2024-09-03 20:06:31 +02:00
248 changed files with 11040 additions and 15868 deletions
--- a/.github/workflows/autoblack.yml
+++ b/.github/workflows/autoblack.yml
@ -0,0 +1,35 @@
+name: Check / auto apply Black
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  black:
+    name: Check / auto apply black
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check files using the black formatter
+        uses: psf/black@stable
+        id: black
+        with:
+          options: "."
+        continue-on-error: true
+      - shell: pwsh
+        id: check_files_changed
+        run: |
+          # Diff HEAD with the previous commit
+          $diff = git diff
+          $HasDiff = $diff.Length -gt 0
+          Write-Host "::set-output name=files_changed::$HasDiff"
+      - name: Create Pull Request
+        if: steps.check_files_changed.outputs.files_changed == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: "Format Python code with Black"
+          commit-message: ":art: Format Python code with Black"
+          body: |
+            This pull request uses the [psf/black](https://github.com/psf/black) formatter.
+          base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
+          branch: actions/black
--- a/.github/workflows/i18n.yml
+++ b/.github/workflows/i18n.yml
@ -0,0 +1,29 @@
+name: Autoreformat locale files
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  i18n:
+    name: Autoreformat locale files
+    runs-on: ubuntu-latest
+    steps:
+        - uses: actions/checkout@v4
+        - name: Apply reformating scripts
+          id: action_reformat
+          run: |
+              python3 test/remove_stale_i18n_strings.py
+              python3 test/autofix_locale_format.py
+              python3 test/reformat_locales.py
+              git diff -w --exit-code
+        - name: Create Pull Request
+          if: ${{ failure() }}
+          uses: peter-evans/create-pull-request@v6
+          with:
+            token: ${{ secrets.GITHUB_TOKEN }}
+            title: "Reformat locale files"
+            commit-message: ":robot: Reformat locale files"
+            body: |
+              Automatic pull request using the scripts in `test/`
+            base: ${{ github.head_ref }}
+            branch: actions/i18nreformat
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@ -0,0 +1,49 @@
+name: Tests
+
+on:
+  push:
+      branches:
+          - dev
+          - bullseye
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install apt dependencies
+      run: sudo apt install ldap-utils slapd libsasl2-dev libldap2-dev libssl-dev
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Test with tox
+      run: tox -e py39-pytest
+
+  invalidcode:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Linter
+      run: tox -e py39-invalidcode
+    - name: Mypy
+      run: tox -e py39-mypy
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,8 @@
 *.py[co]

+# Documentation
+doc/_build/
+
 # Packages
 *.egg
 *.egg-info
@ -10,6 +13,7 @@ dist
 build
 eggs
 parts
+bin
 cache
 var
 sdist
@ -30,5 +34,11 @@ pip-log.txt
 # Mr Developer
 .mr.developer.cfg

-# moulinette lib
-src/yunohost/locales
+# Moulinette
+doc/*.json
+moulinette/package.py
+# track only test namespace
+lib/**
+!lib/test
+data/actionsmap/**
+!data/actionsmap/test.yml
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -0,0 +1,70 @@
+Moulinette contributors
+=======================
+
+YunoHost is built and maintained by the YunoHost project community.
+Everyone is encouraged to submit issues and changes, and to contribute in other ways -- see https://yunohost.org/contribute to find out how.
+
+--
+
+Initial Moulinette was built by Kload & jerome, for YunoHost v2.
+
+Most of actual Moulinette code was written by jerome, with help of numerous contributors.
+
+Translation is made by a bunch of lovely people all over the world.
+
+We would like to thank anyone who ever helped the YunoHost project <3
+
+
+Moulinette Contributors
+-----------------------
+
+- Kload
+- Jérôme Lebleu
+- Adrien 'beudbeud' Beudin
+- titoko
+- Laurent 'Bram' Peuch
+- Julien 'ju' Malik
+- npze
+- lmangani
+- Valentin 'zamentur' / 'ljf' Grimaud
+- dblugeon
+
+
+Moulinette Translators
+----------------------
+
+If you want to help translation, please visit https://translate.yunohost.org/projects/yunohost/yunohost/
+
+
+### Dutch
+
+- marut
+
+### English
+
+- Anmol
+
+### French
+
+- Bobo
+- Laurent Peuch
+- Jean-Baptiste Holcroft
+- Jérôme Lebleu
+
+### German
+
+- David Bartke
+- Felix Bartels
+- Marvin Gärtner
+
+### Hindi
+
+- Anmol
+
+### Portuguese
+
+- frju
+
+### Spanish
+
+- Juanu
--- a/85
+++ b/85
@ -7,15 +7,15 @@

                            Preamble

-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
+  The GNU Affero General Public License is a free, copyleft license
+for software and other kinds of works, specifically designed to ensure
 cooperation with the community in the case of network server software.

-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
+  The licenses for most software and other practical works are
+designed to take away your freedom to share and change the works.  By
+contrast, our General Public Licenses are intended to guarantee your
+freedom to share and change all versions of a program--to make sure it
+remains free software for all its users.

  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@ -60,11 +60,12 @@ modification follow.

  0. Definitions.

-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
+  "This License" refers to version 3 of the GNU Affero General Public
+License.

+  "Copyright" also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+ 
  "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
 "recipients" may be individuals or organizations.
@ -376,12 +377,12 @@ that material) supplement the terms of this License with terms:
  All other non-permissive additional terms are considered "further
 restrictions" within the meaning of section 10.  If the Program as you
 received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
+governed by this License along with a term that is a further restriction,
+you may remove that term.  If a license document contains a further
+restriction but permits relicensing or conveying under this License, you
+may add to a covered work material governed by the terms of that license
+document, provided that the further restriction does not survive such
+relicensing or conveying.

  If you add terms to a covered work in accord with this section, you
 must place, in the relevant source files, a statement of the
@ -550,34 +551,34 @@ shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.

-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
+  Notwithstanding any other provision of this License, you have permission
+to link or combine any covered work with a work licensed under version 3
+of the GNU General Public License into a single combined work, and to
+convey the resulting work.  The terms of this License will continue to
+apply to the part which is the covered work, but the work with which it is
+combined will remain governed by version 3 of the GNU General Public
+License.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
+the GNU Affero General Public License from time to time.  Such new
+versions will be similar in spirit to the present version, but may differ
+in detail to address new problems or concerns.

  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
+Program specifies that a certain numbered version of the GNU Affero
+General Public License "or any later version" applies to it, you have
+the option of following the terms and conditions either of that
+numbered version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number
+of the GNU Affero General Public License, you may choose any version
+ever published by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
+versions of the GNU Affero General Public License can be used, that
+proxy's public statement of acceptance of a version permanently
+authorizes you to choose that version for the Program.

  Later license versions may give you additional or different
 permissions.  However, no additional obligations are imposed on any
@ -616,9 +617,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.

-                     END OF TERMS AND CONDITIONS
+                       END OF TERMS AND CONDITIONS

-            How to Apply These Terms to Your New Programs
+              How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@ -633,9 +634,9 @@ the "copyright" line and a pointer to where the full notice is found.
    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
+    it under the terms of the GNU Affero General Public License as
+    published by the Free Software Foundation, either version 3 of the
+    License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/README.md
+++ b/README.md
@ -1,2 +1,46 @@
-Please report issues here (no registration needed):
-https://dev.yunohost.org/projects/yunohost/issues
+<h1 align="center">Moulinette</h1>
+
+<div align="center">
+ 
+![Version](https://img.shields.io/github/v/tag/yunohost/moulinette?label=version&sort=semver)
+[![Tests status](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml/badge.svg)](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/YunoHost/moulinette.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/YunoHost/moulinette/context:python)
+[![GitHub license](https://img.shields.io/github/license/YunoHost/moulinette)](https://github.com/YunoHost/moulinette/blob/dev/LICENSE)
+
+ 
+Moulinette is a small Python framework meant to easily create programs with unified CLI and API.
+
+In particular, it is used as a base framework for the YunoHost project.
+ 
+</div>
+
+Issues
+------
+
+- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
+
+Overview
+--------
+
+Moulinette allows to create a YAML "actionmaps" that describes what commands are available. Moulinette will automatically make these commands available through the CLI and Web API, and will be mapped to a python function. Moulinette also provide some general helpers, for example for logging, i18n, authentication, or common file system operations.
+
+<div align="center"><img src="doc/actionsmap.png" width="700" /></div>
+
+Translation
+-----------
+
+You can help translate Moulinette on our [translation platform](https://translate.yunohost.org/engage/yunohost/?utm_source=widget)
+
+<div align="center"><img src="https://translate.yunohost.org/widgets/yunohost/-/moulinette/horizontal-auto.svg" alt="Translation status" /></div>
+
+Developpers
+-----------
+
+- You can learn how to get started with developing on YunoHost by reading [this piece of documentation](https://yunohost.org/dev).
+- Specific doc for moulinette: https://moulinette.readthedocs.org
+- Run tests with:
+
+```
+$ pip install tox
+$ tox
+```
--- a/bin/yunohost
+++ b/bin/yunohost
@ -1,208 +0,0 @@
-#! /usr/bin/python
-# -*- coding: utf-8 -*-
-
-import os
-import sys
-import argparse
-
-# Either we are in a development environment or not
-IN_DEVEL = False
-
-# Level for which loggers will log
-LOGGERS_LEVEL = 'INFO'
-TTY_LOG_LEVEL = 'SUCCESS'
-
-# Handlers that will be used by loggers
-#  - file: log to the file LOG_DIR/LOG_FILE
-#  - tty: log to current tty
-LOGGERS_HANDLERS = ['file', 'tty']
-
-# Directory and file to be used by logging
-LOG_DIR = '/var/log/yunohost'
-LOG_FILE = 'yunohost-cli.log'
-
-# Check and load - as needed - development environment
-if not __file__.startswith('/usr/'):
-    IN_DEVEL = True
-if IN_DEVEL:
-    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
-    if os.path.isdir(os.path.join(basedir, 'moulinette')):
-        sys.path.insert(0, basedir)
-    LOG_DIR = os.path.join(basedir, 'log')
-
-
-import moulinette
-from moulinette.actionsmap import ActionsMap
-from moulinette.interfaces.cli import colorize, get_locale
-
-
-# Initialization & helpers functions -----------------------------------
-
-def _die(message, title='Error:'):
-    """Print error message and exit"""
-    print('%s %s' % (colorize(title, 'red'), message))
-    sys.exit(1)
-
-def _parse_cli_args():
-    """Parse additional arguments for the cli"""
-    parser = argparse.ArgumentParser(add_help=False)
-    parser.add_argument('--no-cache',
-        action='store_false', default=True, dest='use_cache',
-        help="Don't use actions map cache",
-    )
-    parser.add_argument('--output-as',
-        choices=['json', 'plain', 'none'], default=None,
-        help="Output result in another format",
-    )
-    parser.add_argument('--debug',
-        action='store_true', default=False,
-        help="Log and print debug messages",
-    )
-    parser.add_argument('--verbose',
-        action='store_true', default=False,
-        help="Be more verbose in the output",
-    )
-    parser.add_argument('--quiet',
-        action='store_true', default=False,
-        help="Don't produce any output",
-    )
-    parser.add_argument('--admin-password',
-        default=None, dest='password', metavar='PASSWORD',
-        help="The admin password to use to authenticate",
-    )
-    # deprecated arguments
-    parser.add_argument('--plain',
-        action='store_true', default=False, help=argparse.SUPPRESS
-    )
-    parser.add_argument('--json',
-        action='store_true', default=False, help=argparse.SUPPRESS
-    )
-
-    opts, args = parser.parse_known_args()
-
-    # output compatibility
-    if opts.plain:
-        opts.output_as = 'plain'
-    elif opts.json:
-        opts.output_as = 'json'
-
-    return (parser, opts, args)
-
-def _init_moulinette(debug=False, verbose=False, quiet=False):
-    """Configure logging and initialize the moulinette"""
-    # Define loggers handlers
-    handlers = set(LOGGERS_HANDLERS)
-    if quiet and 'tty' in handlers:
-        handlers.remove('tty')
-    elif verbose and 'tty' not in handlers:
-        handlers.append('tty')
-
-    root_handlers = set(handlers)
-    if not debug and 'tty' in root_handlers:
-        root_handlers.remove('tty')
-
-    # Define loggers level
-    level = LOGGERS_LEVEL
-    tty_level = TTY_LOG_LEVEL
-    if verbose:
-        tty_level = 'INFO'
-    if debug:
-        tty_level = level = 'DEBUG'
-
-    # Custom logging configuration
-    logging = {
-        'version': 1,
-        'disable_existing_loggers': True,
-        'formatters': {
-            'tty-debug': {
-                'format': '%(relativeCreated)-4d %(fmessage)s'
-            },
-            'precise': {
-                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-        },
-        'filters': {
-            'action': {
-                '()': 'moulinette.utils.log.ActionFilter',
-            },
-        },
-        'handlers': {
-            'tty': {
-                'level': tty_level,
-                'class': 'moulinette.interfaces.cli.TTYHandler',
-                'formatter': 'tty-debug' if debug else '',
-            },
-            'file': {
-                'class': 'logging.FileHandler',
-                'formatter': 'precise',
-                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
-                'filters': ['action'],
-            },
-        },
-        'loggers': {
-            'yunohost': {
-                'level': level,
-                'handlers': handlers,
-                'propagate': False,
-            },
-            'moulinette': {
-                'level': level,
-                'handlers': [],
-                'propagate': True,
-            },
-            'moulinette.interface': {
-                'level': level,
-                'handlers': handlers,
-                'propagate': False,
-            },
-        },
-        'root': {
-            'level': level,
-            'handlers': root_handlers,
-        },
-    }
-
-    # Create log directory
-    if not os.path.isdir(LOG_DIR):
-        try:
-            os.makedirs(LOG_DIR, 0750)
-        except os.error as e:
-            _die(str(e))
-
-    # Initialize moulinette
-    moulinette.init(logging_config=logging, _from_source=IN_DEVEL)
-
-def _retrieve_namespaces():
-    """Return the list of namespaces to load"""
-    ret = ['yunohost']
-    for n in ActionsMap.get_namespaces():
-        # Append YunoHost modules
-        if n.startswith('ynh_'):
-            ret.append(n)
-    return ret
-
-
-# Main action ----------------------------------------------------------
-
-if __name__ == '__main__':
-    parser, opts, args = _parse_cli_args()
-    _init_moulinette(opts.debug, opts.verbose, opts.quiet)
-
-    # Check that YunoHost is installed
-    if not os.path.isfile('/etc/yunohost/installed') and \
-       (len(args) < 2 or (args[0] +' '+ args[1] != 'tools postinstall' and \
-                          args[0] +' '+ args[1] != 'backup restore')):
-        # Init i18n
-        m18n.load_namespace('yunohost')
-        m18n.set_locale(get_locale())
-
-        # Print error and exit
-        _die(m18n.n('yunohost_not_installed'), m18n.g('error'))
-
-    # Execute the action
-    ret = moulinette.cli(
-        _retrieve_namespaces(), args,
-        use_cache=opts.use_cache, output_as=opts.output_as,
-        password=opts.password, parser_kwargs={'top_parser': parser}
-    )
-    sys.exit(ret)
--- a/bin/yunohost-api
+++ b/bin/yunohost-api
@ -1,203 +0,0 @@
-#! /usr/bin/python
-# -*- coding: utf-8 -*-
-
-import os
-import sys
-import argparse
-
-# Either we are in a development environment or not
-IN_DEVEL = False
-
-# Default server configuration
-DEFAULT_HOST = 'localhost'
-DEFAULT_PORT = 6787
-
-# Level for which loggers will log
-LOGGERS_LEVEL = 'INFO'
-
-# Handlers that will be used by loggers
-#  - file: log to the file LOG_DIR/LOG_FILE
-#  - api: serve logs through the api
-#  - console: log to stderr
-LOGGERS_HANDLERS = ['file', 'api']
-
-# Directory and file to be used by logging
-LOG_DIR = '/var/log/yunohost'
-LOG_FILE = 'yunohost-api.log'
-
-# Check and load - as needed - development environment
-if not __file__.startswith('/usr/'):
-    IN_DEVEL = True
-if IN_DEVEL:
-    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
-    if os.path.isdir(os.path.join(basedir, 'moulinette')):
-        sys.path.insert(0, basedir)
-    LOG_DIR = os.path.join(basedir, 'log')
-
-
-import moulinette
-from moulinette.actionsmap import ActionsMap
-from moulinette.interfaces.cli import colorize
-
-
-# Initialization & helpers functions -----------------------------------
-
-def _die(message, title='Error:'):
-    """Print error message and exit"""
-    print('%s %s' % (colorize(title, 'red'), message))
-    sys.exit(1)
-
-def _parse_api_args():
-    """Parse main arguments for the api"""
-    parser = argparse.ArgumentParser(add_help=False,
-        description="Run the YunoHost API to manage your server.",
-    )
-    srv_group = parser.add_argument_group('server configuration')
-    srv_group.add_argument('-h', '--host',
-        action='store', default=DEFAULT_HOST,
-        help="Host to listen on (default: %s)" % DEFAULT_HOST,
-    )
-    srv_group.add_argument('-p', '--port',
-        action='store', default=DEFAULT_PORT, type=int,
-        help="Port to listen on (default: %d)" % DEFAULT_PORT,
-    )
-    srv_group.add_argument('--no-websocket',
-        action='store_true', default=True, dest='use_websocket',
-        help="Serve without WebSocket support, used to handle "
-        "asynchronous responses such as the messages",
-    )
-    glob_group = parser.add_argument_group('global arguments')
-    glob_group.add_argument('--no-cache',
-        action='store_false', default=True, dest='use_cache',
-        help="Don't use actions map cache",
-    )
-    glob_group.add_argument('--debug',
-        action='store_true', default=False,
-        help="Set log level to DEBUG",
-    )
-    glob_group.add_argument('--verbose',
-        action='store_true', default=False,
-        help="Be verbose in the output",
-    )
-    glob_group.add_argument('--help',
-        action='help', help="Show this help message and exit",
-    )
-
-    return parser.parse_args()
-
-def _init_moulinette(use_websocket=True, debug=False, verbose=False):
-    """Configure logging and initialize the moulinette"""
-    # Define loggers handlers
-    handlers = set(LOGGERS_HANDLERS)
-    if not use_websocket and 'api' in handlers:
-        handlers.remove('api')
-    if verbose and 'console' not in handlers:
-        handlers.add('console')
-    root_handlers = handlers - set(['api'])
-
-    # Define loggers level
-    level = LOGGERS_LEVEL
-    if debug:
-        level = 'DEBUG'
-
-    # Custom logging configuration
-    logging = {
-        'version': 1,
-        'disable_existing_loggers': True,
-        'formatters': {
-            'console': {
-                'format': '%(relativeCreated)-5d %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-            'precise': {
-                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
-            },
-        },
-        'filters': {
-            'action': {
-                '()': 'moulinette.utils.log.ActionFilter',
-            },
-        },
-        'handlers': {
-            'api': {
-                'class': 'moulinette.interfaces.api.APIQueueHandler',
-            },
-            'file': {
-                'class': 'logging.handlers.WatchedFileHandler',
-                'formatter': 'precise',
-                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
-                'filters': ['action'],
-            },
-            'console': {
-                'class': 'logging.StreamHandler',
-                'formatter': 'console',
-                'stream': 'ext://sys.stdout',
-                'filters': ['action'],
-            },
-        },
-        'loggers': {
-            'yunohost': {
-                'level': level,
-                'handlers': handlers,
-                'propagate': False,
-            },
-            'moulinette': {
-                'level': level,
-                'handlers': [],
-                'propagate': True,
-            },
-        },
-        'root': {
-            'level': level,
-            'handlers': root_handlers,
-        },
-    }
-
-    # Create log directory
-    if not os.path.isdir(LOG_DIR):
-        try:
-            os.makedirs(LOG_DIR, 0750)
-        except os.error as e:
-            _die(str(e))
-
-    # Initialize moulinette
-    moulinette.init(logging_config=logging, _from_source=IN_DEVEL)
-
-def _retrieve_namespaces():
-    """Return the list of namespaces to load"""
-    ret = ['yunohost']
-    for n in ActionsMap.get_namespaces():
-        # Append YunoHost modules
-        if n.startswith('ynh_'):
-            ret.append(n)
-    return ret
-
-
-# Callbacks for additional routes --------------------------------------
-
-def is_installed():
-    """
-    Check whether YunoHost is installed or not
-
-    """
-    installed = False
-    if os.path.isfile('/etc/yunohost/installed'):
-        installed = True
-    return { 'installed': installed }
-
-
-# Main action ----------------------------------------------------------
-
-if __name__ == '__main__':
-    opts = _parse_api_args()
-    _init_moulinette(opts.use_websocket, opts.debug, opts.verbose)
-
-    # Run the server
-    from yunohost.utils.packages import ynh_packages_version
-    ret = moulinette.api(
-        _retrieve_namespaces(),
-        host=opts.host, port=opts.port, routes={
-            ('GET', '/installed'): is_installed,
-            ('GET', '/version'): ynh_packages_version,
-        }, use_cache=opts.use_cache, use_websocket=opts.use_websocket
-    )
-    sys.exit(ret)
--- a/bin/yunopaste
+++ b/bin/yunopaste
@ -1,77 +0,0 @@
-#!/bin/bash
-
-set -e
-set -u
-
-PASTE_URL="https://paste.yunohost.org"
-
-_die() {
-  printf "Error: %s\n" "$*"
-  exit 1
-}
-
-check_dependencies() {
-  curl -V > /dev/null 2>&1 || _die "This script requires curl."
-}
-
-paste_data() {
-  json=$(curl -X POST -s -d "$1" "${PASTE_URL}/documents")
-  [[ -z "$json" ]] && _die "Unable to post the data to the server."
-
-  key=$(echo "$json" \
-    | python -c 'import json,sys;o=json.load(sys.stdin);print o["key"]' \
-        2>/dev/null)
-  [[ -z "$key" ]] && _die "Unable to parse the server response."
-
-  echo "${PASTE_URL}/${key}"
-}
-
-usage() {
-  printf "Usage: ${0} [OPTION]...
-
-Read from input stream and paste the data to the YunoHost
-Haste server.
-
-For example, to paste the output of the YunoHost diagnosis, you
-can simply execute the following:
-  yunohost tools diagnosis | ${0}
-
-It will return the URL where you can access the pasted data.
-
-Options:
-  -h, --help   show this help message and exit
-"
-}
-
-main() {
-  # parse options
-  while (( ${#} )); do
-    case "${1}" in
-      --help|-h)
-        usage
-        exit 0
-        ;;
-      *)
-        echo "Unknown parameter detected: ${1}" >&2
-        echo >&2
-        usage >&2
-        exit 1
-        ;;
-    esac
-
-    shift 1
-  done
-
-  # check input stream
-  read -t 0 || {
-    echo -e "Invalid usage: No input is provided.\n" >&2
-    usage
-    exit 1
-  }
-
-  paste_data "$(cat)"
-}
-
-check_dependencies
-
-main "${@}"
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
--- a/data/bash-completion.d/yunohost
+++ b/data/bash-completion.d/yunohost
@ -1,12 +0,0 @@
-#
-# Bash completion for yunohost
-#
-
-_python_argcomplete() {
-    local IFS=''
-    COMPREPLY=( $(IFS="$IFS"                   COMP_LINE="$COMP_LINE"                   COMP_POINT="$COMP_POINT"                   _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS"                   _ARGCOMPLETE=1                   "$1" 8>&1 9>&2 1>/dev/null 2>/dev/null) )
-    if [[ $? != 0 ]]; then
-        unset COMPREPLY
-    fi
-}
-complete -o nospace -o default -F _python_argcomplete "yunohost"
--- a/data/helpers
+++ b/data/helpers
@ -1,7 +0,0 @@
-# -*- shell-script -*-
-
-# TODO : use --regex to validate against a namespace
-for helper in $(run-parts --list /usr/share/yunohost/helpers.d 2>/dev/null) ; do
-    [ -r $helper ] && . $helper || true
-done
-
--- a/data/helpers.d/filesystem
+++ b/data/helpers.d/filesystem
@ -1,41 +0,0 @@
-CAN_BIND=1
-
-# Bind a directory or copy it on error
-#
-# usage: ynh_bind_or_cp srcdir destdir as_root
-# | arg: srcdir - directory to bind or copy
-# | arg: destdir - mountpoint or destination directory
-# | arg: as_root - 1 to execute commands as root
-ynh_bind_or_cp() {
-    SRCDIR=$1
-    DESTDIR=$2
-    SUDO_CMD="sudo"
-    [[ "$3" != "1" ]] && SUDO_CMD=""
-
-    if [[ $CAN_BIND == 1 ]]; then
-        $SUDO_CMD mkdir -p $DESTDIR
-        $SUDO_CMD mount --bind "$SRCDIR" "$DESTDIR"
-        if [[ $? == 0 ]]; then
-            for m in $(mount | grep " $SRCDIR" | awk '{ print $3 }'); do
-                $SUDO_CMD mount --bind "$m" "${DESTDIR}${m#${SRCDIR}}"
-            done
-            return
-        fi
-        echo "Error: bind mounting seems to be disabled on your system."
-        echo "You have maybe to check your apparmor configuration."
-        CAN_BIND=0
-    fi
-    $SUDO_CMD cp -r "$SRCDIR" "$DESTDIR"
-}
-
-# Create a directory under /tmp
-#
-# usage: ynh_mkdir_tmp
-# | ret: the created directory path
-ynh_mkdir_tmp() {
-    TMPDIR="/tmp/$(ynh_string_random 6)"
-    while [ -d $TMPDIR ]; do
-        TMPDIR="/tmp/$(ynh_string_random 6)"
-    done
-    mkdir -p "$TMPDIR" && echo "$TMPDIR"
-}
--- a/data/helpers.d/ip
+++ b/data/helpers.d/ip
@ -1,52 +0,0 @@
-# Validate an IP address
-#
-# example: ynh_validate_ip 4 111.222.333.444
-#
-# usage: ynh_validate_ip <family> <ip_address>
-#
-# exit code : 0 for valid ip addresses, 1 otherwise
-ynh_validate_ip()
-{
-  # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
-  
-  IP_ADDRESS_FAMILY=$1
-  IP_ADDRESS=$2
-  
-  [ "$IP_ADDRESS_FAMILY" == "4" ] || [ "$IP_ADDRESS_FAMILY" == "6" ] || return 1
-  
-  python /dev/stdin << EOF
-import socket
-import sys
-family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
-try:
-    socket.inet_pton(family["$IP_ADDRESS_FAMILY"], "$IP_ADDRESS")
-except socket.error:
-    sys.exit(1)
-sys.exit(0)
-EOF
-}
-
-# Validate an IPv4 address
-#
-# example: ynh_validate_ip4 111.222.333.444
-#
-# usage: ynh_validate_ip4 <ip_address>
-#
-# exit code : 0 for valid ipv4 addresses, 1 otherwise
-ynh_validate_ip4()
-{
-  ynh_validate_ip 4 $1
-}
-
-
-# Validate an IPv6 address
-#
-# example: ynh_validate_ip6 2000:dead:beef::1
-#
-# usage: ynh_validate_ip6 <ip_address>
-#
-# exit code : 0 for valid ipv6 addresses, 1 otherwise
-ynh_validate_ip6()
-{
-  ynh_validate_ip 6 $1
-}
--- a/data/helpers.d/mysql
+++ b/data/helpers.d/mysql
@ -1,92 +0,0 @@
-MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql
-
-# Open a connection as a user
-#
-# example: ynh_mysql_connect_as 'user' 'pass' <<< "UPDATE ...;"
-# example: ynh_mysql_connect_as 'user' 'pass' < /path/to/file.sql
-#
-# usage: ynh_mysql_connect_as user pwd [db]
-# | arg: user - the user name to connect as
-# | arg: pwd - the user password
-# | arg: db - the database to connect to
-ynh_mysql_connect_as() {
-    mysql -u "$1" --password="$2" -B "${3:-}"
-}
-
-# Execute a command as root user
-#
-# usage: ynh_mysql_execute_as_root sql [db]
-# | arg: sql - the SQL command to execute
-# | arg: db - the database to connect to
-ynh_mysql_execute_as_root() {
-    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
-        "${2:-}" <<< "$1"
-}
-
-# Execute a command from a file as root user
-#
-# usage: ynh_mysql_execute_file_as_root sql [db]
-# | arg: file - the file containing SQL commands
-# | arg: db - the database to connect to
-ynh_mysql_execute_file_as_root() {
-    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
-        "${2:-}" < "$1"
-}
-
-# Create a database and grant optionnaly privilegies to a user
-#
-# usage: ynh_mysql_create_db db [user [pwd]]
-# | arg: db - the database name to create
-# | arg: user - the user to grant privilegies
-# | arg: pwd - the password to identify user by
-ynh_mysql_create_db() {
-    db=$1
-
-    sql="CREATE DATABASE ${db};"
-
-    # grant all privilegies to user
-    if [[ $# -gt 1 ]]; then
-        sql+=" GRANT ALL PRIVILEGES ON ${db}.* TO '${2}'@'localhost'"
-        [[ -n ${3:-} ]] && sql+=" IDENTIFIED BY '${3}'"
-        sql+=" WITH GRANT OPTION;"
-    fi
-
-    ynh_mysql_execute_as_root "$sql"
-}
-
-# Drop a database
-#
-# usage: ynh_mysql_drop_db db
-# | arg: db - the database name to drop
-ynh_mysql_drop_db() {
-    ynh_mysql_execute_as_root "DROP DATABASE ${1};"
-}
-
-# Dump a database
-#
-# example: ynh_mysql_dump_db 'roundcube' > ./dump.sql
-#
-# usage: ynh_mysql_dump_db db
-# | arg: db - the database name to dump
-# | ret: the mysqldump output
-ynh_mysql_dump_db() {
-    mysqldump -u "root" -p"$(sudo cat $MYSQL_ROOT_PWD_FILE)" "$1"
-}
-
-# Create a user
-#
-# usage: ynh_mysql_create_user user pwd [host]
-# | arg: user - the user name to create
-# | arg: pwd - the password to identify user by
-ynh_mysql_create_user() {
-    ynh_mysql_execute_as_root \
-        "CREATE USER '${1}'@'localhost' IDENTIFIED BY '${2}';"
-}
-
-# Drop a user
-#
-# usage: ynh_mysql_drop_user user
-# | arg: user - the user name to drop
-ynh_mysql_drop_user() {
-    ynh_mysql_execute_as_root "DROP USER '${1}'@'localhost';"
-}
--- a/data/helpers.d/package
+++ b/data/helpers.d/package
@ -1,94 +0,0 @@
-# Check either a package is installed or not
-#
-# example: ynh_package_is_installed 'yunohost' && echo "ok"
-#
-# usage: ynh_package_is_installed name
-# | arg: name - the package name to check
-ynh_package_is_installed() {
-    dpkg-query -W -f '${Status}' "$1" 2>/dev/null \
-        | grep -c "ok installed" &>/dev/null
-}
-
-# Get the version of an installed package
-#
-# example: version=$(ynh_package_version 'yunohost')
-#
-# usage: ynh_package_version name
-# | arg: name - the package name to get version
-# | ret: the version or an empty string
-ynh_package_version() {
-    if ynh_package_is_installed "$1"; then
-        dpkg-query -W -f '${Version}' "$1" 2>/dev/null
-    else
-        echo ''
-    fi
-}
-
-# Update package index files
-#
-# usage: ynh_package_update
-ynh_package_update() {
-    sudo apt-get -y -qq update
-}
-
-# Install package(s)
-#
-# usage: ynh_package_install name [name [...]]
-# | arg: name - the package name to install
-ynh_package_install() {
-    sudo apt-get -y -qq install $@
-}
-
-# Build and install a package from an equivs control file
-#
-# example: generate an empty control file with `equivs-control`, adjust its
-#          content and use helper to build and install the package:
-#              ynh_package_install_from_equivs /path/to/controlfile
-#
-# usage: ynh_package_install_from_equivs controlfile
-# | arg: controlfile - path of the equivs control file
-ynh_package_install_from_equivs() {
-    controlfile=$1
-
-    # install equivs package as needed
-    ynh_package_is_installed 'equivs' \
-        || ynh_package_install equivs
-
-    # retrieve package information
-    pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2)
-    pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2)
-    [[ -z "$pkgname" || -z "$pkgversion" ]] \
-        && echo "Invalid control file" && exit 1
-
-    # update packages cache
-    ynh_package_update
-
-    # build and install the package
-    TMPDIR=$(ynh_mkdir_tmp)
-    (cp "$controlfile" "${TMPDIR}/control" \
-     && cd "$TMPDIR" \
-     && equivs-build ./control 1>/dev/null \
-     && sudo dpkg --force-depends \
-          -i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
-     && sudo apt-get -f -y -qq install) \
-        && ([[ -n "$TMPDIR" ]] && rm -rf $TMPDIR)
-
-    # check if the package is actually installed
-    ynh_package_is_installed "$pkgname"
-}
-
-# Remove package(s)
-#
-# usage: ynh_package_remove name [name [...]]
-# | arg: name - the package name to remove
-ynh_package_remove() {
-    sudo apt-get -y -qq remove $@
-}
-
-# Remove package(s) and their uneeded dependencies
-#
-# usage: ynh_package_autoremove name [name [...]]
-# | arg: name - the package name to remove
-ynh_package_autoremove() {
-    sudo apt-get -y -qq autoremove $@
-}
--- a/data/helpers.d/setting
+++ b/data/helpers.d/setting
@ -1,27 +0,0 @@
-# Get an application setting
-#
-# usage: ynh_app_setting_get app key
-# | arg: app - the application id
-# | arg: key - the setting to get
-ynh_app_setting_get() {
-    sudo yunohost app setting "$1" "$2" --output-as plain --quiet
-}
-
-# Set an application setting
-#
-# usage: ynh_app_setting_set app key value
-# | arg: app - the application id
-# | arg: key - the setting name to set
-# | arg: value - the setting value to set
-ynh_app_setting_set() {
-    sudo yunohost app setting "$1" "$2" -v "$3" --quiet
-}
-
-# Delete an application setting
-#
-# usage: ynh_app_setting_delete app key
-# | arg: app - the application id
-# | arg: key - the setting to delete
-ynh_app_setting_delete() {
-    sudo yunohost app setting -d "$1" "$2" --quiet
-}
--- a/data/helpers.d/string
+++ b/data/helpers.d/string
@ -1,11 +0,0 @@
-# Generate a random string
-#
-# example: pwd=$(ynh_string_random 8)
-#
-# usage: ynh_string_random [length]
-# | arg: length - the string length to generate (default: 24)
-ynh_string_random() {
-    dd if=/dev/urandom bs=1 count=200 2> /dev/null \
-      | tr -c -d '[A-Za-z0-9]' \
-      | sed -n 's/\(.\{'"${1:-24}"'\}\).*/\1/p'
-}
--- a/data/helpers.d/user
+++ b/data/helpers.d/user
@ -1,40 +0,0 @@
-# Check if a YunoHost user exists
-#
-# example: ynh_user_exists 'toto' || exit 1
-#
-# usage: ynh_user_exists username
-# | arg: username - the username to check
-ynh_user_exists() {
-    sudo yunohost user list --output-as json | grep -q "\"username\": \"${1}\""
-}
-
-# Retrieve a YunoHost user information
-#
-# example: mail=$(ynh_user_get_info 'toto' 'mail')
-#
-# usage: ynh_user_get_info username key
-# | arg: username - the username to retrieve info from
-# | arg: key - the key to retrieve
-# | ret: string - the key's value
-ynh_user_get_info() {
-    sudo yunohost user info "$1" --output-as plain | ynh_get_plain_key "$2"
-}
-
-# Get the list of YunoHost users
-#
-# example: for u in $(ynh_user_list); do ...
-#
-# usage: ynh_user_list
-# | ret: string - one username per line
-ynh_user_list() {
-    sudo yunohost user list --output-as plain --quiet \
-      | awk '/^##username$/{getline; print}'
-}
-
-# Check if a user exists on the system
-#
-# usage: ynh_system_user_exists username
-# | arg: username - the username to check
-ynh_system_user_exists() {
-    getent passwd "$1" &>/dev/null
-}
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@ -1,26 +0,0 @@
-# Extract a key from a plain command output
-#
-# example: yunohost user info tata --output-as plain | ynh_get_plain_key mail
-#
-# usage: ynh_get_plain_key key [subkey [subsubkey ...]]
-# | ret: string - the key's value
-ynh_get_plain_key() {
-    prefix="#"
-    founded=0
-    key=$1
-    shift
-    while read line; do
-        if [[ "$founded" == "1" ]] ; then
-            [[ "$line" =~ ^${prefix}[^#] ]] && return
-            echo $line
-        elif [[ "$line" =~ ^${prefix}${key}$ ]]; then
-            if [[ -n "${1:-}" ]]; then
-                prefix+="#"
-                key=$1
-                shift
-            else
-                founded=1
-            fi
-        fi
-    done
-}
--- a/data/hooks/backup/05-conf_ldap
+++ b/data/hooks/backup/05-conf_ldap
@ -1,14 +0,0 @@
-backup_dir="${1}/conf/ldap"
-sudo mkdir -p "$backup_dir"
-
-# Fix for first jessie yunohost where slapd.conf is called slapd-yuno.conf
-# without slapcat doesn't work
-[[ ! -f /etc/ldap/slapd.conf ]] \
-  && sudo mv /etc/ldap/slapd-yuno.conf /etc/ldap/slapd.conf
-
-# Back up the configuration
-sudo cp -a /etc/ldap/slapd.conf "${backup_dir}/slapd.conf"
-sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
-
-# Back up the database
-sudo slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
--- a/data/hooks/backup/08-conf_ssh
+++ b/data/hooks/backup/08-conf_ssh
@ -1,8 +0,0 @@
-backup_dir="$1/conf/ssh"
-sudo mkdir -p $backup_dir
-
-if [ -d /etc/ssh/ ]; then
-    sudo cp -a /etc/ssh/. $backup_dir
-else
-    echo "SSH is not installed"
-fi
--- a/data/hooks/backup/11-conf_ynh_mysql
+++ b/data/hooks/backup/11-conf_ynh_mysql
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/mysql"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/mysql "${backup_dir}/root_pwd"
--- a/data/hooks/backup/14-conf_ssowat
+++ b/data/hooks/backup/14-conf_ssowat
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ssowat"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/ssowat/. $backup_dir
--- a/data/hooks/backup/17-data_home
+++ b/data/hooks/backup/17-data_home
@ -1,10 +0,0 @@
-backup_dir="$1/data/home"
-sudo mkdir -p $backup_dir
-
-. /usr/share/yunohost/helpers
-
-for f in $(find /home/* -type d -prune | awk -F/ '{print $NF}'); do
-    if [[ ! "$f" =~ ^yunohost|lost\+found ]]; then
-        ynh_bind_or_cp "/home/$f" "${backup_dir}/$f" 1
-    fi
-done
--- a/data/hooks/backup/20-conf_ynh_firewall
+++ b/data/hooks/backup/20-conf_ynh_firewall
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/firewall"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/firewall* $backup_dir
--- a/data/hooks/backup/21-conf_ynh_certs
+++ b/data/hooks/backup/21-conf_ynh_certs
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/certs"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/certs/. $backup_dir
--- a/data/hooks/backup/23-data_mail
+++ b/data/hooks/backup/23-data_mail
@ -1,5 +0,0 @@
-backup_dir="$1/data/mail"
-
-. /usr/share/yunohost/helpers
-
-ynh_bind_or_cp /var/mail $backup_dir 1
--- a/data/hooks/backup/26-conf_xmpp
+++ b/data/hooks/backup/26-conf_xmpp
@ -1,5 +0,0 @@
-backup_dir="$1/conf/xmpp"
-sudo mkdir -p $backup_dir/{etc,var}
-
-sudo cp -a /etc/metronome/. $backup_dir/etc
-sudo cp -a /var/lib/metronome/. $backup_dir/var
--- a/data/hooks/backup/29-conf_nginx
+++ b/data/hooks/backup/29-conf_nginx
@ -1,4 +0,0 @@
-backup_dir="$1/conf/nginx"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/nginx/conf.d/. $backup_dir
--- a/data/hooks/backup/32-conf_cron
+++ b/data/hooks/backup/32-conf_cron
@ -1,4 +0,0 @@
-backup_dir="$1/conf/cron"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/cron.d/yunohost* $backup_dir/
--- a/data/hooks/backup/40-conf_ynh_currenthost
+++ b/data/hooks/backup/40-conf_ynh_currenthost
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh"
-sudo mkdir -p $backup_dir
-
-sudo cp -a /etc/yunohost/current_host "${backup_dir}/current_host"
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@ -1,111 +0,0 @@
-#!/bin/bash
-
-set -e
-
-services_path="/etc/yunohost/services.yml"
-
-do_init_regen() {
-  if [[ $EUID -ne 0 ]]; then
-    echo "You must be root to run this script" 1>&2
-    exit 1
-  fi
-
-  cd /usr/share/yunohost/templates/yunohost
-
-  [[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost
-
-  # set default current_host
-  [[ -f /etc/yunohost/current_host ]] \
-    || echo "yunohost.org" > /etc/yunohost/current_host
-
-  # copy default services and firewall
-  [[ -f $services_path ]] \
-    || cp services.yml "$services_path"
-  [[ -f /etc/yunohost/firewall.yml ]] \
-    || cp firewall.yml /etc/yunohost/firewall.yml
-
-  # allow users to access /media directory
-  [[ -d /etc/skel/media ]] \
-    || (mkdir -p /media && ln -s /media /etc/skel/media)
-}
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/yunohost
-
-  # update services.yml
-  if [[ -f $services_path ]]; then
-      tmp_services_path="${services_path}-tmp"
-      new_services_path="${services_path}-new"
-      sudo cp "$services_path" "$tmp_services_path"
-      _update_services "$new_services_path" || {
-        sudo mv "$tmp_services_path" "$services_path"
-        exit 1
-      }
-      if [[ -f $new_services_path ]]; then
-          # replace services.yml with new one
-          sudo mv "$new_services_path" "$services_path"
-          sudo mv "$tmp_services_path" "${services_path}-old"
-      else
-          sudo rm -f "$tmp_services_path"
-      fi
-  else
-      sudo cp services.yml /etc/yunohost/services.yml
-  fi
-}
-
-_update_services() {
-  sudo python2 - << EOF
-import yaml
-with open('services.yml') as f:
-    new_services = yaml.load(f)
-with open('/etc/yunohost/services.yml') as f:
-    services = yaml.load(f)
-updated = False
-for service, conf in new_services.items():
-    # remove service with empty conf
-    if not conf:
-        if service in services:
-            print("removing '{0}' from services".format(service))
-            del services[service]
-            updated = True
-    # add new service
-    elif not services.get(service, None):
-        print("adding '{0}' to services".format(service))
-        services[service] = conf
-        updated = True
-    # update service conf
-    else:
-        conffiles = services[service].pop('conffiles', {})
-        if services[service] != conf:
-            print("update '{0}' service".format(service))
-            services[service].update(conf)
-            updated = True
-        if conffiles:
-            services[service]['conffiles'] = conffiles
-if updated:
-    with open('/etc/yunohost/services.yml-new', 'w') as f:
-        yaml.safe_dump(services, f, default_flow_style=False)
-EOF
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    ;;
-  init)
-    do_init_regen
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@ -1,93 +0,0 @@
-#!/bin/bash
-
-set -e
-
-ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
-
-do_init_regen() {
-  if [[ $EUID -ne 0 ]]; then
-    echo "You must be root to run this script" 1>&2
-    exit 1
-  fi
-
-  # create certs and SSL directories
-  mkdir -p "/etc/yunohost/certs/yunohost.org"
-  mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
-
-  # initialize some files
-  [[ -f "${ssl_dir}/serial" ]] \
-    || echo "00" > "${ssl_dir}/serial"
-  [[ -f "${ssl_dir}/index.txt" ]] \
-    || touch "${ssl_dir}/index.txt"
-
-  openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf"
-
-  # create default certificates
-  if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
-      openssl req -x509 -new -config "$openssl_conf" \
-        -days 3650 -out "${ssl_dir}/ca/cacert.pem" \
-        -keyout "${ssl_dir}/ca/cakey.pem" -nodes -batch 2>&1
-      cp "${ssl_dir}/ca/cacert.pem" \
-        /etc/yunohost/certs/yunohost.org/ca.pem
-      ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
-        /etc/ssl/certs/ca-yunohost_crt.pem
-      update-ca-certificates
-  fi
-
-  if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
-      openssl req -new -config "$openssl_conf" \
-        -days 730 -out "${ssl_dir}/certs/yunohost_csr.pem" \
-        -keyout "${ssl_dir}/certs/yunohost_key.pem" -nodes -batch 2>&1
-      openssl ca -config "$openssl_conf" \
-        -days 730 -in "${ssl_dir}/certs/yunohost_csr.pem" \
-        -out "${ssl_dir}/certs/yunohost_crt.pem" -batch 2>&1
-
-      last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
-      chmod 640 "${ssl_dir}/certs/yunohost_key.pem"
-      chmod 640 "$last_cert"
-
-      cp "${ssl_dir}/certs/yunohost_key.pem" \
-        /etc/yunohost/certs/yunohost.org/key.pem
-      cp "$last_cert" \
-        /etc/yunohost/certs/yunohost.org/crt.pem
-      ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
-        /etc/ssl/certs/yunohost_crt.pem
-      ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
-        /etc/ssl/private/yunohost_key.pem
-  fi
-}
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/ssl
-
-  install -D -m 644 openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  # TODO: regenerate certificates if conf changed?
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  init)
-    do_init_regen
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/03-ssh
+++ b/data/hooks/conf_regen/03-ssh
@ -1,45 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/ssh
-
-  # only overwrite SSH configuration on an ISO installation
-  if [[ ! -f /etc/yunohost/from_script ]]; then
-      # do not listen to IPv6 if unavailable
-      [[ -f /proc/net/if_inet6 ]] \
-        || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
-
-      install -D -m 644 sshd_config "${pending_dir}/etc/ssh/sshd_config"
-  fi
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  if [[ ! -f /etc/yunohost/from_script ]]; then
-    [[ -z "$regen_conf_files" ]] \
-      || sudo service ssh restart
-  fi
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@ -1,118 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_init_regen() {
-  if [[ $EUID -ne 0 ]]; then
-      echo "You must be root to run this script" 1>&2
-      exit 1
-  fi
-
-  do_pre_regen ""
-
-  # fix some permissions
-  chown root:openldap /etc/ldap/slapd.conf
-  chown -R openldap:openldap /etc/ldap/schema/
-
-  # check the slapd config file at first
-  slaptest -Q -u -f /etc/ldap/slapd.conf
-
-  # regenerate LDAP config directory from slapd.conf
-  rm -Rf /etc/ldap/slapd.d
-  mkdir /etc/ldap/slapd.d
-  slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
-  chown -R openldap:openldap /etc/ldap/slapd.d/
-
-  service slapd restart
-}
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/slapd
-
-  # remove legacy configuration file
-  [ ! -f /etc/ldap/slapd-yuno.conf ] \
-    || touch "${pending_dir}/etc/ldap/slapd-yuno.conf"
-
-  # create needed directories
-  ldap_dir="${pending_dir}/etc/ldap"
-  schema_dir="${ldap_dir}/schema"
-  mkdir -p "$ldap_dir" "$schema_dir"
-
-  # copy configuration files
-  cp -a ldap.conf slapd.conf "$ldap_dir"
-  cp -a sudo.schema mailserver.schema "$schema_dir"
-
-  install -D -m 644 slapd.default "${pending_dir}/etc/default/slapd"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  # fix some permissions
-  sudo chown root:openldap /etc/ldap/slapd.conf
-  sudo chown -R openldap:openldap /etc/ldap/schema/
-  sudo chown -R openldap:openldap /etc/ldap/slapd.d/
-
-  [ -z "$regen_conf_files" ] && exit 0
-
-  # retrieve current and new backends
-  curr_backend=$(sudo slapcat -n 0 \
-                   | sed -n 's/^dn: olcDatabase={1}\(.*\),cn=config$/\1/p')
-  new_backend=$(grep '^database' /etc/ldap/slapd.conf | awk '{print $2}')
-
-  # save current database in case of a backend change
-  backend_change=0
-  backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
-  if [[ -n "$curr_backend" && "$curr_backend" != "$new_backend" ]]; then
-      backend_change=1
-      sudo mkdir -p "$backup_dir"
-      sudo slapcat -b dc=yunohost,dc=org \
-        -l "${backup_dir}/dc=yunohost-dc=org.ldif"
-  fi
-
-  # check the slapd config file at first
-  sudo slaptest -Q -u -f /etc/ldap/slapd.conf
-
-  if [[ $backend_change -eq 1 ]]; then
-      # regenerate LDAP config directory and import database as root
-      # since the admin user may be unavailable
-      sudo sh -c "rm -Rf /etc/ldap/slapd.d;
-  mkdir /etc/ldap/slapd.d;
-  slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
-  chown -R openldap:openldap /etc/ldap/slapd.d;
-  slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
-    -l '${backup_dir}/dc=yunohost-dc=org.ldif';
-  chown -R openldap:openldap /var/lib/ldap" 2>&1
-  else
-      # regenerate LDAP config directory from slapd.conf
-      sudo rm -Rf /etc/ldap/slapd.d
-      sudo mkdir /etc/ldap/slapd.d
-      sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
-      sudo chown -R openldap:openldap /etc/ldap/slapd.d/
-  fi
-
-  sudo service slapd force-reload
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  init)
-    do_init_regen
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/09-nslcd
+++ b/data/hooks/conf_regen/09-nslcd
@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/nslcd
-
-  install -D -m 644 nslcd.conf "${pending_dir}/etc/nslcd.conf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service nslcd restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@ -1,76 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/metronome
-
-  # create directories for pending conf
-  metronome_dir="${pending_dir}/etc/metronome"
-  metronome_conf_dir="${metronome_dir}/conf.d"
-  mkdir -p "$metronome_conf_dir"
-
-  # retrieve variables
-  main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # install main conf file
-  cat metronome.cfg.lua \
-    | sed "s/{{ main_domain }}/${main_domain}/g" \
-    > "${metronome_dir}/metronome.cfg.lua"
-
-  # add domain conf files
-  for domain in $domain_list; do
-    cat domain.tpl.cfg.lua \
-      | sed "s/{{ domain }}/${domain}/g" \
-      > "${metronome_conf_dir}/${domain}.cfg.lua"
-  done
-
-  # remove old domain conf files
-  conf_files=$(ls -1 /etc/metronome/conf.d \
-                 | awk '/^[^\.]+\.[^\.]+.*\.cfg\.lua$/ { print $1 }')
-  for file in $conf_files; do
-    domain=${file%.cfg.lua}
-    [[ $domain_list =~ $domain ]] \
-      || touch "${metronome_conf_dir}/${file}"
-  done
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  # fix some permissions
-  sudo chown -R metronome: /var/lib/metronome/
-  sudo chown -R metronome: /etc/metronome/conf.d/
-
-  # retrieve variables
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # create metronome directories for domains
-  for domain in $domain_list; do
-    sudo mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
-  done
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service metronome restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@ -1,101 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_init_regen() {
-  if [[ $EUID -ne 0 ]]; then
-    echo "You must be root to run this script" 1>&2
-    exit 1
-  fi
-
-  do_pre_regen ""
-}
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/nginx
-
-  nginx_dir="${pending_dir}/etc/nginx"
-  nginx_conf_dir="${nginx_dir}/conf.d"
-  mkdir -p "$nginx_conf_dir"
-
-  # install plain conf files
-  cp plain/* "$nginx_conf_dir"
-
-  # probably run with init: just disable default site, restart NGINX and exit
-  if [[ -z "$pending_dir" ]]; then
-    rm -f "${nginx_dir}/sites-enabled/default"
-    service nginx restart
-    exit 0
-  fi
-
-  # retrieve variables
-  main_domain=$(cat /etc/yunohost/current_host)
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # add domain conf files
-  for domain in $domain_list; do
-    domain_conf_dir="${nginx_conf_dir}/${domain}.d"
-    mkdir -p "$domain_conf_dir"
-
-    # NGINX server configuration
-    cat server.tpl.conf \
-      | sed "s/{{ domain }}/${domain}/g" \
-      > "${nginx_conf_dir}/${domain}.conf"
-
-    [[ $main_domain != $domain ]] \
-      && touch "${domain_conf_dir}/yunohost_local.conf" \
-      || cp yunohost_local.conf "${domain_conf_dir}/yunohost_local.conf"
-  done
-
-  # remove old domain conf files
-  conf_files=$(ls -1 /etc/nginx/conf.d \
-                 | awk '/^[^\.]+\.[^\.]+.*\.conf$/ { print $1 }')
-  for file in $conf_files; do
-    domain=${file%.conf}
-    [[ $domain_list =~ $domain ]] \
-      || touch "${nginx_conf_dir}/${file}"
-  done
-
-  # disable default site
-  mkdir -p "${nginx_dir}/sites-enabled"
-  touch "${nginx_dir}/sites-enabled/default"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [ -z "$regen_conf_files" ] && exit 0
-
-  # retrieve variables
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # create NGINX conf directories for domains
-  for domain in $domain_list; do
-    sudo mkdir -p "/etc/nginx/conf.d/${domain}.d"
-  done
-
-  sudo service nginx restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  init)
-    do_init_regen
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/19-postfix
+++ b/data/hooks/conf_regen/19-postfix
@ -1,56 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/postfix
-
-  postfix_dir="${pending_dir}/etc/postfix"
-  mkdir -p "$postfix_dir"
-
-  # install plain conf files
-  cp plain/* "$postfix_dir"
-
-  # prepare main.cf conf file
-  main_domain=$(cat /etc/yunohost/current_host)
-  cat main.cf \
-    | sed "s/{{ main_domain }}/${main_domain}/g" \
-    > "${postfix_dir}/main.cf"
-
-  # adapt it for IPv4-only hosts
-  if [ ! -f /proc/net/if_inet6 ]; then
-    sed -i \
-      's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \
-      "${postfix_dir}/main.cf"
-    sed -i \
-      's/inet_interfaces = all/&\ninet_protocols = ipv4/' \
-      "${postfix_dir}/main.cf"
-  fi
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service postfix restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/25-dovecot
+++ b/data/hooks/conf_regen/25-dovecot
@ -1,69 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/dovecot
-
-  dovecot_dir="${pending_dir}/etc/dovecot"
-  mkdir -p "${dovecot_dir}/global_script"
-
-  # copy simple conf files
-  cp dovecot-ldap.conf "${dovecot_dir}/dovecot-ldap.conf"
-  cp dovecot.sieve "${dovecot_dir}/global_script/dovecot.sieve"
-
-  # prepare dovecot.conf conf file
-  main_domain=$(cat /etc/yunohost/current_host)
-  cat dovecot.conf \
-    | sed "s/{{ main_domain }}/${main_domain}/g" \
-    > "${dovecot_dir}/dovecot.conf"
-
-  # adapt it for IPv4-only hosts
-  if [ ! -f /proc/net/if_inet6 ]; then
-    sed -i \
-      's/^\(listen =\).*/\1 */' \
-      "${dovecot_dir}/dovecot.conf"
-  fi
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  # create vmail user
-  id vmail > /dev/null 2>&1 \
-    || sudo adduser --system --ingroup mail --uid 500 vmail
-
-  # fix permissions
-  sudo chown -R vmail:mail /etc/dovecot/global_script
-  sudo chmod 770 /etc/dovecot/global_script
-
-  [ -z "$regen_conf_files" ] && exit 0
-
-  # compile sieve script
-  [[ "$regen_conf_files" =~ dovecot\.sieve ]] && {
-    sudo sievec /etc/dovecot/global_script/dovecot.sieve
-    sudo chown -R vmail:mail /etc/dovecot/global_script
-  }
-
-  sudo service dovecot restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/28-rmilter
+++ b/data/hooks/conf_regen/28-rmilter
@ -1,69 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/rmilter
-
-  install -D -m 644 rmilter.conf \
-    "${pending_dir}/etc/rmilter.conf"
-  install -D -m 644 rmilter.socket \
-    "${pending_dir}/etc/systemd/system/rmilter.socket"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  # retrieve variables
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # create DKIM directory
-  sudo mkdir -p /etc/dkim
-
-  # create DKIM key for domains
-  for domain in $domain_list; do
-    domain_key="/etc/dkim/${domain}.mail.key"
-    [ ! -f $domain_key ] && {
-      sudo opendkim-genkey --domain="$domain" \
-          --selector=mail --directory=/etc/dkim
-      sudo mv /etc/dkim/mail.private "$domain_key"
-      sudo mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
-    }
-  done
-
-  # fix DKIM keys permissions
-  sudo chown _rmilter /etc/dkim/*.mail.key
-  sudo chmod 400 /etc/dkim/*.mail.key
-
-  [ -z "$regen_conf_files" ] && exit 0
-
-  # reload systemd daemon
-  [[ "$regen_conf_files" =~ rmilter\.socket ]] && {
-    sudo systemctl -q daemon-reload
-  }
-
-  # ensure that the socket is listening and stop the service - it will be
-  # started again by the socket as needed
-  sudo systemctl -q start rmilter.socket
-  sudo systemctl -q stop rmilter.service 2>&1 || true
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/31-rspamd
+++ b/data/hooks/conf_regen/31-rspamd
@ -1,50 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/rspamd
-
-  install -D -m 644 metrics.local.conf \
-      "${pending_dir}/etc/rspamd/local.d/metrics.conf"
-  install -D -m 644 rspamd.sieve \
-      "${pending_dir}/etc/dovecot/global_script/rspamd.sieve"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [ -z "$regen_conf_files" ] && exit 0
-
-  # compile sieve script
-  [[ "$regen_conf_files" =~ rspamd\.sieve ]] && {
-    sudo sievec /etc/dovecot/global_script/rspamd.sieve
-    sudo chown -R vmail:mail /etc/dovecot/global_script
-    sudo systemctl restart dovecot
-  }
-
-  # ensure that the socket is listening and stop the service - it will be
-  # started again by the socket as needed
-  sudo systemctl -q start rspamd.socket
-  sudo systemctl -q stop rspamd.service 2>&1 || true
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/34-mysql
+++ b/data/hooks/conf_regen/34-mysql
@ -1,82 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/mysql
-
-  install -D -m 644 my.cnf "${pending_dir}/etc/mysql/my.cnf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  if [ ! -f /etc/yunohost/mysql ]; then
-      . /usr/share/yunohost/helpers.d/string
-
-      # ensure that mysql is running
-      service mysql status >/dev/null 2>&1 \
-        || service mysql start
-
-      # generate and set new root password
-      mysql_password=$(ynh_string_random 10)
-      sudo mysqladmin -s -u root -pyunohost password "$mysql_password" || {
-        if [ $FORCE -eq 1 ]; then
-            . /usr/share/yunohost/helpers.d/package
-
-            echo "It seems that you have already configured MySQL." \
-              "YunoHost needs to have a root access to MySQL to runs its" \
-              "applications, and is going to reset the MySQL root password." \
-              "You can find this new password in /etc/yunohost/mysql." >&2
-
-            # retrieve MySQL package provider
-            ynh_package_is_installed "mariadb-server-10.0" \
-              && mysql_pkg="mariadb-server-10.0" \
-              || mysql_pkg="mysql-server-5.5"
-
-            # set new password with debconf
-            sudo debconf-set-selections << EOF
-$mysql_pkg mysql-server/root_password password $mysql_password
-$mysql_pkg mysql-server/root_password_again password $mysql_password
-EOF
-
-            # reconfigure Debian package
-            sudo dpkg-reconfigure -freadline -u "$mysql_pkg" 2>&1
-        else
-            echo "It seems that you have already configured MySQL." \
-              "YunoHost needs to have a root access to MySQL to runs its" \
-              "applications, but the MySQL root password is unknown." \
-              "You must either pass --force to reset the password or" \
-              "put the current one into the file /etc/yunohost/mysql." >&2
-            exit 1
-        fi
-      }
-
-      # store new root password
-      echo "$mysql_password" | sudo tee /etc/yunohost/mysql
-      sudo chmod 400 /etc/yunohost/mysql
-  fi
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service mysql restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/37-avahi-daemon
+++ b/data/hooks/conf_regen/37-avahi-daemon
@ -1,37 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/avahi-daemon
-
-  install -D -m 644 avahi-daemon.conf \
-    "${pending_dir}/etc/avahi/avahi-daemon.conf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service avahi-daemon restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/40-glances
+++ b/data/hooks/conf_regen/40-glances
@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/glances
-
-  install -D -m 644 glances.default "${pending_dir}/etc/default/glances"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service glances restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/43-dnsmasq
+++ b/data/hooks/conf_regen/43-dnsmasq
@ -1,66 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  # source ip helpers
-  . /usr/share/yunohost/helpers.d/ip
-
-  cd /usr/share/yunohost/templates/dnsmasq
-
-  # create directory for pending conf
-  dnsmasq_dir="${pending_dir}/etc/dnsmasq.d"
-  mkdir -p "$dnsmasq_dir"
-
-  # retrieve variables
-  ipv4=$(curl -s -4 https://ip.yunohost.org 2>/dev/null || true)
-  ynh_validate_ip4 "$ipv4" || ipv4='127.0.0.1'
-  ipv6=$(curl -s -6 http://ip6.yunohost.org 2>/dev/null || true)
-  ynh_validate_ip6 "$ipv6" || ipv6=''
-  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
-
-  # add domain conf files
-  for domain in $domain_list; do
-    cat domain.tpl \
-      | sed "s/{{ domain }}/${domain}/g" \
-      | sed "s/{{ ip }}/${ipv4}/g" \
-      > "${dnsmasq_dir}/${domain}"
-    [[ -n $ipv6 ]] \
-      && echo "address=/${domain}/${ipv6}" >> "${dnsmasq_dir}/${domain}"
-  done
-
-  # remove old domain conf files
-  conf_files=$(ls -1 /etc/dnsmasq.d \
-                 | awk '/^[^\.]+\.[^\.]+.*$/ { print $1 }')
-  for domain in $conf_files; do
-    [[ $domain_list =~ $domain ]] \
-      || touch "${dnsmasq_dir}/${domain}"
-  done
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service dnsmasq restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/46-nsswitch
+++ b/data/hooks/conf_regen/46-nsswitch
@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/nsswitch
-
-  install -D -m 644 nsswitch.conf "${pending_dir}/etc/nsswitch.conf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service nscd restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/conf_regen/52-fail2ban
+++ b/data/hooks/conf_regen/52-fail2ban
@ -1,40 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/fail2ban
-
-  fail2ban_dir="${pending_dir}/etc/fail2ban"
-  mkdir -p "${fail2ban_dir}/filter.d"
-
-  cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf"
-  cp jail.conf "${fail2ban_dir}/jail.conf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || sudo service fail2ban restart
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0
--- a/data/hooks/post_backup_create/99-umount
+++ b/data/hooks/post_backup_create/99-umount
@ -1,13 +0,0 @@
-
-tmp_dir=$1
-retcode=$2
-
-FAILURE=0
-
-# Iterate over inverted ordered mountpoints to prevent issues
-for m in $(mount | grep " ${tmp_dir}" | awk '{ print $3 }' | tac); do
-    sudo umount $m
-    [[ $? != 0 ]] && FAILURE=1
-done
-
-exit $FAILURE
--- a/data/hooks/restore/05-conf_ldap
+++ b/data/hooks/restore/05-conf_ldap
@ -1,58 +0,0 @@
-backup_dir="${1}/conf/ldap"
-
-if [[ $EUID -ne 0 ]]; then
-
-    # We need to execute this script as root, since the ldap
-    # service will be shut down during the operation (and sudo
-    # won't be available)
-    sudo /bin/bash $(readlink -f $0) $1
-
-else
-
-    service slapd stop || true
-
-    # Create a directory for backup
-    TMPDIR="/tmp/$(date +%s)"
-    mkdir -p "$TMPDIR"
-
-    die() {
-        state=$1
-        error=$2
-
-        # Restore saved configuration and database
-        [[ $state -ge 1 ]] \
-          && (rm -rf /etc/ldap/slapd.d &&
-              mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
-        [[ $state -ge 2 ]] \
-          && (rm -rf /var/lib/ldap &&
-              mv "${TMPDIR}/ldap" /var/lib/ldap)
-        chown -R openldap: /etc/ldap/slapd.d /var/lib/ldap
-
-        service slapd start
-        rm -rf "$TMPDIR"
-
-        # Print an error message and exit
-        printf "%s" "$error" 1>&2
-        exit 1
-    }
-
-    # Restore the configuration
-    mv /etc/ldap/slapd.d "$TMPDIR"
-    mkdir -p /etc/ldap/slapd.d
-    cp -a "${backup_dir}/slapd.conf" /etc/ldap/slapd.conf
-    slapadd -F /etc/ldap/slapd.d -b cn=config \
-        -l "${backup_dir}/cn=config.master.ldif" \
-      || die 1 "Unable to restore LDAP configuration"
-    chown -R openldap: /etc/ldap/slapd.d
-
-    # Restore the database
-    mv /var/lib/ldap "$TMPDIR"
-    mkdir -p /var/lib/ldap
-    slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
-        -l "${backup_dir}/dc=yunohost-dc=org.ldif" \
-      || die 2 "Unable to restore LDAP database"
-    chown -R openldap: /var/lib/ldap
-
-    service slapd start
-    rm -rf "$TMPDIR"
-fi
--- a/data/hooks/restore/08-conf_ssh
+++ b/data/hooks/restore/08-conf_ssh
@ -1,9 +0,0 @@
-backup_dir="$1/conf/ssh"
-
-if [ -d /etc/ssh/ ]; then
-    sudo cp -a $backup_dir/. /etc/ssh
-    sudo service ssh restart
-else
-    echo "SSH is not installed"
-fi
-
--- a/data/hooks/restore/11-conf_ynh_mysql
+++ b/data/hooks/restore/11-conf_ynh_mysql
@ -1,42 +0,0 @@
-backup_dir="$1/conf/ynh/mysql"
-
-# ensure that mysql is running
-service mysql status >/dev/null 2>&1 \
-  || service mysql start
-
-# retrieve current and new password
-[ -f /etc/yunohost/mysql ] \
-  && curr_pwd=$(sudo cat /etc/yunohost/mysql) \
-  || curr_pwd="yunohost"
-new_pwd=$(sudo cat "${backup_dir}/root_pwd" || sudo cat "${backup_dir}/mysql")
-
-# attempt to change it
-sudo mysqladmin -s -u root -p"$curr_pwd" password "$new_pwd" || {
-  . /usr/share/yunohost/helpers.d/package
-
-  echo "It seems that you have already configured MySQL." \
-    "YunoHost needs to have a root access to MySQL to runs its" \
-    "applications, and is going to reset the MySQL root password." \
-    "You can find this new password in /etc/yunohost/mysql." >&2
-
-  # retrieve MySQL package provider
-  ynh_package_is_installed "mariadb-server-10.0" \
-    && mysql_pkg="mariadb-server-10.0" \
-    || mysql_pkg="mysql-server-5.5"
-
-  # set new password with debconf
-  sudo debconf-set-selections << EOF
-$mysql_pkg mysql-server/root_password password $new_pwd
-$mysql_pkg mysql-server/root_password_again password $new_pwd
-EOF
-
-  # reconfigure Debian package
-  sudo dpkg-reconfigure -freadline -u "$mysql_pkg" 2>&1
-}
-
-# store new root password
-echo "$new_pwd" | sudo tee /etc/yunohost/mysql
-sudo chmod 400 /etc/yunohost/mysql
-
-# reload the grant tables
-sudo mysqladmin -s -u root -p"$new_pwd" reload
--- a/data/hooks/restore/14-conf_ssowat
+++ b/data/hooks/restore/14-conf_ssowat
@ -1,3 +0,0 @@
-backup_dir="$1/conf/ssowat"
-
-sudo cp -a $backup_dir/. /etc/ssowat
--- a/data/hooks/restore/17-data_home
+++ b/data/hooks/restore/17-data_home
@ -1,3 +0,0 @@
-backup_dir="$1/data/home"
-
-sudo cp -a $backup_dir/. /home
--- a/data/hooks/restore/20-conf_ynh_firewall
+++ b/data/hooks/restore/20-conf_ynh_firewall
@ -1,4 +0,0 @@
-backup_dir="$1/conf/ynh/firewall"
-
-sudo cp -a $backup_dir/. /etc/yunohost
-sudo yunohost firewall reload
--- a/data/hooks/restore/21-conf_ynh_certs
+++ b/data/hooks/restore/21-conf_ynh_certs
@ -1,8 +0,0 @@
-backup_dir="$1/conf/ynh/certs"
-
-sudo mkdir -p /etc/yunohost/certs/
-
-sudo cp -a $backup_dir/. /etc/yunohost/certs/
-sudo yunohost app ssowatconf
-sudo service nginx reload
-sudo service metronome reload
--- a/data/hooks/restore/23-data_mail
+++ b/data/hooks/restore/23-data_mail
@ -1,7 +0,0 @@
-backup_dir="$1/data/mail"
-
-sudo cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
-
-# Restart services to use migrated certs
-sudo service postfix restart
-sudo service dovecot restart
--- a/data/hooks/restore/26-conf_xmpp
+++ b/data/hooks/restore/26-conf_xmpp
@ -1,7 +0,0 @@
-backup_dir="$1/conf/xmpp"
-
-sudo cp -a $backup_dir/etc/. /etc/metronome
-sudo cp -a $backup_dir/var/. /var/lib/metronome
-
-# Restart to apply new conf and certs
-sudo service metronome restart
--- a/data/hooks/restore/29-conf_nginx
+++ b/data/hooks/restore/29-conf_nginx
@ -1,7 +0,0 @@
-backup_dir="$1/conf/nginx"
-
-# Copy all conf except apps specific conf located in DOMAIN.d
-sudo find $backup_dir/ -mindepth 1 -maxdepth 1 -name '*.d' -or -exec sudo cp -a {} /etc/nginx/conf.d/ \;
-
-# Restart to use new conf and certs
-sudo service nginx restart
--- a/data/hooks/restore/32-conf_cron
+++ b/data/hooks/restore/32-conf_cron
@ -1,6 +0,0 @@
-backup_dir="$1/conf/cron"
-
-sudo cp -a $backup_dir/. /etc/cron.d
-
-# Restart just in case
-sudo service cron restart
--- a/data/hooks/restore/40-conf_ynh_currenthost
+++ b/data/hooks/restore/40-conf_ynh_currenthost
@ -1,3 +0,0 @@
-backup_dir="$1/conf/ynh"
-
-sudo cp -a "${backup_dir}/current_host" /etc/yunohost/current_host
--- a/data/other/ldap_scheme.yml
+++ b/data/other/ldap_scheme.yml
@ -1,56 +0,0 @@
-parents:
-    ou=users:
-        ou: users
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=domains:
-        ou: domains
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=apps:
-        ou: apps
-        objectClass:
-            - organizationalUnit
-            - top
-
-    ou=groups:
-        ou: groups
-        objectClass:
-            - organizationalUnit
-            - top
-    ou=sudo:
-        ou: sudo
-        objectClass:
-            - organizationalUnit
-            - top
-
-children:
-    cn=admins,ou=groups:
-        cn: admins
-        gidNumber: "4001"
-        memberUid: admin
-        objectClass:
-            - posixGroup
-            - top
-
-    cn=sftpusers,ou=groups:
-        cn: sftpusers
-        gidNumber: "4002"
-        memberUid: admin
-        objectClass:
-            - posixGroup
-            - top
-
-    cn=admin,ou=sudo:
-        cn: admin
-        sudoUser: admin
-        sudoHost: ALL
-        sudoCommand: ALL
-        sudoOption: "!authenticate"
-        objectClass:
-            - sudoRole
-            - top
--- a/data/templates/avahi-daemon/avahi-daemon.conf
+++ b/data/templates/avahi-daemon/avahi-daemon.conf
@ -1,68 +0,0 @@
-# This file is part of avahi.
-#
-# avahi is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2 of the
-# License, or (at your option) any later version.
-#
-# avahi is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
-# License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with avahi; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA.
-
-# See avahi-daemon.conf(5) for more information on this configuration
-# file!
-
-[server]
-host-name=yunohost
-domain-name=local
-#browse-domains=0pointer.de, zeroconf.org
-use-ipv4=yes
-use-ipv6=yes
-#allow-interfaces=eth0
-#deny-interfaces=eth1
-#check-response-ttl=no
-#use-iff-running=no
-#enable-dbus=yes
-#disallow-other-stacks=no
-#allow-point-to-point=no
-#cache-entries-max=4096
-#clients-max=4096
-#objects-per-client-max=1024
-#entries-per-entry-group-max=32
-ratelimit-interval-usec=1000000
-ratelimit-burst=1000
-
-[wide-area]
-enable-wide-area=yes
-
-[publish]
-#disable-publishing=no
-#disable-user-service-publishing=no
-#add-service-cookie=no
-#publish-addresses=yes
-#publish-hinfo=yes
-#publish-workstation=yes
-#publish-domain=yes
-#publish-dns-servers=192.168.50.1, 192.168.50.2
-#publish-resolv-conf-dns-servers=yes
-#publish-aaaa-on-ipv4=yes
-#publish-a-on-ipv6=no
-
-[reflector]
-#enable-reflector=no
-#reflect-ipv=no
-
-[rlimits]
-#rlimit-as=
-rlimit-core=0
-rlimit-data=4194304
-rlimit-fsize=0
-rlimit-nofile=768
-rlimit-stack=4194304
-rlimit-nproc=3
--- a/data/templates/dnsmasq/domain.tpl
+++ b/data/templates/dnsmasq/domain.tpl
@ -1,7 +0,0 @@
-resolv-file=
-address=/{{ domain }}/{{ ip }}
-txt-record={{ domain }},"v=spf1 mx a -all"
-mx-host={{ domain }},{{ domain }},5
-srv-host=_xmpp-client._tcp.{{ domain }},{{ domain }},5222,0,5
-srv-host=_xmpp-server._tcp.{{ domain }},{{ domain }},5269,0,5
-srv-host=_jabber._tcp.{{ domain }},{{ domain }},5269,0,5
--- a/data/templates/dovecot/dovecot-ldap.conf
+++ b/data/templates/dovecot/dovecot-ldap.conf
@ -1,9 +0,0 @@
-hosts = 127.0.0.1
-auth_bind = yes
-ldap_version = 3
-base = ou=users,dc=yunohost,dc=org
-user_attrs = uidNumber=500,gidNumber=8,mailuserquota=quota_rule=*:bytes=%$
-user_filter = (&(objectClass=inetOrgPerson)(uid=%n))
-pass_filter = (&(objectClass=inetOrgPerson)(uid=%n))
-default_pass_scheme = SSHA
-
--- a/data/templates/dovecot/dovecot.conf
+++ b/data/templates/dovecot/dovecot.conf
@ -1,91 +0,0 @@
-# 2.1.7: /etc/dovecot/dovecot.conf
-# OS: Linux 3.2.0-3-686-pae i686 Debian wheezy/sid ext4
-listen = *, ::
-auth_mechanisms = plain login
-login_greeting = Dovecot ready!!
-mail_gid = 8
-mail_home = /var/mail/%n
-mail_location = maildir:/var/mail/%n
-mail_uid = 500
-passdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-protocols = imap sieve
-mail_plugins = $mail_plugins quota
-service auth {
-  unix_listener /var/spool/postfix/private/auth {
-    group = postfix
-    mode = 0660
-    user = postfix
-  }
-  unix_listener auth-master {
-    group = mail
-    mode = 0660
-    user = vmail
-  }
-}
-
-protocol sieve {
-}
-
-ssl_ca = </etc/yunohost/certs/{{ main_domain }}/ca.pem
-ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
-ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
-ssl_protocols = !SSLv2 !SSLv3
-
-userdb {
-  args = /etc/dovecot/dovecot-ldap.conf
-  driver = ldap
-}
-protocol imap {
-  imap_client_workarounds =
-  mail_plugins = $mail_plugins imap_quota antispam
-}
-protocol lda {
-  auth_socket_path = /var/run/dovecot/auth-master
-  mail_plugins = quota sieve
-  postmaster_address = postmaster@{{ main_domain }}
-}
-
-plugin {
-  sieve = /var/mail/sievescript/%n/.dovecot.sieve
-  sieve_dir = /var/mail/sievescript/%n/scripts/
-  sieve_before = /etc/dovecot/global_script/
-}
-
-plugin {
-  antispam_debug_target = syslog
-  antispam_verbose_debug = 0
-  antispam_backend = pipe
-  antispam_spam = Junk;SPAM
-  antispam_trash = Trash
-  antispam_pipe_program = /usr/bin/rspamc
-  antispam_pipe_program_args = -h;localhost:11334;-P;q1
-  antispam_pipe_program_spam_arg = learn_spam
-  antispam_pipe_program_notspam_arg = learn_ham
-}
-
-plugin {
-  autosubscribe = Trash
-  autosubscribe2 = Junk
-}
-
-plugin {
-  quota = maildir:User quota
-  quota_rule2 = SPAM:ignore
-  quota_rule3 = Trash:ignore
-}
-
-plugin {
-  quota_warning = storage=95%% quota-warning 95 %u
-  quota_warning2 = storage=80%% quota-warning 80 %u
-  quota_warning3 = -storage=100%% quota-warning below %u # user is no longer over quota
-}
-
-service quota-warning {
-  executable = script /usr/bin/quota-warning.sh
-  user = vmail
-  unix_listener quota-warning {
-  }
-}
--- a/data/templates/dovecot/dovecot.sieve
+++ b/data/templates/dovecot/dovecot.sieve
@ -1,4 +0,0 @@
-require "fileinto"; 
-    if header :contains "X-Spam-Flag" "YES" { 
-        fileinto "Junk"; 
-    }
--- a/data/templates/fail2ban/jail.conf
+++ b/data/templates/fail2ban/jail.conf
@ -1,584 +0,0 @@
-# Fail2Ban configuration file.
-#
-# This file was composed for Debian systems from the original one
-# provided now under /usr/share/doc/fail2ban/examples/jail.conf
-# for additional examples.
-#
-# Comments: use '#' for comment lines and ';' for inline comments
-#
-# To avoid merges during upgrades DO NOT MODIFY THIS FILE
-# and rather provide your changes in /etc/fail2ban/jail.local
-#
-
-# The DEFAULT allows a global definition of the options. They can be overridden
-# in each jail afterwards.
-
-[DEFAULT]
-
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
-# ban a host which matches an address in this list. Several addresses can be
-# defined using space separator.
-ignoreip = 127.0.0.1/8
-
-# External command that will take an tagged arguments to ignore, e.g. <ip>,
-# and return true if the IP is to be ignored. False otherwise.
-#
-# ignorecommand = /path/to/command <ip>
-ignorecommand =
-
-# "bantime" is the number of seconds that a host is banned.
-bantime  = 600
-
-# A host is banned if it has generated "maxretry" during the last "findtime"
-# seconds.
-findtime = 600
-maxretry = 3
-
-# "backend" specifies the backend used to get files modification.
-# Available options are "pyinotify", "gamin", "polling" and "auto".
-# This option can be overridden in each jail as well.
-#
-# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
-#            If pyinotify is not installed, Fail2ban will use auto.
-# gamin:     requires Gamin (a file alteration monitor) to be installed.
-#            If Gamin is not installed, Fail2ban will use auto.
-# polling:   uses a polling algorithm which does not require external libraries.
-# auto:      will try to use the following backends, in order:
-#            pyinotify, gamin, polling.
-backend = auto
-
-# "usedns" specifies if jails should trust hostnames in logs,
-#   warn when reverse DNS lookups are performed, or ignore all hostnames in logs
-#
-# yes:   if a hostname is encountered, a reverse DNS lookup will be performed.
-# warn:  if a hostname is encountered, a reverse DNS lookup will be performed,
-#        but it will be logged as a warning.
-# no:    if a hostname is encountered, will not be used for banning,
-#        but it will be logged as info.
-usedns = warn
-
-#
-# Destination email address used solely for the interpolations in
-# jail.{conf,local} configuration files.
-destemail = root@localhost
-
-#
-# Name of the sender for mta actions
-sendername = Fail2Ban
-
-# Email address of the sender
-sender = fail2ban@localhost
-
-#
-# ACTIONS
-#
-
-# Default banning action (e.g. iptables, iptables-new,
-# iptables-multiport, shorewall, etc) It is used to define
-# action_* variables. Can be overridden globally or per
-# section within jail.local file
-banaction = iptables-multiport
-
-# email action. Since 0.8.1 upstream fail2ban uses sendmail
-# MTA for the mailing. Change mta configuration parameter to mail
-# if you want to revert to conventional 'mail'.
-mta = sendmail
-
-# Default protocol
-protocol = tcp
-
-# Specify chain where jumps would need to be added in iptables-* actions
-chain = INPUT
-
-#
-# Action shortcuts. To be used to define action parameter
-
-# The simplest action to take: ban only
-action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-
-# ban & send an e-mail with whois report to the destemail.
-action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
-
-# ban & send an e-mail with whois report and relevant log lines
-# to the destemail.
-action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
-
-# Choose default action.  To change, just override value of 'action' with the
-# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
-# globally (section [DEFAULT]) or per specific section
-action = %(action_)s
-
-#
-# JAILS
-#
-
-# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
-# was shipped in Debian. Enable any defined here jail by including
-#
-# [SECTION_NAME]
-# enabled = true
-
-#
-# in /etc/fail2ban/jail.local.
-#
-# Optionally you may override any other parameter (e.g. banaction,
-# action, port, logpath, etc) in that section within jail.local
-
-[ssh]
-
-enabled  = true
-port     = ssh
-filter   = sshd
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[dropbear]
-
-enabled  = false
-port     = ssh
-filter   = dropbear
-logpath  = /var/log/auth.log
-maxretry = 6
-
-# Generic filter for pam. Has to be used with action which bans all ports
-# such as iptables-allports, shorewall
-[pam-generic]
-
-enabled  = true
-# pam-generic filter can be customized to monitor specific subset of 'tty's
-filter   = pam-generic
-# port actually must be irrelevant but lets leave it all for some possible uses
-port     = all
-banaction = iptables-allports
-port     = anyport
-logpath  = /var/log/auth.log
-maxretry = 6
-
-[xinetd-fail]
-
-enabled   = false
-filter    = xinetd-fail
-port      = all
-banaction = iptables-multiport-log
-logpath   = /var/log/daemon.log
-maxretry  = 2
-
-
-[ssh-ddos]
-
-enabled  = false
-port     = ssh
-filter   = sshd-ddos
-logpath  = /var/log/auth.log
-maxretry = 6
-
-
-# Here we use blackhole routes for not requiring any additional kernel support
-# to store large volumes of banned IPs
-
-[ssh-route]
-
-enabled = false
-filter = sshd
-action = route
-logpath = /var/log/sshd.log
-maxretry = 6
-
-# Here we use a combination of Netfilter/Iptables and IPsets
-# for storing large volumes of banned IPs
-#
-# IPset comes in two versions. See ipset -V for which one to use
-# requires the ipset package and kernel support.
-[ssh-iptables-ipset4]
-
-enabled  = false
-port     = ssh
-filter   = sshd
-banaction = iptables-ipset-proto4
-logpath  = /var/log/sshd.log
-maxretry = 6
-
-[ssh-iptables-ipset6]
-
-enabled  = false
-port     = ssh
-filter   = sshd
-banaction = iptables-ipset-proto6
-logpath  = /var/log/sshd.log
-maxretry = 6
-
-
-#
-# HTTP servers
-#
-
-[apache]
-
-enabled  = false
-port     = http,https
-filter   = apache-auth
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-# default action is now multiport, so apache-multiport jail was left
-# for compatibility with previous (<0.7.6-2) releases
-[apache-multiport]
-
-enabled   = false
-port      = http,https
-filter    = apache-auth
-logpath   = /var/log/apache*/*error.log
-maxretry  = 6
-
-[apache-noscript]
-
-enabled  = false
-port     = http,https
-filter   = apache-noscript
-logpath  = /var/log/apache*/*error.log
-maxretry = 6
-
-[apache-overflows]
-
-enabled  = false
-port     = http,https
-filter   = apache-overflows
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-[apache-modsecurity]
-
-enabled  = false
-filter   = apache-modsecurity
-port     = http,https
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-[apache-nohome]
-
-enabled  = false
-filter   = apache-nohome
-port     = http,https
-logpath  = /var/log/apache*/*error.log
-maxretry = 2
-
-# Ban attackers that try to use PHP's URL-fopen() functionality
-# through GET/POST variables. - Experimental, with more than a year
-# of usage in production environments.
-
-[php-url-fopen]
-
-enabled = false
-port    = http,https
-filter  = php-url-fopen
-logpath = /var/www/*/logs/access_log
-
-# A simple PHP-fastcgi jail which works with lighttpd.
-# If you run a lighttpd server, then you probably will
-# find these kinds of messages in your error_log:
-#   ALERT – tried to register forbidden variable ‘GLOBALS’
-#   through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
-
-[lighttpd-fastcgi]
-
-enabled = false
-port    = http,https
-filter  = lighttpd-fastcgi
-logpath = /var/log/lighttpd/error.log
-
-# Same as above for mod_auth
-# It catches wrong authentifications
-
-[lighttpd-auth]
-
-enabled = false
-port    = http,https
-filter  = suhosin
-logpath = /var/log/lighttpd/error.log
-
-[nginx-http-auth]
-
-enabled = false
-filter  = nginx-http-auth
-port    = http,https
-logpath = /var/log/nginx/error.log
-
-# Monitor roundcube server
-
-[roundcube-auth]
-
-enabled  = false
-filter   = roundcube-auth
-port     = http,https
-logpath  = /var/log/roundcube/userlogins
-
-
-[sogo-auth]
-
-enabled  = false
-filter   = sogo-auth
-port     = http, https
-# without proxy this would be:
-# port    = 20000
-logpath  = /var/log/sogo/sogo.log
-
-
-#
-# FTP servers
-#
-
-[vsftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = vsftpd
-logpath  = /var/log/vsftpd.log
-# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
-# if you want to rely on PAM failed login attempts
-# vsftpd's failregex should match both of those formats
-maxretry = 6
-
-
-[proftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = proftpd
-logpath  = /var/log/proftpd/proftpd.log
-maxretry = 6
-
-
-[pure-ftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = pure-ftpd
-logpath  = /var/log/syslog
-maxretry = 6
-
-
-[wuftpd]
-
-enabled  = false
-port     = ftp,ftp-data,ftps,ftps-data
-filter   = wuftpd
-logpath  = /var/log/syslog
-maxretry = 6
-
-
-#
-# Mail servers
-#
-
-[postfix]
-
-enabled  = true
-port     = smtp,ssmtp,submission
-filter   = postfix
-logpath  = /var/log/mail.log
-
-
-[couriersmtp]
-
-enabled  = false
-port     = smtp,ssmtp,submission
-filter   = couriersmtp
-logpath  = /var/log/mail.log
-
-
-#
-# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
-# all relevant ports get banned
-#
-
-[courierauth]
-
-enabled  = false
-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter   = courierlogin
-logpath  = /var/log/mail.log
-
-
-[sasl]
-
-enabled  = true
-port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter   = postfix-sasl
-# You might consider monitoring /var/log/mail.warn instead if you are
-# running postfix since it would provide the same log lines at the
-# "warn" level but overall at the smaller filesize.
-logpath  = /var/log/mail.log
-
-[dovecot]
-
-enabled = true
-port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter  = dovecot
-logpath = /var/log/mail.log
-
-# To log wrong MySQL access attempts add to /etc/my.cnf:
-# log-error=/var/log/mysqld.log
-# log-warning = 2
-[mysqld-auth]
-
-enabled  = false
-filter   = mysqld-auth
-port     = 3306
-logpath  = /var/log/mysqld.log
-
-
-# DNS Servers
-
-
-# These jails block attacks against named (bind9). By default, logging is off
-# with bind9 installation. You will need something like this:
-#
-# logging {
-#     channel security_file {
-#         file "/var/log/named/security.log" versions 3 size 30m;
-#         severity dynamic;
-#         print-time yes;
-#     };
-#     category security {
-#         security_file;
-#     };
-# };
-#
-# in your named.conf to provide proper logging
-
-# !!! WARNING !!!
-#   Since UDP is connection-less protocol, spoofing of IP and imitation
-#   of illegal actions is way too simple.  Thus enabling of this filter
-#   might provide an easy way for implementing a DoS against a chosen
-#   victim. See
-#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
-#   Please DO NOT USE this jail unless you know what you are doing.
-#[named-refused-udp]
-#
-#enabled  = false
-#port     = domain,953
-#protocol = udp
-#filter   = named-refused
-#logpath  = /var/log/named/security.log
-
-[named-refused-tcp]
-
-enabled  = false
-port     = domain,953
-protocol = tcp
-filter   = named-refused
-logpath  = /var/log/named/security.log
-
-[freeswitch]
-
-enabled  = false
-filter   = freeswitch
-logpath  = /var/log/freeswitch.log
-maxretry = 10
-action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
-           iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
-
-[ejabberd-auth]
-
-enabled  = false
-filter   = ejabberd-auth
-port     = xmpp-client
-protocol = tcp
-logpath  = /var/log/ejabberd/ejabberd.log
-
-
-# Multiple jails, 1 per protocol, are necessary ATM:
-# see https://github.com/fail2ban/fail2ban/issues/37
-[asterisk-tcp]
-
-enabled  = false
-filter   = asterisk
-port     = 5060,5061
-protocol = tcp
-logpath  = /var/log/asterisk/messages
-
-[asterisk-udp]
-
-enabled  = false
-filter	 = asterisk
-port     = 5060,5061
-protocol = udp
-logpath  = /var/log/asterisk/messages
-
-
-# Jail for more extended banning of persistent abusers
-# !!! WARNING !!!
-#   Make sure that your loglevel specified in fail2ban.conf/.local
-#   is not at DEBUG level -- which might then cause fail2ban to fall into
-#   an infinite loop constantly feeding itself with non-informative lines
-[recidive]
-
-enabled  = false
-filter   = recidive
-logpath  = /var/log/fail2ban.log
-action   = iptables-allports[name=recidive]
-           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
-bantime  = 604800  ; 1 week
-findtime = 86400   ; 1 day
-maxretry = 5
-
-# See the IMPORTANT note in action.d/blocklist_de.conf for when to
-# use this action
-#
-# Report block via blocklist.de fail2ban reporting service API
-# See action.d/blocklist_de.conf for more information
-[ssh-blocklist]
-
-enabled  = false
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           sendmail-whois[name=SSH, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
-           blocklist_de[email="%(sender)s", apikey="xxxxxx", service="%(filter)s"]
-logpath  = /var/log/sshd.log
-maxretry = 20
-
-
-# consider low maxretry and a long bantime
-# nobody except your own Nagios server should ever probe nrpe
-[nagios]
-enabled  = false
-filter   = nagios
-action   = iptables[name=Nagios, port=5666, protocol=tcp]
-           sendmail-whois[name=Nagios, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
-logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
-maxretry = 1
-
-[nginx]
-
-enabled = true
-port    = http,https
-filter  = apache-auth
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
-
-[nginx-noscript]
-
-enabled = false
-port    = http,https
-filter  = apache-noscript
-logpath = /var/log/nginx*/*error.log
-maxretry = 6
-
-[nginx-overflows]
-
-enabled = false
-port    = http,https
-filter  = apache-overflows
-logpath = /var/log/nginx*/*error.log
-maxretry = 4
-
-[yunohost]
-
-enabled  = true
-port     = http,https
-protocol = tcp
-filter   = yunohost
-logpath  = /var/log/nginx/*.log
--- a/data/templates/fail2ban/yunohost.conf
+++ b/data/templates/fail2ban/yunohost.conf
@ -1,24 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Adrien Beudin
-#
-# $Revision: 2 $
-#
-
-[Definition]
-
-# Option:  failregex
-# Notes.:  regex to match the password failure messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = access.lua:[1-9]+: authenticate\(\): Connection failed for: .*, client: <HOST>
-            ^<HOST> -.*\"POST /yunohost/api/login HTTP/1.1\" 401 22
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex =
--- a/data/templates/glances/glances.default
+++ b/data/templates/glances/glances.default
@ -1,5 +0,0 @@
-# Default is to launch glances with '-s' option.
-DAEMON_ARGS="-s -B 127.0.0.1"
-
-# Change to 'true' to have glances running at startup
-RUN="true"
--- a/data/templates/metronome/domain.tpl.cfg.lua
+++ b/data/templates/metronome/domain.tpl.cfg.lua
@ -1,15 +0,0 @@
-VirtualHost "{{ domain }}"
-  ssl = {
-        key = "/etc/yunohost/certs/{{ domain }}/key.pem";
-        certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem";
-  }
-  authentication = "ldap2"
-  ldap = {
-     hostname      = "localhost",
-     user = {
-       basedn        = "ou=users,dc=yunohost,dc=org",
-       filter        = "(&(objectClass=posixAccount)(mail=*@{{ domain }}))",
-       usernamefield = "mail",
-       namefield     = "cn",
-       },
-  }
--- a/data/templates/metronome/metronome.cfg.lua
+++ b/data/templates/metronome/metronome.cfg.lua
@ -1,193 +0,0 @@
-- ** Metronome's config file example **
-- 
-- The format is exactly equal to Prosody's:
--
-- Lists are written { "like", "this", "one" } 
-- Lists can also be of { 1, 2, 3 } numbers, etc. 
-- Either commas, or semi-colons; may be used as seperators.
--
-- A table is a list of values, except each value has a name. An 
-- example would be:
--
-- ssl = { key = "keyfile.key", certificate = "certificate.crt" }
--
-- Tip: You can check that the syntax of this file is correct when you have finished
-- by running: luac -p metronome.cfg.lua
-- If there are any errors, it will let you know what and where they are, otherwise it 
-- will keep quiet.
-
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-
-- Server PID
-pidfile = "/var/run/metronome/metronome.pid"
-
-- HTTP server
-http_ports = { 5290 }
-http_interfaces = { "127.0.0.1", "::1" }
-
--https_ports = { 5291 }
--https_interfaces = { "127.0.0.1", "::1" }
-
-- Enable IPv6
-use_ipv6 = true
-
-- This is the list of modules Metronome will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-modules_enabled = {
-
-    -- Generally required
-        "roster"; -- Allow users to have a roster. Recommended ;)
-        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
-        "tls"; -- Add support for secure TLS on c2s/s2s connections
-        "dialback"; -- s2s dialback support
-        "disco"; -- Service discovery
-        --"discoitems"; -- Service discovery items
-        --"extdisco"; -- External Service Discovery
-
-    -- Not essential, but recommended
-        "private"; -- Private XML storage (for room bookmarks, etc.)
-        "vcard"; -- Allow users to set vCards
-        "privacy"; -- Support privacy lists
-
-    -- These are commented by default as they have a performance impact
-        --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
-
-    -- Nice to have
-        "version"; -- Replies to server version requests
-        "uptime"; -- Report how long server has been running
-        "time"; -- Let others know the time here on this server
-        "ping"; -- Replies to XMPP pings with pongs
-        "pep"; -- Enables users to publish their mood, activity, playing music and more
-        "message_carbons"; -- Allow clients to keep in sync with messages send on other resources
-        "register"; -- Allow users to register on this server using a client and change passwords
-        "adhoc"; -- Support for "ad-hoc commands" that can be executed with an XMPP client
-
-    -- Admin interfaces
-        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-        "admin_telnet"; -- Opens telnet console interface on localhost port 5582
-
-    -- HTTP modules
-        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-        --"websockets"; -- Enable WebSocket clients
-        --"http_files"; -- Serve static files from a directory over HTTP
-
-    -- Other specific functionality
--        "bidi"; -- Bidirectional Streams for S2S connections
--        "stream_management"; -- Stream Management support
-        --"groups"; -- Shared roster support
-        --"announce"; -- Send announcement to all online users
-        --"welcome"; -- Welcome users who register accounts
-        --"watchregistrations"; -- Alert admins of registrations
-        --"motd"; -- Send a message to users when they log in
-        "mam"; -- Nice archive management
-        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-        "offline"; -- Store offline messages
-        "c2s"; -- Handle client connections
-        "s2s"; -- Handle server-to-server connections
-
-    -- Debian: do not remove this module, or you lose syslog
-    -- support
-        "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-};
-
-- Discovery items
-disco_items = {
-    { "muc.{{ main_domain }}" },
-    { "pubsub.{{ main_domain }}" },
-    { "vjud.{{ main_domain }}" }
-};
-
-- BOSH configuration (mod_bosh)
-bosh_max_inactivity = 30
-consider_bosh_secure = true
-cross_domain_bosh = true
-
-- Disable account creation by default, for security
-allow_registration = false
-
-- SSL/TLS configuration
-ssl = {
-    options = {
-        "no_sslv2",
-        "no_sslv3",
-        "no_ticket",
-        "no_compression",
-        "cipher_server_preference"
-    };
-}
-
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
-c2s_require_encryption = true
-
-- Force servers to use encrypted connections? This option will
-- prevent servers from connecting unless they are using encryption.
-s2s_require_encryption = true
-
-- Allow servers to use an unauthenticated encryption channel
-s2s_allow_encryption = true
-
-allow_unencrypted_plain_auth = false;
-
-s2s_secure = true
-s2s_secure_auth = false
-
--anonymous_login = false
-
-- Use LDAP storage backend for all stores
-storage = "ldap"
-
-- Logging configuration
-log = {
-    info = "/var/log/metronome/metronome.log"; -- Change 'info' to 'debug' for verbose logging
-    error = "/var/log/metronome/metronome.err";
-    -- "*syslog"; -- Uncomment this for logging to syslog
-    -- "*console"; -- Log to the console, useful for debugging with daemonize=false
-}
-
-
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-
---Set up a local BOSH service
-Component "localhost" "http"
-    modules_enabled = { "bosh" }
-
---Set up a MUC (multi-user chat) room server
-Component "muc.{{ main_domain }}" "muc"
-    name = "{{ main_domain }} Chatrooms"
-
-    modules_enabled = {
-        "muc_limits";
-        "muc_log";
-        "muc_log_http";
-    }
-
-    muc_event_rate = 0.5
-    muc_burst_factor = 10
-
-    muc_log_http_config = {
-        url_base = "logs";
-        theme = "metronome";
-    }
-
---Set up a PubSub server
-Component "pubsub.{{ main_domain }}" "pubsub"
-    name = "{{ main_domain }} Publish/Subscribe"
-
-    unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
-
---Set up a VJUD service
-Component "vjud.{{ main_domain }}" "vjud"
-    ud_disco_name = "{{ main_domain }} User Directory"
-
-
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
-
-Include "conf.d/*.cfg.lua"
-
--- a/data/templates/mysql/my.cnf
+++ b/data/templates/mysql/my.cnf
@ -1,92 +0,0 @@
-# Example MySQL config file for small systems.
-#
-# This is for a system with little memory (<= 64M) where MySQL is only used
-# from time to time and it's important that the mysqld daemon
-# doesn't use much resources.
-#
-# MySQL programs look for option files in a set of
-# locations which depend on the deployment platform.
-# You can copy this option file to one of those
-# locations. For information about these locations, see:
-# http://dev.mysql.com/doc/mysql/en/option-files.html
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password       = your_password
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-skip-external-locking
-key_buffer_size = 16K
-max_allowed_packet = 1M
-table_open_cache = 4
-sort_buffer_size = 64K
-read_buffer_size = 256K
-read_rnd_buffer_size = 256K
-net_buffer_length = 2K
-thread_stack = 128K
-
-# to avoid corruption on powerfailure
-default-storage-engine=innodb
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (using the "enable-named-pipe" option) will render mysqld useless!
-# 
-#skip-networking
-server-id       = 1
-
-# Uncomment the following if you want to log updates
-#log-bin=mysql-bin
-
-# binary logging format - mixed recommended
-#binlog_format=mixed
-
-# Causes updates to non-transactional engines using statement format to be
-# written directly to binary log. Before using this option make sure that
-# there are no dependencies between transactional and non-transactional
-# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
-# t_innodb; otherwise, slaves may diverge from the master.
-#binlog_direct_non_transactional_updates=TRUE
-
-# Uncomment the following if you are using InnoDB tables
-#innodb_data_home_dir = /var/lib/mysql
-#innodb_data_file_path = ibdata1:10M:autoextend
-#innodb_log_group_home_dir = /var/lib/mysql
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-#innodb_buffer_pool_size = 16M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-#innodb_log_file_size = 5M
-#innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-#innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 8M
-sort_buffer_size = 8M
-
-[mysqlhotcopy]
-interactive-timeout
--- a/data/templates/nginx/plain/global.conf
+++ b/data/templates/nginx/plain/global.conf
@ -1 +0,0 @@
-server_tokens off;
--- a/data/templates/nginx/plain/ssowat.conf
+++ b/data/templates/nginx/plain/ssowat.conf
@ -1,3 +0,0 @@
-lua_shared_dict cache 10m;
-init_by_lua_file   /usr/share/ssowat/init.lua;
-server_names_hash_bucket_size 64;
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@ -1,44 +0,0 @@
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    location / {
-        return 302 https://$http_host/yunohost/admin;
-    }
-
-    location /yunohost/admin {
-        return 301 https://$http_host$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
-    ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
-    ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
-
-    add_header Strict-Transport-Security "max-age=31536000;";
-
-    location / {
-        return 302 https://$http_host/yunohost/admin;
-    }
-
-    location /yunohost {
-        # Block crawlers bot
-        if ($http_user_agent ~ (crawl|Googlebot|Slurp|spider|bingbot|tracker|click|parser|spider|facebookexternalhit) ) {
-            return 403;
-        }
-
-        # Redirect most of 404 to maindomain.tld/yunohost/sso
-        access_by_lua_file /usr/share/ssowat/access.lua;
-    }
-
-    include conf.d/yunohost_admin.conf.inc;
-    include conf.d/yunohost_api.conf.inc;
-}
--- a/data/templates/nginx/plain/yunohost_admin.conf.inc
+++ b/data/templates/nginx/plain/yunohost_admin.conf.inc
@ -1,11 +0,0 @@
-location /yunohost/admin {
-    alias /usr/share/yunohost/admin/;
-    default_type text/html;
-    index index.html;
-
-    # Short cache on handlebars templates
-    location ~* \.(?:ms)$ {
-      expires 5m;
-      add_header Cache-Control "public";
-    }
-}
--- a/data/templates/nginx/plain/yunohost_api.conf.inc
+++ b/data/templates/nginx/plain/yunohost_api.conf.inc
@ -1,17 +0,0 @@
-location /yunohost/api/ {
-    proxy_read_timeout 3600s;
-    proxy_pass http://127.0.0.1:6787/;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-
-    # Custom 502 error page
-    error_page 502 /yunohost/api/error/502;
-}
-
-# Yunohost admin output complete 502 error page, so use only plain text.
-location = /yunohost/api/error/502 {
-    return 502 '502 - Bad Gateway';
-    add_header Content-Type text/plain;
-    internal;
-}
--- a/data/templates/nginx/plain/yunohost_panel.conf.inc
+++ b/data/templates/nginx/plain/yunohost_panel.conf.inc
@ -1,2 +0,0 @@
-sub_filter </head> '<script type="text/javascript" src="/ynhpanel.js"></script></head>';
-sub_filter_once on;
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@ -1,46 +0,0 @@
-server {
-    listen 80;
-    listen [::]:80;
-    server_name {{ domain }};
-
-    access_by_lua_file /usr/share/ssowat/access.lua;
-
-    include conf.d/{{ domain }}.d/*.conf;
-
-    location /yunohost/admin {
-        return 301 https://$http_host$request_uri;
-    }
-
-    access_log /var/log/nginx/{{ domain }}-access.log;
-    error_log /var/log/nginx/{{ domain }}-error.log;
-}
-
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name {{ domain }};
-
-    ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
-    ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
-    ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
-
-    add_header Strict-Transport-Security "max-age=31536000;";
-
-    # Uncomment the following directive after DH generation
-    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
-    #ssl_dhparam /etc/ssl/private/dh2048.pem;
-
-    access_by_lua_file /usr/share/ssowat/access.lua;
-
-    include conf.d/{{ domain }}.d/*.conf;
-
-    include conf.d/yunohost_admin.conf.inc;
-    include conf.d/yunohost_api.conf.inc;
-
-    access_log /var/log/nginx/{{ domain }}-access.log;
-    error_log /var/log/nginx/{{ domain }}-error.log;
-}
--- a/data/templates/nginx/yunohost_local.conf
+++ b/data/templates/nginx/yunohost_local.conf
@ -1 +0,0 @@
-server_name $server_name yunohost.local;
--- a/data/templates/nslcd/nslcd.conf
+++ b/data/templates/nslcd/nslcd.conf
@ -1,25 +0,0 @@
-# /etc/nslcd.conf
-# nslcd configuration file. See nslcd.conf(5)
-# for details.
-
-# The user and group nslcd should run as.
-uid nslcd
-gid nslcd
-
-# The location at which the LDAP server(s) should be reachable.
-uri ldap://localhost/
-
-# The search base that will be used for all queries.
-base dc=yunohost,dc=org
-
-# The LDAP protocol version to use.
-#ldap_version 3
-
-# The search scope.
-#scope sub
-
-# Build a full list of non-LDAP users on startup.
-nss_initgroups_ignoreusers ALLLOCAL
-
-# The minimum numeric user id to lookup.
-nss_min_uid 1000
--- a/data/templates/nsswitch/nsswitch.conf
+++ b/data/templates/nsswitch/nsswitch.conf
@ -1,21 +0,0 @@
-# /etc/nsswitch.conf
-#
-# Example configuration of GNU Name Service Switch functionality.
-# If you have the `glibc-doc-reference' and `info' packages installed, try:
-# `info libc "Name Service Switch"' for information about this file.
-
-passwd:         compat ldap
-group:          compat ldap
-shadow:         compat ldap
-gshadow:        files
-
-hosts:          files mdns4_minimal [NOTFOUND=return] dns
-networks:       files
-
-protocols:      db files
-services:       db files
-ethers:         db files
-rpc:            db files
-
-netgroup:       nis
-sudoers:	files ldap
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@ -1,148 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname Service ready
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# -- TLS for incoming connections
-# By default, TLS is disabled in the Postfix SMTP server, so no difference to
-# plain Postfix is visible. Explicitly switch it on with "smtpd_tls_security_level = may".
-smtpd_tls_security_level=may
-
-# Sending AUTH data over an unencrypted channel poses a security risk.
-# When TLS layer encryption is optional ("smtpd_tls_security_level = may"), it
-# may however still be useful to only offer AUTH when TLS is active. To maintain
-# compatibility with non-TLS clients, the default is to accept AUTH without
-# encryption. In order to change this behavior, we set "smtpd_tls_auth_only = yes".
-smtpd_tls_auth_only=yes
-smtpd_tls_cert_file = /etc/yunohost/certs/{{ main_domain }}/crt.pem
-smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem
-smtpd_tls_CAfile = /etc/yunohost/certs/{{ main_domain }}/ca.pem
-smtpd_tls_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, 3DES
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtpd_tls_loglevel=1
-smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
-smtpd_tls_mandatory_ciphers=high
-smtpd_tls_eecdh_grade = ultra
-
-# -- TLS for outgoing connections
-# Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
-smtp_tls_security_level=may
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
-smtp_tls_mandatory_ciphers= $smtpd_tls_mandatory_ciphers
-smtp_tls_loglevel=1
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-myhostname = {{ main_domain }}
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydomain = {{ main_domain }}
-mydestination = localhost
-relayhost = 
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_command = procmail -a "$EXTENSION"
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-
-#### Fit to the maximum message size allowed by GMail or Yahoo ####
-message_size_limit = 26214400
-
-# Virtual Domains Control 
-virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf 
-virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf 
-virtual_mailbox_base = 
-virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf 
-virtual_alias_domains = 
-virtual_minimum_uid = 100 
-virtual_uid_maps = static:vmail 
-virtual_gid_maps = static:mail
-
-# Dovecot LDA 
-virtual_transport = dovecot 
-dovecot_destination_recipient_limit = 1
-
-# Enable SASL authentication for the smtpd daemon 
-smtpd_sasl_auth_enable = yes 
-smtpd_sasl_type = dovecot 
-smtpd_sasl_path = private/auth 
-# Fix some outlook's bugs 
-broken_sasl_auth_clients = yes 
-# Reject anonymous connections 
-smtpd_sasl_security_options = noanonymous 
-smtpd_sasl_local_domain =
-
-
-# Wait until the RCPT TO command before evaluating restrictions 
-smtpd_delay_reject = yes 
- 
-# Basics Restrictions 
-smtpd_helo_required = yes 
-strict_rfc821_envelopes = yes 
- 
-# Requirements for the connecting server 
-smtpd_client_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_rbl_client bl.spamcop.net, 
-    reject_rbl_client cbl.abuseat.org, 
-    reject_rbl_client zen.spamhaus.org, 
-    permit 
- 
-# Requirements for the HELO statement 
-smtpd_helo_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_hostname, 
-    reject_invalid_hostname, 
-    permit 
- 
-# Requirements for the sender address 
-smtpd_sender_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_sender, 
-    reject_unknown_sender_domain,
-    permit 
- 
-# Requirement for the recipient address 
-smtpd_recipient_restrictions = 
-    permit_mynetworks, 
-    permit_sasl_authenticated, 
-    reject_non_fqdn_recipient, 
-    reject_unknown_recipient_domain, 
-    reject_unauth_destination,
-    permit
-
-# SRS
-sender_canonical_maps = regexp:/etc/postfix/sender_canonical
-sender_canonical_classes = envelope_sender
-
-# Ignore some headers
-smtp_header_checks = regexp:/etc/postfix/header_checks
-
-smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
-
-# Rmilter
-milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
-milter_protocol = 6
-smtpd_milters = inet:localhost:11000
-
-# Skip email without checking if milter has died
-milter_default_action = accept
--- a/data/templates/postfix/plain/header_checks
+++ b/data/templates/postfix/plain/header_checks
@ -1,4 +0,0 @@
-/^X-Originating-IP:/ IGNORE
-/^Received:/ IGNORE
-/^User-Agent:/ IGNORE
-/^X-Mailer:/ IGNORE
--- a/data/templates/postfix/plain/ldap-accounts.cf
+++ b/data/templates/postfix/plain/ldap-accounts.cf
@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = dc=yunohost,dc=org
-query_filter = (&(objectClass=mailAccount)(mail=%s))
-result_attribute = uid
--- a/data/templates/postfix/plain/ldap-aliases.cf
+++ b/data/templates/postfix/plain/ldap-aliases.cf
@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = dc=yunohost,dc=org
-query_filter = (&(objectClass=mailAccount)(mail=%s))
-result_attribute = maildrop
--- a/data/templates/postfix/plain/ldap-domains.cf
+++ b/data/templates/postfix/plain/ldap-domains.cf
@ -1,5 +0,0 @@
-server_host = localhost
-server_port = 389
-search_base = ou=domains,dc=yunohost,dc=org
-query_filter = (&(objectClass=mailDomain)(virtualdomain=%s))
-result_attribute = virtualdomain
--- a/data/templates/postfix/plain/master.cf
+++ b/data/templates/postfix/plain/master.cf
@ -1,118 +0,0 @@
-#
-# Postfix master process configuration file.  For details on the format
-# of the file, see the master(5) manual page (command: "man 5 master").
-#
-# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
-# ==========================================================================
-smtp      inet  n       -       -       -       -       smtpd
-submission inet n       -       -       -       -       smtpd
-  -o smtpd_tls_security_level=encrypt
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-smtps     inet  n       -       -       -       -       smtpd
-  -o header_checks=pcre:/etc/postfix/header_checks
-  -o smtpd_tls_wrappermode=yes
-  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       -       -       -       qmqpd
-pickup    fifo  n       -       -       60      1       pickup
-cleanup   unix  n       -       -       -       0       cleanup
-qmgr      fifo  n       -       n       300     1       qmgr
-#qmgr     fifo  n       -       -       300     1       oqmgr
-tlsmgr    unix  -       -       -       1000?   1       tlsmgr
-rewrite   unix  -       -       -       -       -       trivial-rewrite
-bounce    unix  -       -       -       -       0       bounce
-defer     unix  -       -       -       -       0       bounce
-trace     unix  -       -       -       -       0       bounce
-verify    unix  -       -       -       -       1       verify
-flush     unix  n       -       -       1000?   0       flush
-proxymap  unix  -       -       n       -       -       proxymap
-proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       -       -       -       smtp
-# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
-relay     unix  -       -       -       -       -       smtp
-	-o smtp_fallback_relay=
-#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       -       -       -       showq
-error     unix  -       -       -       -       -       error
-retry     unix  -       -       -       -       -       error
-discard   unix  -       -       -       -       -       discard
-local     unix  -       n       n       -       -       local
-virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       -       -       -       lmtp
-anvil     unix  -       -       -       -       1       anvil
-scache    unix  -       -       -       -       1       scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent.  See the pipe(8) man page for information about ${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-maildrop  unix  -       n       n       -       -       pipe
-  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-#  mailbox_transport = lmtp:inet:localhost
-#  virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix  -       n       n       -       -       pipe
-#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp      unix  -       n       n       -       -       pipe
-  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail    unix  -       n       n       -       -       pipe
-  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp     unix  -       n       n       -       -       pipe
-  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix	-	n	n	-	2	pipe
-  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman   unix  -       n       n       -       -       pipe
-  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-  ${nexthop} ${user}
-
-# Dovecot LDA 
-dovecot    unix  -       n       n       -       -       pipe 
-    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension}
-# ==========================================================================
-# service type  private unpriv  chroot  wakeup  maxproc command + args
-#               (yes)   (yes)   (yes)   (never) (100)
-# ==========================================================================
-# Added using postfix-add-filter script:
--- a/data/templates/postfix/plain/sender_canonical
+++ b/data/templates/postfix/plain/sender_canonical
@ -1 +0,0 @@
-/^(.*)@(.*)$/     ${1}
--- a/data/templates/postfix/plain/smtp_reply_filter
+++ b/data/templates/postfix/plain/smtp_reply_filter
@ -1,8 +0,0 @@
-# Google Mail bounces email sent via IPv6, while this works ok with IPv4.
-#
-# Convert Google Mail IPv6 complaint permanent error into a temporary error.
-# Turn 550 error containing gsmtp in the message into 450 error.
-# This way Postfix will attempt to deliver this e-mail using another MX
-# (via IPv4).
-#
-/^5(\d\d )5(.*information. \S+ - gsmtp.*)/ 4${1}4$2
--- a/data/templates/rmilter/rmilter.conf
+++ b/data/templates/rmilter/rmilter.conf
@ -1,18 +0,0 @@
-# systemd-specific settings for rmilter
-
-.include /etc/rmilter.conf.common
-
-# pidfile - path to pid file
-pidfile = /run/rmilter/rmilter.pid;
-
-# rmilter is socket-activated under systemd
-bind_socket = fd:3;
-
-# DKIM signing
-dkim {
-    domain {
-        key = /etc/dkim;
-        domain = "*";
-        selector = "mail";
-    };
-};
--- a/data/templates/rmilter/rmilter.socket
+++ b/data/templates/rmilter/rmilter.socket
@ -1,5 +0,0 @@
-.include /lib/systemd/system/rmilter.socket
-
-[Socket]
-ListenStream=
-ListenStream=127.0.0.1:11000
--- a/data/templates/rspamd/metrics.local.conf
+++ b/data/templates/rspamd/metrics.local.conf
@ -1,8 +0,0 @@
-# Metrics settings
-# This define overridden options.
-
-actions {
-  reject = 21;
-  add_header = 8;
-  greylist = 4;
-}
--- a/data/templates/rspamd/rspamd.sieve
+++ b/data/templates/rspamd/rspamd.sieve
@ -1,4 +0,0 @@
-require ["fileinto"];
-if header :is "X-Spam" "yes" {
-    fileinto "Junk";
-}
--- a/data/templates/slapd/ldap.conf
+++ b/data/templates/slapd/ldap.conf
@ -1,18 +0,0 @@
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE	dc=example,dc=com
-#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
-
-#SIZELIMIT	12
-#TIMELIMIT	15
-#DEREF		never
-
-# TLS certificates (needed for GnuTLS)
-TLS_CACERT	/etc/ssl/certs/ca-certificates.crt
-
-sudoers_base ou=sudo,dc=yunohost,dc=org
--- a/data/templates/slapd/mailserver.schema
+++ b/data/templates/slapd/mailserver.schema
@ -1,88 +0,0 @@
-## LDAP Schema Yunohost EMAIL
-## Version 0.1
-## Adrien Beudin
-
-# Attributes
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.1
-        NAME 'maildrop'
-        DESC 'Mail addresses where mails are forwarded -- ie forwards'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.2
-        NAME 'mailalias'
-        DESC 'Mail addresses accepted by this account -- ie aliases'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.3
-        NAME 'mailenable'
-        DESC 'Mail Account validity'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.4
-        NAME 'mailbox'
-        DESC 'Mailbox path where mails are delivered'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.5
-        NAME 'virtualdomain'
-        DESC 'A mail domain name'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.6
-        NAME 'virtualdomaindescription'
-        DESC 'Virtual domain description'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.40328.1.20.2.7
-        NAME 'mailuserquota'
-        DESC 'Mailbox quota for a user'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{16} SINGLE-VALUE )
-
-# Mail Account Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.1
-        NAME 'mailAccount'
-        DESC 'Mail Account'
-        SUP top
-        AUXILIARY
-        MUST (
-            mail
-            )
-        MAY (
-            mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota 
-            )
-        )
-
-# Mail Domain Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.2
-        NAME 'mailDomain'
-        DESC 'Domain mail entry'
-        SUP top
-        STRUCTURAL
-        MUST (
-            virtualdomain
-            )
-        MAY (
-            virtualdomaindescription $ mailuserquota
-            )
-        )
-
-# Mail Group Objectclass
-objectclass ( 1.3.6.1.4.1.40328.1.1.2.3
-        NAME 'mailGroup' SUP top AUXILIARY
-        DESC 'Mail Group'
-        MUST ( mail )
-        )
--- a/data/templates/slapd/slapd.conf
+++ b/data/templates/slapd/slapd.conf
@ -1,112 +0,0 @@
-# This is the main slapd configuration file. See slapd.conf(5) for more
-# info on the configuration options.
-
-#######################################################################
-# Global Directives:
-
-# Features to permit
-#allow bind_v2
-
-# Schema and objectClass definitions
-include         /etc/ldap/schema/core.schema
-include         /etc/ldap/schema/cosine.schema
-include         /etc/ldap/schema/nis.schema
-include         /etc/ldap/schema/inetorgperson.schema
-include         /etc/ldap/schema/mailserver.schema
-include         /etc/ldap/schema/sudo.schema
-
-# Where the pid file is put. The init.d script
-# will not stop the server if you change this.
-pidfile         /var/run/slapd/slapd.pid
-
-# List of arguments that were passed to the server
-argsfile        /var/run/slapd/slapd.args
-
-# Read slapd.conf(5) for possible values
-loglevel        none
-
-# Hashes to be used in generation of user passwords
-password-hash   {SSHA}
-
-# Where the dynamically loaded modules are stored
-modulepath	/usr/lib/ldap
-moduleload	back_mdb
-moduleload      memberof
-
-# The maximum number of entries that is returned for a search operation
-sizelimit 500
-
-# The tool-threads parameter sets the actual amount of cpu's that is used
-# for indexing.
-tool-threads 1
-
-#######################################################################
-# Specific Backend Directives for mdb:
-# Backend specific directives apply to this backend until another
-# 'backend' directive occurs
-backend		mdb
-
-#######################################################################
-# Specific Directives for database #1, of type mdb:
-# Database specific directives apply to this databasse until another
-# 'database' directive occurs
-database        mdb
-
-# The base of your directory in database #1
-suffix          "dc=yunohost,dc=org"
-
-# rootdn directive for specifying a superuser on the database. This is needed
-# for syncrepl.
-# rootdn          "cn=admin,dc=yunohost,dc=org"
-
-# Where the database file are physically stored for database #1
-directory       "/var/lib/ldap"
-
-# Indexing options for database #1
-index  objectClass         eq
-index  uid                 eq,sub
-index  entryCSN,entryUUID  eq
-
-# Save the time that the entry gets modified, for database #1
-lastmod         on
-
-# Checkpoint the BerkeleyDB database periodically in case of system
-# failure and to speed slapd shutdown.
-checkpoint      512 30
-
-# The userPassword by default can be changed
-# by the entry owning it if they are authenticated.
-# Others should not be able to see it, except the
-# admin entry below
-# These access lines apply to database #1 only
-access to attrs=userPassword,shadowLastChange
-        by dn="cn=admin,dc=yunohost,dc=org" write
-        by anonymous auth
-        by self write
-        by * none
-
-# Personnal information can be changed by the entry
-# owning it if they are authenticated.
-# Others should be able to see it.
-access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn
-        by dn="cn=admin,dc=yunohost,dc=org" write
-        by self write
-        by * read
-
-# Ensure read access to the base for things like
-# supportedSASLMechanisms.  Without this you may
-# have problems with SASL not knowing what
-# mechanisms are available and the like.
-# Note that this is covered by the 'access to *'
-# ACL below too but if you change that as people
-# are wont to do you'll still need this if you
-# want SASL (and possible other things) to work 
-# happily.
-access to dn.base="" by * read
-
-# The admin dn has full write access, everyone else
-# can read everything.
-access to *
-        by dn="cn=admin,dc=yunohost,dc=org" write
-        by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
-        by * read
--- a/Show more
+++ b/Show more