter/rmilter.socket

@@ -1,5 +0,0 @@
-.include /lib/systemd/system/rmilter.socket
-
-[Socket]
-ListenStream=
-ListenStream=127.0.0.1:11000

data/templates/rspamd/rspamd.sieve

@@ -1,4 +0,0 @@
-require ["fileinto"];
-if header :is "X-Spam" "yes" {
-    fileinto "Junk";
-}

data/templates/slapd/ldap.conf

@@ -1,18 +0,0 @@
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE	dc=example,dc=com
-#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
-
-#SIZELIMIT	12
-#TIMELIMIT	15
-#DEREF		never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT	/etc/ssl/certs/ca-certificates.crt
-
-sudoers_base ou=sudo,dc=yunohost,dc=org

data/templates/slapd/mailserver.schema

@@ -1,88 +0,0 @@
-## LDAP Schema Yunohost EMAIL
-## Version 0.1
-## Adrien Beudin
-
-# Attributes
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.1
-        NAME 'maildrop'
-        DESC 'Mail addresses where mails are forwarded -- ie forwards'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.2
-        NAME 'mailalias'
-        DESC 'Mail addresses accepted by this account -- ie aliases'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.3
-        NAME 'mailenable'
-        DESC 'Mail Account validity'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.4
-        NAME 'mailbox'
-        DESC 'Mailbox path where mails are delivered'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.5
-        NAME 'virtualdomain'
-        DESC 'A mail domain name'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.6
-        NAME 'virtualdomaindescription'
-        DESC 'Virtual domain description'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.7
-        NAME 'mailuserquota'
-        DESC 'Mailbox quota for a user'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{16} SINGLE-VALUE )
-
-# Mail Account Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.1
-        NAME 'mailAccount'
-        DESC 'Mail Account'
-        SUP top
-        AUXILIARY
-        MUST (
-            mail
-            )
-        MAY (
-            mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota 
-            )
-        )
-
-# Mail Domain Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.2
-        NAME 'mailDomain'
-        DESC 'Domain mail entry'
-        SUP top
-        STRUCTURAL
-        MUST (
-            virtualdomain
-            )
-        MAY (
-            virtualdomaindescription $ mailuserquota
-            )
-        )
-
-# Mail Group Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.3
-        NAME 'mailGroup' SUP top AUXILIARY
-        DESC 'Mail Group'
-        MUST ( mail )
-        )