2024-09-03 20:06:31 +02:00
297 changed files with 10761 additions and 34704 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -1,22 +0,0 @@
 ## The problem
 ...
 ## Solution
 ...
 ## PR Status
 ...
 ## How to test
 ...
 ## Validation
 - [ ] Principle agreement 0/2 : 
 - [ ] Quick review 0/1 : 
 - [ ] Simple test 0/1 : 
 - [ ] Deep review 0/1 : 
--- a/.github/workflows/autoblack.yml
+++ b/.github/workflows/autoblack.yml
@ -0,0 +1,35 @@
 name: Check / auto apply Black
 on:
  push:
      branches:
          - dev
 jobs:
  black:
    name: Check / auto apply black
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check files using the black formatter
        uses: psf/black@stable
        id: black
        with:
          options: "."
        continue-on-error: true
      - shell: pwsh
        id: check_files_changed
        run: |
          # Diff HEAD with the previous commit
          $diff = git diff
          $HasDiff = $diff.Length -gt 0
          Write-Host "::set-output name=files_changed::$HasDiff"
      - name: Create Pull Request
        if: steps.check_files_changed.outputs.files_changed == 'true'
        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          title: "Format Python code with Black"
          commit-message: ":art: Format Python code with Black"
          body: |
            This pull request uses the [psf/black](https://github.com/psf/black) formatter.
          base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
          branch: actions/black
--- a/.github/workflows/i18n.yml
+++ b/.github/workflows/i18n.yml
@ -0,0 +1,29 @@
 name: Autoreformat locale files
 on:
  push:
      branches:
          - dev
 jobs:
  i18n:
    name: Autoreformat locale files
    runs-on: ubuntu-latest
    steps:
        - uses: actions/checkout@v4
        - name: Apply reformating scripts
          id: action_reformat
          run: |
              python3 test/remove_stale_i18n_strings.py
              python3 test/autofix_locale_format.py
              python3 test/reformat_locales.py
              git diff -w --exit-code
        - name: Create Pull Request
          if: ${{ failure() }}
          uses: peter-evans/create-pull-request@v6
          with:
            token: ${{ secrets.GITHUB_TOKEN }}
            title: "Reformat locale files"
            commit-message: ":robot: Reformat locale files"
            body: |
              Automatic pull request using the scripts in `test/`
            base: ${{ github.head_ref }}
            branch: actions/i18nreformat
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@ -0,0 +1,49 @@
 name: Tests
 on:
  push:
      branches:
          - dev
          - bullseye
  pull_request:
 jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [3.9]
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
    - name: Install apt dependencies
      run: sudo apt install ldap-utils slapd libsasl2-dev libldap2-dev libssl-dev
    - name: Install tox
      run: |
        python -m pip install --upgrade pip
        pip install tox tox-gh-actions
    - name: Test with tox
      run: tox -e py39-pytest
  invalidcode:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [3.9]
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
    - name: Install tox
      run: |
        python -m pip install --upgrade pip
        pip install tox tox-gh-actions
    - name: Linter
      run: tox -e py39-invalidcode
    - name: Mypy
      run: tox -e py39-mypy
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,8 @@
 *.py[co]
 # Documentation
 doc/_build/
 # Packages
 *.egg
 *.egg-info
@ -10,6 +13,7 @@ dist
 build
 eggs
 parts
 bin
 cache
 var
 sdist
@ -30,5 +34,11 @@ pip-log.txt
 # Mr Developer
 .mr.developer.cfg
-# moulinette lib
+# Moulinette
-src/yunohost/locales
+doc/*.json
 moulinette/package.py
 # track only test namespace
 lib/**
 !lib/test
 data/actionsmap/**
 !data/actionsmap/test.yml
--- a/.travis.yml
+++ b/.travis.yml
@ -1,5 +0,0 @@
 language: python
 install: "pip install pytest pyyaml"
 python:
    - "2.7"
 script: "py.test tests"
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -1,101 +1,70 @@
-YunoHost core contributors
+Moulinette contributors
-==========================
+=======================
 YunoHost is built and maintained by the YunoHost project community.
 Everyone is encouraged to submit issues and changes, and to contribute in other ways -- see https://yunohost.org/contribute to find out how.
 --
-Initial YunoHost core was built by Kload & beudbeud, for YunoHost v2.
+Initial Moulinette was built by Kload & jerome, for YunoHost v2.
-Most of code was written by Kload and jerome, with help of numerous contributors.
+Most of actual Moulinette code was written by jerome, with help of numerous contributors.
 Translation is made by a bunch of lovely people all over the world.
 We would like to thank anyone who ever helped the YunoHost project <3
-YunoHost core Contributors
+Moulinette Contributors
--------------------------
+-----------------------
 - Jérôme Lebleu
 - Kload
 - Jérôme Lebleu
 - Adrien 'beudbeud' Beudin
 - titoko
 - Laurent 'Bram' Peuch
 - Julien 'ju' Malik
- opi
+- npze
 - Aleks
 - Adrien 'beudbeud' Beudin
 - M5oul
 - Valentin 'zamentur' / 'ljf' Grimaud
 - Jocelyn Delalande
 - infertux
 - Taziden
 - ZeHiro
 - Josue-T
 - nahoj
 - a1ex
 - JimboJoe
 - vetetix
 - jellium
 - Sebastien 'sebian' Badia
 - lmangani
- Julien Vaubourg
+- Valentin 'zamentur' / 'ljf' Grimaud
- thardev
+- dblugeon
 - zimo2001
-YunoHost core Translators
+Moulinette Translators
-------------------------
+----------------------
 If you want to help translation, please visit https://translate.yunohost.org/projects/yunohost/yunohost/
 ### Dutch
 - DUBWiSE
 - Jeroen Keerl
 - marut
 ### English
- Bugsbane
+- Anmol
 - rokaz
 ### French
- aoz roon
+- Bobo
- Genma
+- Laurent Peuch
 - Jean-Baptiste Holcroft
 - Jean P.
 - Jérôme Lebleu
 - Lapineige
 - paddy
 ### German
- david.bartke
+- David Bartke
 - Fabian Gruber
 - Felix Bartels
- Jeroen Keerl
+- Marvin Gärtner
 - martin kistner
 - Philip Gatzka
 ### Hindi
 - Anmol
 ### Italian
 - bricabrac
 - Thomas Bille
 ### Portuguese
- Deleted User
+- frju
 - Trollken
 ### Spanish
 - Juanu
--- a/83
+++ b/83
@ -7,15 +7,15 @@
                            Preamble
-  The GNU Affero General Public License is a free, copyleft license for
+  The GNU Affero General Public License is a free, copyleft license
-software and other kinds of works, specifically designed to ensure
+for software and other kinds of works, specifically designed to ensure
 cooperation with the community in the case of network server software.
-  The licenses for most software and other practical works are designed
+  The licenses for most software and other practical works are
-to take away your freedom to share and change the works.  By contrast,
+designed to take away your freedom to share and change the works.  By
-our General Public Licenses are intended to guarantee your freedom to
+contrast, our General Public Licenses are intended to guarantee your
-share and change all versions of a program--to make sure it remains free
+freedom to share and change all versions of a program--to make sure it
-software for all its users.
+remains free software for all its users.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@ -60,10 +60,11 @@ modification follow.
  0. Definitions.
-  "This License" refers to version 3 of the GNU Affero General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public
 License.
-  "Copyright" also means copyright-like laws that apply to other kinds of
+  "Copyright" also means copyright-like laws that apply to other kinds
-works, such as semiconductor masks.
+of works, such as semiconductor masks.
  "The Program" refers to any copyrightable work licensed under this
 License.  Each licensee is addressed as "you".  "Licensees" and
@ -376,12 +377,12 @@ that material) supplement the terms of this License with terms:
  All other non-permissive additional terms are considered "further
 restrictions" within the meaning of section 10.  If the Program as you
 received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
+governed by this License along with a term that is a further restriction,
-restriction, you may remove that term.  If a license document contains
+you may remove that term.  If a license document contains a further
-a further restriction but permits relicensing or conveying under this
+restriction but permits relicensing or conveying under this License, you
-License, you may add to a covered work material governed by the terms
+may add to a covered work material governed by the terms of that license
-of that license document, provided that the further restriction does
+document, provided that the further restriction does not survive such
-not survive such relicensing or conveying.
+relicensing or conveying.
  If you add terms to a covered work in accord with this section, you
 must place, in the relevant source files, a statement of the
@ -550,34 +551,34 @@ shall include the Corresponding Source for any work covered by version 3
 of the GNU General Public License that is incorporated pursuant to the
 following paragraph.
-  Notwithstanding any other provision of this License, you have
+  Notwithstanding any other provision of this License, you have permission
-permission to link or combine any covered work with a work licensed
+to link or combine any covered work with a work licensed under version 3
-under version 3 of the GNU General Public License into a single
+of the GNU General Public License into a single combined work, and to
-combined work, and to convey the resulting work.  The terms of this
+convey the resulting work.  The terms of this License will continue to
-License will continue to apply to the part which is the covered work,
+apply to the part which is the covered work, but the work with which it is
-but the work with which it is combined will remain governed by version
+combined will remain governed by version 3 of the GNU General Public
-3 of the GNU General Public License.
+License.
  14. Revised Versions of this License.
  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
+the GNU Affero General Public License from time to time.  Such new
-will be similar in spirit to the present version, but may differ in detail to
+versions will be similar in spirit to the present version, but may differ
-address new problems or concerns.
+in detail to address new problems or concerns.
  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
+Program specifies that a certain numbered version of the GNU Affero
-Public License "or any later version" applies to it, you have the
+General Public License "or any later version" applies to it, you have
-option of following the terms and conditions either of that numbered
+the option of following the terms and conditions either of that
-version or of any later version published by the Free Software
+numbered version or of any later version published by the Free
-Foundation.  If the Program does not specify a version number of the
+Software Foundation.  If the Program does not specify a version number
-GNU Affero General Public License, you may choose any version ever published
+of the GNU Affero General Public License, you may choose any version
-by the Free Software Foundation.
+ever published by the Free Software Foundation.
  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that
-public statement of acceptance of a version permanently authorizes you
+proxy's public statement of acceptance of a version permanently
-to choose that version for the Program.
+authorizes you to choose that version for the Program.
  Later license versions may give you additional or different
 permissions.  However, no additional obligations are imposed on any
@ -616,9 +617,9 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
-                     END OF TERMS AND CONDITIONS
+                       END OF TERMS AND CONDITIONS
-            How to Apply These Terms to Your New Programs
+              How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@ -633,9 +634,9 @@ the "copyright" line and a pointer to where the full notice is found.
    Copyright (C) <year>  <name of author>
    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
+    it under the terms of the GNU Affero General Public License as
-    by the Free Software Foundation, either version 3 of the License, or
+    published by the Free Software Foundation, either version 3 of the
-    (at your option) any later version.
+    License, or (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/README.md
+++ b/README.md
@ -1,42 +1,46 @@
-# YunoHost core
+<h1 align="center">Moulinette</h1>
- [YunoHost project website](https://yunohost.org)
+<div align="center">
-This repository is the core of YunoHost code.
+![Version](https://img.shields.io/github/v/tag/yunohost/moulinette?label=version&sort=semver)
 [![Tests status](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml/badge.svg)](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml)
 [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/YunoHost/moulinette.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/YunoHost/moulinette/context:python)
 [![GitHub license](https://img.shields.io/github/license/YunoHost/moulinette)](https://github.com/YunoHost/moulinette/blob/dev/LICENSE)
 <a href="https://translate.yunohost.org/engage/yunohost/?utm_source=widget">
 <img src="https://translate.yunohost.org/widgets/yunohost/-/287x66-white.png" alt="Translation status" />
 </a>
-## Issues
+Moulinette is a small Python framework meant to easily create programs with unified CLI and API.
 In particular, it is used as a base framework for the YunoHost project.
 </div>
 Issues
 ------
 - [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
-## Contribute
+Overview
- You can develop on this repository using [ynh-dev tool](https://github.com/YunoHost/ynh-dev) with `use-git`  sub-command.
+--------
 - On this repository we are [following this workflow](https://yunohost.org/#/build_system_en): `stable <— testing <— branch`.
 - Note: if you modify python scripts, you will have to modifiy the actions map.
-## Repository content
+Moulinette allows to create a YAML "actionmaps" that describes what commands are available. Moulinette will automatically make these commands available through the CLI and Web API, and will be mapped to a python function. Moulinette also provide some general helpers, for example for logging, i18n, authentication, or common file system operations.
 - [YunoHost core Python 2.7 scripts](https://github.com/YunoHost/yunohost/tree/stable/src/yunohost).
 - [An actionsmap](https://github.com/YunoHost/yunohost/blob/stable/data/actionsmap/yunohost.yml) used by moulinette.
 - [Services configuration templates](https://github.com/YunoHost/yunohost/tree/stable/data/templates).
 - [Hooks](https://github.com/YunoHost/yunohost/tree/stable/data/hooks).
 - [Locales](https://github.com/YunoHost/yunohost/tree/stable/locales) for translations of `yunohost` command.
 - [Shell helpers](https://github.com/YunoHost/yunohost/tree/stable/data/helpers.d) for [application packaging](https://yunohost.org/#/packaging_apps_helpers_en).
 - [Modules for the XMPP server Metronome](https://github.com/YunoHost/yunohost/tree/stable/lib/metronome/modules).
 - [Debian files](https://github.com/YunoHost/yunohost/tree/stable/debian) for package creation.
-## How does it work?
+<div align="center"><img src="doc/actionsmap.png" width="700" /></div>
 - Python core scripts are accessible through two interfaces thanks to the [moulinette framework](https://github.com/YunoHost/moulinette):
 - [CLI](https://en.wikipedia.org/wiki/Command-line_interface) for `yunohost` command.
 - [API](https://en.wikipedia.org/wiki/Application_programming_interface) for [web administration module](https://github.com/YunoHost/yunohost-admin) (other modules could be implemented).
 - You can find more details about how YunoHost works on this [documentation (in french)](https://yunohost.org/#/package_list_fr).
-## Dependencies
+Translation
- [Python 2.7](https://www.python.org/download/releases/2.7)
+-----------
 - [Moulinette](https://github.com/YunoHost/moulinette)
 - [Bash](https://www.gnu.org/software/bash/bash.html)
 - [Debian Jessie](https://www.debian.org/releases/jessie)
-## License
+You can help translate Moulinette on our [translation platform](https://translate.yunohost.org/engage/yunohost/?utm_source=widget)
-As [other components of YunoHost core code](https://yunohost.org/#/faq_en), this repository is under GNU AGPL v.3 license.
+
 <div align="center"><img src="https://translate.yunohost.org/widgets/yunohost/-/moulinette/horizontal-auto.svg" alt="Translation status" /></div>
 Developpers
 -----------
 - You can learn how to get started with developing on YunoHost by reading [this piece of documentation](https://yunohost.org/dev).
 - Specific doc for moulinette: https://moulinette.readthedocs.org
 - Run tests with:
 ```
 $ pip install tox
 $ tox
 ```
--- a/bin/yunohost
+++ b/bin/yunohost
@ -1,215 +0,0 @@
 #! /usr/bin/python
 # -*- coding: utf-8 -*-
 import os
 import sys
 import argparse
 # Either we are in a development environment or not
 IN_DEVEL = False
 # Level for which loggers will log
 LOGGERS_LEVEL = 'DEBUG'
 TTY_LOG_LEVEL = 'INFO'
 # Handlers that will be used by loggers
 #  - file: log to the file LOG_DIR/LOG_FILE
 #  - tty: log to current tty
 LOGGERS_HANDLERS = ['file', 'tty']
 # Directory and file to be used by logging
 LOG_DIR = '/var/log/yunohost'
 LOG_FILE = 'yunohost-cli.log'
 # Check and load - as needed - development environment
 if not __file__.startswith('/usr/'):
    IN_DEVEL = True
 if IN_DEVEL:
    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
    if os.path.isdir(os.path.join(basedir, 'moulinette')):
        sys.path.insert(0, basedir)
    LOG_DIR = os.path.join(basedir, 'log')
 import moulinette
 from moulinette.actionsmap import ActionsMap
 from moulinette.interfaces.cli import colorize, get_locale
 # Initialization & helpers functions -----------------------------------
 def _die(message, title='Error:'):
    """Print error message and exit"""
    print('%s %s' % (colorize(title, 'red'), message))
    sys.exit(1)
 def _parse_cli_args():
    """Parse additional arguments for the cli"""
    parser = argparse.ArgumentParser(add_help=False)
    parser.add_argument('--no-cache',
        action='store_false', default=True, dest='use_cache',
        help="Don't use actions map cache",
    )
    parser.add_argument('--output-as',
        choices=['json', 'plain', 'none'], default=None,
        help="Output result in another format",
    )
    parser.add_argument('--debug',
        action='store_true', default=False,
        help="Log and print debug messages",
    )
    parser.add_argument('--quiet',
        action='store_true', default=False,
        help="Don't produce any output",
    )
    parser.add_argument('--timeout',
        type=int, default=None,
        help="Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock",
    )
    parser.add_argument('--admin-password',
        default=None, dest='password', metavar='PASSWORD',
        help="The admin password to use to authenticate",
    )
    # deprecated arguments
    parser.add_argument('--plain',
        action='store_true', default=False, help=argparse.SUPPRESS
    )
    parser.add_argument('--json',
        action='store_true', default=False, help=argparse.SUPPRESS
    )
    opts, args = parser.parse_known_args()
    # output compatibility
    if opts.plain:
        opts.output_as = 'plain'
    elif opts.json:
        opts.output_as = 'json'
    return (parser, opts, args)
 def _init_moulinette(debug=False, quiet=False):
    """Configure logging and initialize the moulinette"""
    # Define loggers handlers
    handlers = set(LOGGERS_HANDLERS)
    if quiet and 'tty' in handlers:
        handlers.remove('tty')
    elif 'tty' not in handlers:
        handlers.append('tty')
    root_handlers = set(handlers)
    if not debug and 'tty' in root_handlers:
        root_handlers.remove('tty')
    # Define loggers level
    level = LOGGERS_LEVEL
    tty_level = TTY_LOG_LEVEL
    if debug:
        tty_level = 'DEBUG'
    # Custom logging configuration
    logging = {
        'version': 1,
        'disable_existing_loggers': True,
        'formatters': {
            'tty-debug': {
                'format': '%(relativeCreated)-4d %(fmessage)s'
            },
            'precise': {
                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
            },
        },
        'filters': {
            'action': {
                '()': 'moulinette.utils.log.ActionFilter',
            },
        },
        'handlers': {
            'tty': {
                'level': tty_level,
                'class': 'moulinette.interfaces.cli.TTYHandler',
                'formatter': 'tty-debug' if debug else '',
            },
            'file': {
                'class': 'logging.FileHandler',
                'formatter': 'precise',
                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
                'filters': ['action'],
            },
        },
        'loggers': {
            'yunohost': {
                'level': level,
                'handlers': handlers,
                'propagate': False,
            },
            'moulinette': {
                'level': level,
                'handlers': [],
                'propagate': True,
            },
            'moulinette.interface': {
                'level': level,
                'handlers': handlers,
                'propagate': False,
            },
        },
        'root': {
            'level': level,
            'handlers': root_handlers,
        },
    }
    # Create log directory
    if not os.path.isdir(LOG_DIR):
        try:
            os.makedirs(LOG_DIR, 0750)
        except os.error as e:
            _die(str(e))
    # Initialize moulinette
    moulinette.init(logging_config=logging, _from_source=IN_DEVEL)
 def _retrieve_namespaces():
    """Return the list of namespaces to load"""
    ret = ['yunohost']
    for n in ActionsMap.get_namespaces():
        # Append YunoHost modules
        if n.startswith('ynh_'):
            ret.append(n)
    return ret
 # Main action ----------------------------------------------------------
 if __name__ == '__main__':
    if os.geteuid() != 0:
        # since moulinette isn't initialized, we can't use m18n here
        sys.stderr.write("\033[1;31mError:\033[0m yunohost command must be " \
                         "run as root or with sudo.\n")
        sys.exit(1)
    parser, opts, args = _parse_cli_args()
    _init_moulinette(opts.debug, opts.quiet)
    # Check that YunoHost is installed
    if not os.path.isfile('/etc/yunohost/installed') and \
       (len(args) < 2 or (args[0] +' '+ args[1] != 'tools postinstall' and \
                          args[0] +' '+ args[1] != 'backup restore')):
        from moulinette import m18n
        # Init i18n
        m18n.load_namespace('yunohost')
        m18n.set_locale(get_locale())
        # Print error and exit
        _die(m18n.n('yunohost_not_installed'), m18n.g('error'))
    # Execute the action
    ret = moulinette.cli(
        _retrieve_namespaces(), args,
        use_cache=opts.use_cache, output_as=opts.output_as,
        password=opts.password, parser_kwargs={'top_parser': parser},
        timeout=opts.timeout,
    )
    sys.exit(ret)
--- a/bin/yunohost-api
+++ b/bin/yunohost-api
@ -1,203 +0,0 @@
 #! /usr/bin/python
 # -*- coding: utf-8 -*-
 import os
 import sys
 import argparse
 # Either we are in a development environment or not
 IN_DEVEL = False
 # Default server configuration
 DEFAULT_HOST = 'localhost'
 DEFAULT_PORT = 6787
 # Level for which loggers will log
 LOGGERS_LEVEL = 'INFO'
 # Handlers that will be used by loggers
 #  - file: log to the file LOG_DIR/LOG_FILE
 #  - api: serve logs through the api
 #  - console: log to stderr
 LOGGERS_HANDLERS = ['file', 'api']
 # Directory and file to be used by logging
 LOG_DIR = '/var/log/yunohost'
 LOG_FILE = 'yunohost-api.log'
 # Check and load - as needed - development environment
 if not __file__.startswith('/usr/'):
    IN_DEVEL = True
 if IN_DEVEL:
    basedir = os.path.abspath('%s/../' % os.path.dirname(__file__))
    if os.path.isdir(os.path.join(basedir, 'moulinette')):
        sys.path.insert(0, basedir)
    LOG_DIR = os.path.join(basedir, 'log')
 import moulinette
 from moulinette.actionsmap import ActionsMap
 from moulinette.interfaces.cli import colorize
 # Initialization & helpers functions -----------------------------------
 def _die(message, title='Error:'):
    """Print error message and exit"""
    print('%s %s' % (colorize(title, 'red'), message))
    sys.exit(1)
 def _parse_api_args():
    """Parse main arguments for the api"""
    parser = argparse.ArgumentParser(add_help=False,
        description="Run the YunoHost API to manage your server.",
    )
    srv_group = parser.add_argument_group('server configuration')
    srv_group.add_argument('-h', '--host',
        action='store', default=DEFAULT_HOST,
        help="Host to listen on (default: %s)" % DEFAULT_HOST,
    )
    srv_group.add_argument('-p', '--port',
        action='store', default=DEFAULT_PORT, type=int,
        help="Port to listen on (default: %d)" % DEFAULT_PORT,
    )
    srv_group.add_argument('--no-websocket',
        action='store_true', default=True, dest='use_websocket',
        help="Serve without WebSocket support, used to handle "
        "asynchronous responses such as the messages",
    )
    glob_group = parser.add_argument_group('global arguments')
    glob_group.add_argument('--no-cache',
        action='store_false', default=True, dest='use_cache',
        help="Don't use actions map cache",
    )
    glob_group.add_argument('--debug',
        action='store_true', default=False,
        help="Set log level to DEBUG",
    )
    glob_group.add_argument('--verbose',
        action='store_true', default=False,
        help="Be verbose in the output",
    )
    glob_group.add_argument('--help',
        action='help', help="Show this help message and exit",
    )
    return parser.parse_args()
 def _init_moulinette(use_websocket=True, debug=False, verbose=False):
    """Configure logging and initialize the moulinette"""
    # Define loggers handlers
    handlers = set(LOGGERS_HANDLERS)
    if not use_websocket and 'api' in handlers:
        handlers.remove('api')
    if verbose and 'console' not in handlers:
        handlers.add('console')
    root_handlers = handlers - set(['api'])
    # Define loggers level
    level = LOGGERS_LEVEL
    if debug:
        level = 'DEBUG'
    # Custom logging configuration
    logging = {
        'version': 1,
        'disable_existing_loggers': True,
        'formatters': {
            'console': {
                'format': '%(relativeCreated)-5d %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
            },
            'precise': {
                'format': '%(asctime)-15s %(levelname)-8s %(name)s %(funcName)s - %(fmessage)s'
            },
        },
        'filters': {
            'action': {
                '()': 'moulinette.utils.log.ActionFilter',
            },
        },
        'handlers': {
            'api': {
                'class': 'moulinette.interfaces.api.APIQueueHandler',
            },
            'file': {
                'class': 'logging.handlers.WatchedFileHandler',
                'formatter': 'precise',
                'filename': '%s/%s' % (LOG_DIR, LOG_FILE),
                'filters': ['action'],
            },
            'console': {
                'class': 'logging.StreamHandler',
                'formatter': 'console',
                'stream': 'ext://sys.stdout',
                'filters': ['action'],
            },
        },
        'loggers': {
            'yunohost': {
                'level': level,
                'handlers': handlers,
                'propagate': False,
            },
            'moulinette': {
                'level': level,
                'handlers': [],
                'propagate': True,
            },
        },
        'root': {
            'level': level,
            'handlers': root_handlers,
        },
    }
    # Create log directory
    if not os.path.isdir(LOG_DIR):
        try:
            os.makedirs(LOG_DIR, 0750)
        except os.error as e:
            _die(str(e))
    # Initialize moulinette
    moulinette.init(logging_config=logging, _from_source=IN_DEVEL)
 def _retrieve_namespaces():
    """Return the list of namespaces to load"""
    ret = ['yunohost']
    for n in ActionsMap.get_namespaces():
        # Append YunoHost modules
        if n.startswith('ynh_'):
            ret.append(n)
    return ret
 # Callbacks for additional routes --------------------------------------
 def is_installed():
    """
    Check whether YunoHost is installed or not
    """
    installed = False
    if os.path.isfile('/etc/yunohost/installed'):
        installed = True
    return { 'installed': installed }
 # Main action ----------------------------------------------------------
 if __name__ == '__main__':
    opts = _parse_api_args()
    _init_moulinette(opts.use_websocket, opts.debug, opts.verbose)
    # Run the server
    from yunohost.utils.packages import ynh_packages_version
    ret = moulinette.api(
        _retrieve_namespaces(),
        host=opts.host, port=opts.port, routes={
            ('GET', '/installed'): is_installed,
            ('GET', '/version'): ynh_packages_version,
        }, use_cache=opts.use_cache, use_websocket=opts.use_websocket
    )
    sys.exit(ret)
--- a/bin/yunopaste
+++ b/bin/yunopaste
@ -1,77 +0,0 @@
 #!/bin/bash
 set -e
 set -u
 PASTE_URL="https://paste.yunohost.org"
 _die() {
  printf "Error: %s\n" "$*"
  exit 1
 }
 check_dependencies() {
  curl -V > /dev/null 2>&1 || _die "This script requires curl."
 }
 paste_data() {
  json=$(curl -X POST -s -d "$1" "${PASTE_URL}/documents")
  [[ -z "$json" ]] && _die "Unable to post the data to the server."
  key=$(echo "$json" \
    | python -c 'import json,sys;o=json.load(sys.stdin);print o["key"]' \
        2>/dev/null)
  [[ -z "$key" ]] && _die "Unable to parse the server response."
  echo "${PASTE_URL}/${key}"
 }
 usage() {
  printf "Usage: ${0} [OPTION]...
 Read from input stream and paste the data to the YunoHost
 Haste server.
 For example, to paste the output of the YunoHost diagnosis, you
 can simply execute the following:
  yunohost tools diagnosis | ${0}
 It will return the URL where you can access the pasted data.
 Options:
  -h, --help   show this help message and exit
 "
 }
 main() {
  # parse options
  while (( ${#} )); do
    case "${1}" in
      --help|-h)
        usage
        exit 0
        ;;
      *)
        echo "Unknown parameter detected: ${1}" >&2
        echo >&2
        usage >&2
        exit 1
        ;;
    esac
    shift 1
  done
  # check input stream
  read -t 0 || {
    echo -e "Invalid usage: No input is provided.\n" >&2
    usage
    exit 1
  }
  paste_data "$(cat)"
 }
 check_dependencies
 main "${@}"
--- a/bin/yunoprompt
+++ b/bin/yunoprompt
@ -1,74 +0,0 @@
 #!/bin/bash
 # Fetch ips
 ip=$(hostname --all-ip-address)
 # Fetch SSH fingerprints
 i=0
 for key in /etc/ssh/ssh_host_*_key.pub ; do 
    output=$(ssh-keygen -l -f $key)
    fingerprint[$i]=" - $(echo $output | cut -d' ' -f2) $(echo $output| cut -d' ' -f4)"
    i=$(($i + 1))
 done
 #
 # Build the logo
 #
 LOGO=$(cat << 'EOF'
  __   __  __   __  __    _  _______  __   __  _______  _______  _______
 |  | |  ||  | |  ||  |  | ||       ||  | |  ||       ||       ||       |
 |  |_|  ||  | |  ||   |_| ||   _   ||  |_|  ||   _   ||  _____||_     _|
 |       ||  |_|  ||       ||  | |  ||       ||  | |  || |_____   |   |
 |_     _||       ||  _    ||  |_|  ||   _   ||  |_|  ||_____  |  |   |
   |   |  |       || | |   ||       ||  | |  ||       | _____| |  |   |
   |___|  |_______||_|  |__||_______||__| |__||_______||_______|  |___|
 EOF
 )
 # ' Put a quote in comment to make vim happy about syntax highlighting :s
 #
 # Build the actual message
 #
 LOGO_AND_FINGERPRINTS=$(cat << EOF
 $LOGO
 IP: ${ip}
 SSH fingerprints:
 ${fingerprint[0]}
 ${fingerprint[1]}
 ${fingerprint[2]}
 ${fingerprint[3]}
 ${fingerprint[4]}
 EOF
 )
 if [[ -f /etc/yunohost/installed ]]
 then
    echo "$LOGO_AND_FINGERPRINTS" > /etc/issue
 else
    sleep 5
    chvt 2
    echo "$LOGO_AND_FINGERPRINTS"
    echo -e "\e[m Post-installation \e[0m"
    echo "Congratulations! YunoHost has been successfully installed.\nTwo more steps are required to activate the services of your server."
    read -p "Proceed to post-installation? (y/n)\nAlternatively, you can proceed the post-installation on https://${ip}" -n 1
    RESULT=1
    while [ $RESULT -gt 0 ]; do
        if [[ $REPLY =~ ^[Nn]$ ]]; then
            chvt 1
            exit 0
        fi
        echo -e "\n"
        /usr/bin/yunohost tools postinstall
        let RESULT=$?
        if [ $RESULT -gt 0 ]; then
            echo -e "\n"
            read -p "Retry? (y/n) " -n 1
        fi
    done
 fi
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
--- a/data/bash-completion.d/yunohost
+++ b/data/bash-completion.d/yunohost
@ -1,12 +0,0 @@
 #
 # Bash completion for yunohost
 #
 _python_argcomplete() {
    local IFS=''
    COMPREPLY=( $(IFS="$IFS"                   COMP_LINE="$COMP_LINE"                   COMP_POINT="$COMP_POINT"                   _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS"                   _ARGCOMPLETE=1                   "$1" 8>&1 9>&2 1>/dev/null 2>/dev/null) )
    if [[ $? != 0 ]]; then
        unset COMPREPLY
    fi
 }
 complete -o nospace -o default -F _python_argcomplete "yunohost"
--- a/data/helpers
+++ b/data/helpers
@ -1,7 +0,0 @@
 # -*- shell-script -*-
 # TODO : use --regex to validate against a namespace
 for helper in $(run-parts --list /usr/share/yunohost/helpers.d 2>/dev/null) ; do
    [ -r $helper ] && . $helper || true
 done
--- a/data/helpers.d/backend
+++ b/data/helpers.d/backend
@ -1,248 +0,0 @@
 # Use logrotate to manage the logfile
 #
 # usage: ynh_use_logrotate [logfile] [--non-append|--append] [specific_user/specific_group]
 # | arg: logfile - absolute path of logfile
 # | arg: --non-append - (Option) Replace the config file instead of appending this new config.
 # | arg: specific_user : run logrotate as the specified user and group. If not specified logrotate is runned as root.
 #
 # If no argument provided, a standard directory will be use. /var/log/${app}
 # You can provide a path with the directory only or with the logfile.
 # /parentdir/logdir
 # /parentdir/logdir/logfile.log
 #
 # It's possible to use this helper several times, each config will be added to the same logrotate config file.
 # Unless you use the option --non-append
 ynh_use_logrotate () {
 	local customtee="tee -a"
 	local user_group="${3:-}"
 	if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
 		customtee="tee"
 		# Destroy this argument for the next command.
 		shift
 	elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
 		customtee="tee"
 	fi
 	if [ $# -gt 0 ]; then
 		if [ "$(echo ${1##*.})" == "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile=$1	# In this case, focus logrotate on the logfile
 		else
 			local logfile=$1/*.log	# Else, uses the directory and all logfile into it.
 		fi
 	else
 		local logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
 	fi
 	local su_directive=""
 	if [[ -n $user_group ]]; then
 		su_directive="	# Run logorotate as specific user - group
 	su ${user_group%/*} ${user_group#*/}"
 	fi
 	cat > ./${app}-logrotate << EOF	# Build a config file for logrotate
 $logfile {
 		# Rotate if the logfile exceeds 100Mo
 	size 100M
 		# Keep 12 old log maximum
 	rotate 12
 		# Compress the logs with gzip
 	compress
 		# Compress the log at the next cycle. So keep always 2 non compressed logs
 	delaycompress
 		# Copy and truncate the log to allow to continue write on it. Instead of move the log.
 	copytruncate
 		# Do not do an error if the log is missing
 	missingok
 		# Not rotate if the log is empty
 	notifempty
 		# Keep old logs in the same dir
 	noolddir
 	$su_directive
 }
 EOF
 	sudo mkdir -p $(dirname "$logfile")	# Create the log directory, if not exist
 	cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null	# Append this config to the existing config file, or replace the whole config file (depending on $customtee)
 }
 # Remove the app's logrotate config.
 #
 # usage: ynh_remove_logrotate
 ynh_remove_logrotate () {
 	if [ -e "/etc/logrotate.d/$app" ]; then
 		sudo rm "/etc/logrotate.d/$app"
 	fi
 }
 # Create a dedicated systemd config
 #
 # usage: ynh_add_systemd_config [service] [template]
 # | arg: service - Service name (optionnal, $app by default)
 # | arg: template - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template)
 #
 # This will use the template ../conf/<templatename>.service
 # to generate a systemd config, by replacing the following keywords
 # with global variables that should be defined before calling
 # this helper :
 #
 #   __APP__       by  $app
 #   __FINALPATH__ by  $final_path
 #
 ynh_add_systemd_config () {
 	local service_name="${1:-$app}"
 	finalsystemdconf="/etc/systemd/system/$service_name.service"
 	ynh_backup_if_checksum_is_different "$finalsystemdconf"
 	sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${final_path:-}"; then
 		ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string "__APP__" "$app" "$finalsystemdconf"
 	fi
 	ynh_store_file_checksum "$finalsystemdconf"
 	sudo chown root: "$finalsystemdconf"
 	sudo systemctl enable $service_name
 	sudo systemctl daemon-reload
 }
 # Remove the dedicated systemd config
 #
 # usage: ynh_remove_systemd_config [service]
 # | arg: service - Service name (optionnal, $app by default)
 #
 ynh_remove_systemd_config () {
 	local service_name="${1:-$app}"
 	local finalsystemdconf="/etc/systemd/system/$service_name.service"
 	if [ -e "$finalsystemdconf" ]; then
 		sudo systemctl stop $service_name
 		sudo systemctl disable $service_name
 		ynh_secure_remove "$finalsystemdconf"
 		sudo systemctl daemon-reload
 	fi
 }
 # Create a dedicated nginx config
 #
 # usage: ynh_add_nginx_config "list of others variables to replace"
 #
 # | arg: list of others variables to replace separeted by a space
 # |      for example : 'path_2 port_2 ...'
 #
 # This will use a template in ../conf/nginx.conf
 #   __PATH__      by  $path_url
 #   __DOMAIN__    by  $domain
 #   __PORT__      by  $port
 #   __NAME__      by  $app
 #   __FINALPATH__ by  $final_path
 #
 #  And dynamic variables (from the last example) :
 #   __PATH_2__    by $path_2
 #   __PORT_2__    by $port_2
 #
 ynh_add_nginx_config () {
 	finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
 	local others_var=${1:-}
 	ynh_backup_if_checksum_is_different "$finalnginxconf"
 	sudo cp ../conf/nginx.conf "$finalnginxconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${path_url:-}"; then
 		# path_url_slash_less is path_url, or a blank value if path_url is only '/'
 		local path_url_slash_less=${path_url%/}
 		ynh_replace_string "__PATH__/" "$path_url_slash_less/" "$finalnginxconf"
 		ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf"
 	fi
 	if test -n "${domain:-}"; then
 		ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf"
 	fi
 	if test -n "${port:-}"; then
 		ynh_replace_string "__PORT__" "$port" "$finalnginxconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string "__NAME__" "$app" "$finalnginxconf"
 	fi
 	if test -n "${final_path:-}"; then
 		ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf"
 	fi
 	# Replace all other variable given as arguments
 	for var_to_replace in $others_var
 	do
 		# ${var_to_replace^^} make the content of the variable on upper-cases
 		# ${!var_to_replace} get the content of the variable named $var_to_replace 
 		ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalnginxconf"
 	done
 	if [ "${path_url:-}" != "/" ]
 	then
 		ynh_replace_string "^#sub_path_only" "" "$finalnginxconf"
 	else
 		ynh_replace_string "^#root_path_only" "" "$finalnginxconf"
 	fi
 	ynh_store_file_checksum "$finalnginxconf"
 	sudo systemctl reload nginx
 }
 # Remove the dedicated nginx config
 #
 # usage: ynh_remove_nginx_config
 ynh_remove_nginx_config () {
 	ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
 	sudo systemctl reload nginx
 }
 # Create a dedicated php-fpm config
 #
 # usage: ynh_add_fpm_config
 ynh_add_fpm_config () {
 	# Configure PHP-FPM 7.0 by default
 	local fpm_config_dir="/etc/php/7.0/fpm"
 	local fpm_service="php7.0-fpm"
 	# Configure PHP-FPM 5 on Debian Jessie
 	if [ "$(ynh_get_debian_release)" == "jessie" ]; then
 		fpm_config_dir="/etc/php5/fpm"
 		fpm_service="php5-fpm"
 	fi
 	ynh_app_setting_set $app fpm_config_dir "$fpm_config_dir"
 	ynh_app_setting_set $app fpm_service "$fpm_service"
 	finalphpconf="$fpm_config_dir/pool.d/$app.conf"
 	ynh_backup_if_checksum_is_different "$finalphpconf"
 	sudo cp ../conf/php-fpm.conf "$finalphpconf"
 	ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf"
 	ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf"
 	ynh_replace_string "__USER__" "$app" "$finalphpconf"
 	sudo chown root: "$finalphpconf"
 	ynh_store_file_checksum "$finalphpconf"
 	if [ -e "../conf/php-fpm.ini" ]
 	then
 		finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
 		ynh_backup_if_checksum_is_different "$finalphpini"
 		sudo cp ../conf/php-fpm.ini "$finalphpini"
 		sudo chown root: "$finalphpini"
 		ynh_store_file_checksum "$finalphpini"
 	fi
 	sudo systemctl reload $fpm_service
 }
 # Remove the dedicated php-fpm config
 #
 # usage: ynh_remove_fpm_config
 ynh_remove_fpm_config () {
 	local fpm_config_dir=$(ynh_app_setting_get $app fpm_config_dir)
 	local fpm_service=$(ynh_app_setting_get $app fpm_service)
 	# Assume php version 7 if not set
 	if [ -z "$fpm_config_dir" ]; then
 		fpm_config_dir="/etc/php/7.0/fpm"
 		fpm_service="php7.0-fpm"
 	fi
 	ynh_secure_remove "$fpm_config_dir/pool.d/$app.conf"
 	ynh_secure_remove "$fpm_config_dir/conf.d/20-$app.ini" 2>&1
 	sudo systemctl reload $fpm_service
 }
--- a/data/helpers.d/filesystem
+++ b/data/helpers.d/filesystem
@ -1,353 +0,0 @@
 CAN_BIND=${CAN_BIND:-1}
 # Add a file or a directory to the list of paths to backup
 # 
 # Note: this helper could be used in backup hook or in backup script inside an
 # app package
 #
 # Details: ynh_backup writes SRC and the relative DEST into a CSV file. And it
 # creates the parent destination directory 
 # 
 # If DEST is ended by a slash it complete this path with the basename of SRC.
 #
 # usage: ynh_backup src [dest [is_big [arg]]]
 # | arg: src - file or directory to bind or symlink or copy. it shouldn't be in
 # the backup dir. 
 # | arg: dest - destination file or directory inside the
 # backup dir
 # | arg: is_big - 1 to indicate data are big (mail, video, image ...)
 # | arg: arg - Deprecated arg
 #
 # example:
 # # Wordpress app context
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
 # # => This line will be added into CSV file
 # # "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf"
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "conf/nginx.conf"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/nginx.conf"
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "conf/"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/$app.conf"
 # 
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "conf"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf"
 #
 # #Deprecated usages (maintained for retro-compatibility)
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "${backup_dir}/conf/nginx.conf"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/nginx.conf"
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "/conf/"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/$app.conf"
 #
 ynh_backup() {
    # TODO find a way to avoid injection by file strange naming !
    local SRC_PATH="$1"
    local DEST_PATH="${2:-}"
    local IS_BIG="${3:-0}"
    BACKUP_CORE_ONLY=${BACKUP_CORE_ONLY:-0}
    # If backing up core only (used by ynh_backup_before_upgrade),
    # don't backup big data items
    if [ "$IS_BIG" == "1" ] && [ "$BACKUP_CORE_ONLY" == "1" ] ; then
      echo "$SRC_PATH will not be saved, because backup_core_only is set." >&2
      return 0
    fi
    # ==============================================================================
    # Format correctly source and destination paths
    # ==============================================================================
    # Be sure the source path is not empty
    [[ -e "${SRC_PATH}" ]] || {
        echo "!!! Source path '${SRC_PATH}' does not exist !!!" >&2
        # This is a temporary fix for fail2ban config files missing after the migration to stretch.
        if echo "${SRC_PATH}" | grep --quiet "/etc/fail2ban"
        then
 		touch "${SRC_PATH}"
 		echo "The missing file will be replaced by a dummy one for the backup !!!" >&2
        else
                return 1
        fi
    }
    # Transform the source path as an absolute path
    # If it's a dir remove the ending /
    SRC_PATH=$(realpath "$SRC_PATH")
    # If there is no destination path, initialize it with the source path
    # relative to "/".
    # eg: SRC_PATH=/etc/yunohost -> DEST_PATH=etc/yunohost
    if [[ -z "$DEST_PATH" ]]; then
        DEST_PATH="${SRC_PATH#/}"
    else
        if [[ "${DEST_PATH:0:1}" == "/" ]]; then
            # If the destination path is an absolute path, transform it as a path
            # relative to the current working directory ($YNH_CWD)
            #
            # If it's an app backup script that run this helper, YNH_CWD is equal to
            # $YNH_BACKUP_DIR/apps/APP_INSTANCE_NAME/backup/
            #
            # If it's a system part backup script, YNH_CWD is equal to $YNH_BACKUP_DIR
            DEST_PATH="${DEST_PATH#$YNH_CWD/}"
            # Case where $2 is an absolute dir but doesn't begin with $YNH_CWD
            [[ "${DEST_PATH:0:1}" == "/" ]] \
                && DEST_PATH="${DEST_PATH#/}"
        fi
        # Complete DEST_PATH if ended by a /
        [[ "${DEST_PATH: -1}" == "/" ]] \
            &&  DEST_PATH="${DEST_PATH}/$(basename $SRC_PATH)"
    fi
    # Check if DEST_PATH already exists in tmp archive
    [[ ! -e "${DEST_PATH}" ]] || {
        echo "Destination path '${DEST_PATH}' already exist" >&2
        return 1
    }
    # Add the relative current working directory to the destination path
    local REL_DIR="${YNH_CWD#$YNH_BACKUP_DIR}"
    REL_DIR="${REL_DIR%/}/"
    DEST_PATH="${REL_DIR}${DEST_PATH}"
    DEST_PATH="${DEST_PATH#/}"
    # ==============================================================================
    # ==============================================================================
    # Write file to backup into backup_list
    # ==============================================================================
    local SRC=$(echo "${SRC_PATH}" | sed -r 's/"/\"\"/g')
    local DEST=$(echo "${DEST_PATH}" | sed -r 's/"/\"\"/g')
    echo "\"${SRC}\",\"${DEST}\"" >> "${YNH_BACKUP_CSV}"
    # ==============================================================================
    # Create the parent dir of the destination path
    # It's for retro compatibility, some script consider ynh_backup creates this dir
    mkdir -p $(dirname "$YNH_BACKUP_DIR/${DEST_PATH}")
 }
 # Restore all files linked to the restore hook or to the restore app script
 #
 # usage: ynh_restore
 #
 ynh_restore () {
    # Deduce the relative path of $YNH_CWD
    local REL_DIR="${YNH_CWD#$YNH_BACKUP_DIR/}"
    REL_DIR="${REL_DIR%/}/"
    # For each destination path begining by $REL_DIR
    cat ${YNH_BACKUP_CSV} | tr -d $'\r' | grep -ohP "^\".*\",\"$REL_DIR.*\"$" | \
    while read line; do
        local ORIGIN_PATH=$(echo "$line" | grep -ohP "^\"\K.*(?=\",\".*\"$)")
        local ARCHIVE_PATH=$(echo "$line" | grep -ohP "^\".*\",\"$REL_DIR\K.*(?=\"$)")
        ynh_restore_file "$ARCHIVE_PATH" "$ORIGIN_PATH"
    done
 }
 # Return the path in the archive where has been stocked the origin path
 #
 # [internal]
 #
 # usage: _get_archive_path ORIGIN_PATH
 _get_archive_path () {
    # For security reasons we use csv python library to read the CSV
    sudo python -c "
 import sys
 import csv
 with open(sys.argv[1], 'r') as backup_file:
    backup_csv = csv.DictReader(backup_file, fieldnames=['source', 'dest'])
    for row in backup_csv:
        if row['source']==sys.argv[2].strip('\"'):
            print row['dest']
            sys.exit(0)
    raise Exception('Original path for %s not found' % sys.argv[2])
    "  "${YNH_BACKUP_CSV}" "$1"
    return $?
 }
 # Restore a file or a directory 
 #
 # Use the registered path in backup_list by ynh_backup to restore the file at
 # the good place.
 #
 # usage: ynh_restore_file ORIGIN_PATH [ DEST_PATH ]
 # | arg: ORIGIN_PATH - Path where was located the file or the directory before
 # to be backuped or relative path to $YNH_CWD where it is located in the backup archive
 # | arg: DEST_PATH   - Path where restore the file or the dir, if unspecified,
 # the destination will be ORIGIN_PATH or if the ORIGIN_PATH doesn't exist in
 # the archive, the destination will be searched into backup.csv
 #
 # If DEST_PATH already exists and is lighter than 500 Mo, a backup will be made in 
 # /home/yunohost.conf/backup/. Otherwise, the existing file is removed.
 #
 # examples:
 # ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 # # if apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf exists, restore it into
 # # /etc/nginx/conf.d/$domain.d/$app.conf
 # # if no, search a correspondance in the csv (eg: conf/nginx.conf) and restore it into
 # # /etc/nginx/conf.d/$domain.d/$app.conf
 #
 # # DON'T GIVE THE ARCHIVE PATH:
 # ynh_restore_file "conf/nginx.conf"
 #
 ynh_restore_file () {
    local ORIGIN_PATH="/${1#/}"
    local ARCHIVE_PATH="$YNH_CWD${ORIGIN_PATH}"
    # Default value for DEST_PATH = /$ORIGIN_PATH
    local DEST_PATH="${2:-$ORIGIN_PATH}"
    # If ARCHIVE_PATH doesn't exist, search for a corresponding path in CSV
    if [ ! -d "$ARCHIVE_PATH" ] && [ ! -f "$ARCHIVE_PATH" ] && [ ! -L "$ARCHIVE_PATH" ]; then
        ARCHIVE_PATH="$YNH_BACKUP_DIR/$(_get_archive_path \"$ORIGIN_PATH\")"
    fi
    # Move the old directory if it already exists
    if [[ -e "${DEST_PATH}" ]]
    then
        # Check if the file/dir size is less than 500 Mo
        if [[ $(du -sb ${DEST_PATH} | cut -d"/" -f1) -le "500000000" ]]
        then
            local backup_file="/home/yunohost.conf/backup/${DEST_PATH}.backup.$(date '+%Y%m%d.%H%M%S')"
            mkdir -p "$(dirname "$backup_file")"
            mv "${DEST_PATH}" "$backup_file"	# Move the current file or directory
        else
            ynh_secure_remove ${DEST_PATH}
        fi
    fi
    # Restore ORIGIN_PATH into DEST_PATH
    mkdir -p $(dirname "$DEST_PATH")
    # Do a copy if it's just a mounting point
    if mountpoint -q $YNH_BACKUP_DIR; then
        if [[ -d "${ARCHIVE_PATH}" ]]; then
            ARCHIVE_PATH="${ARCHIVE_PATH}/."
            mkdir -p "$DEST_PATH"
        fi
        cp -a "$ARCHIVE_PATH" "${DEST_PATH}"
    # Do a move if YNH_BACKUP_DIR is already a copy
    else
        mv "$ARCHIVE_PATH" "${DEST_PATH}"
    fi
 }
 # Deprecated helper since it's a dangerous one!
 #
 # [internal]
 #
 ynh_bind_or_cp() {
    local AS_ROOT=${3:-0}
    local NO_ROOT=0
    [[ "${AS_ROOT}" = "1" ]] || NO_ROOT=1
    echo "This helper is deprecated, you should use ynh_backup instead" >&2
    ynh_backup "$1" "$2" 1
 }
 # Create a directory under /tmp
 #
 # [internal]
 #
 # Deprecated helper
 #
 # usage: ynh_mkdir_tmp
 # | ret: the created directory path
 ynh_mkdir_tmp() {
    echo "The helper ynh_mkdir_tmp is deprecated." >&2
    echo "You should use 'mktemp -d' instead and manage permissions \
 properly with chmod/chown." >&2
    local TMP_DIR=$(mktemp -d)
    # Give rights to other users could be a security risk.
    # But for retrocompatibility we need it. (This helpers is deprecated)
    chmod 755 $TMP_DIR
    echo $TMP_DIR
 }
 # Calculate and store a file checksum into the app settings
 #
 # $app should be defined when calling this helper
 #
 # usage: ynh_store_file_checksum file
 # | arg: file - The file on which the checksum will performed, then stored.
 ynh_store_file_checksum () {
 	local checksum_setting_name=checksum_${1//[\/ ]/_}	# Replace all '/' and ' ' by '_'
 	ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1)
 }
 # Verify the checksum and backup the file if it's different
 # This helper is primarily meant to allow to easily backup personalised/manually 
 # modified config files.
 #
 # $app should be defined when calling this helper
 #
 # usage: ynh_backup_if_checksum_is_different file
 # | arg: file - The file on which the checksum test will be perfomed.
 #
 # | ret: Return the name a the backup file, or nothing
 ynh_backup_if_checksum_is_different () {
 	local file=$1
 	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
 	local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name)
 	if [ -n "$checksum_value" ]
 	then	# Proceed only if a value was stored into the app settings
 		if ! echo "$checksum_value $file" | sudo md5sum -c --status
 		then	# If the checksum is now different
 			local backup_file="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
 			sudo mkdir -p "$(dirname "$backup_file")"
 			sudo cp -a "$file" "$backup_file"	# Backup the current file
 			echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2
 			echo "$backup_file"	# Return the name of the backup file
 		fi
 	fi
 }
 # Delete a file checksum from the app settings
 #
 # $app should be defined when calling this helper
 #
 # usage: ynh_remove_file_checksum file
 # | arg: -f, --file= - The file for which the checksum will be deleted
 ynh_delete_file_checksum () {
 	# Declare an array to define the options of this helper.
 	declare -Ar args_array=( [f]=file= )
 	local file
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
 	ynh_app_setting_delete $app $checksum_setting_name
 }
 # Remove a file or a directory securely
 #
 # usage: ynh_secure_remove path_to_remove
 # | arg: path_to_remove - File or directory to remove
 ynh_secure_remove () {
 	local path_to_remove=$1
 	local forbidden_path=" \
 	/var/www \
 	/home/yunohost.app"
 	if [[ "$forbidden_path" =~ "$path_to_remove" \
 		# Match all paths or subpaths in $forbidden_path
 		|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
 		# Match all first level paths from / (Like /var, /root, etc...)
 		|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
 		# Match if the path finishes by /. Because it seems there is an empty variable
 	then
 		echo "Avoid deleting $path_to_remove." >&2
 	else
 		if [ -e "$path_to_remove" ]
 		then
 			sudo rm -R "$path_to_remove"
 		else
 			echo "$path_to_remove wasn't deleted because it doesn't exist." >&2
 		fi
 	fi
 }
--- a/data/helpers.d/getopts
+++ b/data/helpers.d/getopts
@ -1,194 +0,0 @@
 #!/bin/bash
 # Internal helper design to allow helpers to use getopts to manage their arguments
 #
 # [internal]
 #
 # example: function my_helper()
 # {
 #     declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
 #     local arg1
 #     local arg2
 #     local arg3
 #     ynh_handle_getopts_args "$@"
 #
 #     [...]
 # }
 # my_helper --arg1 "val1" -b val2 -c
 #
 # usage: ynh_handle_getopts_args "$@"
 # | arg: $@    - Simply "$@" to tranfert all the positionnal arguments to the function
 #
 # This helper need an array, named "args_array" with all the arguments used by the helper
 # 	that want to use ynh_handle_getopts_args
 # Be carreful, this array has to be an associative array, as the following example:
 # declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
 # Let's explain this array:
 # a, b and c are short options, -a, -b and -c
 # arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
 # For each option, a short and long version has to be defined.
 # Let's see something more significant
 # declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
 #
 # NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
 #
 # Please keep in mind that the long option will be used as a variable to store the values for this option.
 # For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
 #
 # Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
 # So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
 # If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
 # For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
 #
 # To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
 # The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
 # e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
 ynh_handle_getopts_args () {
 	# Manage arguments only if there's some provided
 	set +x
 	if [ $# -ne 0 ]
 	then
 		# Store arguments in an array to keep each argument separated
 		local arguments=("$@")
 		# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
 		# And built parameters string for getopts
 		# ${!args_array[@]} is the list of all keys in the array (A key is 'u' in [u]=user, user is a value)
 		local getopts_parameters=""
 		local key=""
 		for key in "${!args_array[@]}"
 		do
 			# Concatenate each keys of the array to build the string of arguments for getopts
 			# Will looks like 'abcd' for -a -b -c -d
 			# If the value of a key finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
 			# Check the last character of the value associate to the key
 			if [ "${args_array[$key]: -1}" = "=" ]
 			then
 				# For an option with additionnal values, add a ':' after the letter for getopts.
 				getopts_parameters="${getopts_parameters}${key}:"
 			else
 				getopts_parameters="${getopts_parameters}${key}"
 			fi
 			# Check each argument given to the function
 			local arg=""
 			# ${#arguments[@]} is the size of the array
 			for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
 			do
 				# And replace long option (value of the key) by the short option, the key itself
 				# (e.g. for [u]=user, --user will be -u)
 				# Replace long option with =
 				arguments[arg]="${arguments[arg]//--${args_array[$key]}/-${key} }"
 				# And long option without =
 				arguments[arg]="${arguments[arg]//--${args_array[$key]%=}/-${key}}"
 			done
 		done
 		# Read and parse all the arguments
 		# Use a function here, to use standart arguments $@ and be able to use shift.
 		parse_arg () {
 			# Read all arguments, until no arguments are left
 			while [ $# -ne 0 ]
 			do
 				# Initialize the index of getopts
 				OPTIND=1
 				# Parse with getopts only if the argument begin by -, that means the argument is an option
 				# getopts will fill $parameter with the letter of the option it has read.
 				local parameter=""
 				getopts ":$getopts_parameters" parameter || true
 				if [ "$parameter" = "?" ]
 				then
 					ynh_die "Invalid argument: -${OPTARG:-}"
 				elif [ "$parameter" = ":" ]
 				then
 					ynh_die "-$OPTARG parameter requires an argument."
 				else
 					local shift_value=1
 					# Use the long option, corresponding to the short option read by getopts, as a variable
 					# (e.g. for [u]=user, 'user' will be used as a variable)
 					# Also, remove '=' at the end of the long option
 					# The variable name will be stored in 'option_var'
 					local option_var="${args_array[$parameter]%=}"
 					# If this option doesn't take values
 					# if there's a '=' at the end of the long option name, this option takes values
 					if [ "${args_array[$parameter]: -1}" != "=" ]
 					then
 						# 'eval ${option_var}' will use the content of 'option_var'
 						eval ${option_var}=1
 					else
 						# Read all other arguments to find multiple value for this option.
 						# Load args in a array
 						local all_args=("$@")
 						# If the first argument is longer than 2 characters,
 						# There's a value attached to the option, in the same array cell
 						if [ ${#all_args[0]} -gt 2 ]; then
 							# Remove the option and the space, so keep only the value itself.
 							all_args[0]="${all_args[0]#-${parameter} }"
 							# Reduce the value of shift, because the option has been removed manually
 							shift_value=$(( shift_value - 1 ))
 						fi
 						# Then read the array value per value
 						for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
 						do
 							# If this argument is an option, end here.
 							if [ "${all_args[$i]:0:1}" == "-" ] || [ -z "${all_args[$i]}" ]
 							then
 								# Ignore the first value of the array, which is the option itself
 								if [ "$i" -ne 0 ]; then
 									break
 								fi
 							else
 								# Declare the content of option_var as a variable.
 								eval ${option_var}=""
 								# Else, add this value to this option
 								# Each value will be separated by ';'
 								if [ -n "${!option_var}" ]
 								then
 									# If there's already another value for this option, add a ; before adding the new value
 									eval ${option_var}+="\;"
 								fi
 								eval ${option_var}+=\"${all_args[$i]}\"
 								shift_value=$(( shift_value + 1 ))
 							fi
 						done
 					fi
 				fi
 				# Shift the parameter and its argument(s)
 				shift $shift_value
 			done
 		}
 		# LEGACY MODE
 		# Check if there's getopts arguments
 		if [ "${arguments[0]:0:1}" != "-" ]
 		then
 			# If not, enter in legacy mode and manage the arguments as positionnal ones.
 			echo "! Helper used in legacy mode !"
 			for i in `seq 0 $(( ${#arguments[@]} -1 ))`
 			do
 				# Use getopts_parameters as a list of key of the array args_array
 				# Remove all ':' in getopts_parameters
 				getopts_parameters=${getopts_parameters//:}
 				# Get the key from getopts_parameters, by using the key according to the position of the argument.
 				key=${getopts_parameters:$i:1}
 				# Use the long option, corresponding to the key, as a variable
 				# (e.g. for [u]=user, 'user' will be used as a variable)
 				# Also, remove '=' at the end of the long option
 				# The variable name will be stored in 'option_var'
 				local option_var="${args_array[$key]%=}"
 				# Store each value given as argument in the corresponding variable
 				# The values will be stored in the same order than $args_array
 				eval ${option_var}+=\"${arguments[$i]}\"
 			done
 		else
 			# END LEGACY MODE
 			# Call parse_arg and pass the modified list of args as an array of arguments.
 			parse_arg "${arguments[@]}"
 		fi
 	fi
 	set -x
 }
--- a/data/helpers.d/ip
+++ b/data/helpers.d/ip
@ -1,52 +0,0 @@
 # Validate an IP address
 #
 # usage: ynh_validate_ip [family] [ip_address]
 # | ret: 0 for valid ip addresses, 1 otherwise
 #
 # example: ynh_validate_ip 4 111.222.333.444
 #
 ynh_validate_ip()
 {
  # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
  local IP_ADDRESS_FAMILY=$1
  local IP_ADDRESS=$2
  [ "$IP_ADDRESS_FAMILY" == "4" ] || [ "$IP_ADDRESS_FAMILY" == "6" ] || return 1
  python /dev/stdin << EOF
 import socket
 import sys
 family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
 try:
    socket.inet_pton(family["$IP_ADDRESS_FAMILY"], "$IP_ADDRESS")
 except socket.error:
    sys.exit(1)
 sys.exit(0)
 EOF
 }
 # Validate an IPv4 address
 #
 # example: ynh_validate_ip4 111.222.333.444
 #
 # usage: ynh_validate_ip4 <ip_address>
 # | ret: 0 for valid ipv4 addresses, 1 otherwise
 #
 ynh_validate_ip4()
 {
  ynh_validate_ip 4 $1
 }
 # Validate an IPv6 address
 #
 # example: ynh_validate_ip6 2000:dead:beef::1
 #
 # usage: ynh_validate_ip6 <ip_address>
 # | ret: 0 for valid ipv6 addresses, 1 otherwise
 #
 ynh_validate_ip6()
 {
  ynh_validate_ip 6 $1
 }
--- a/data/helpers.d/mysql
+++ b/data/helpers.d/mysql
@ -1,172 +0,0 @@
 MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql
 # Open a connection as a user
 #
 # example: ynh_mysql_connect_as 'user' 'pass' <<< "UPDATE ...;"
 # example: ynh_mysql_connect_as 'user' 'pass' < /path/to/file.sql
 #
 # usage: ynh_mysql_connect_as user pwd [db]
 # | arg: user - the user name to connect as
 # | arg: pwd - the user password
 # | arg: db - the database to connect to
 ynh_mysql_connect_as() {
    mysql -u "$1" --password="$2" -B "${3:-}"
 }
 # Execute a command as root user
 #
 # usage: ynh_mysql_execute_as_root sql [db]
 # | arg: sql - the SQL command to execute
 # | arg: db - the database to connect to
 ynh_mysql_execute_as_root() {
    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
        "${2:-}" <<< "$1"
 }
 # Execute a command from a file as root user
 #
 # usage: ynh_mysql_execute_file_as_root file [db]
 # | arg: file - the file containing SQL commands
 # | arg: db - the database to connect to
 ynh_mysql_execute_file_as_root() {
    ynh_mysql_connect_as "root" "$(sudo cat $MYSQL_ROOT_PWD_FILE)" \
        "${2:-}" < "$1"
 }
 # Create a database and grant optionnaly privilegies to a user
 #
 # [internal]
 #
 # usage: ynh_mysql_create_db db [user [pwd]]
 # | arg: db - the database name to create
 # | arg: user - the user to grant privilegies
 # | arg: pwd - the password to identify user by
 ynh_mysql_create_db() {
    local db=$1
    local sql="CREATE DATABASE ${db};"
    # grant all privilegies to user
    if [[ $# -gt 1 ]]; then
        sql+=" GRANT ALL PRIVILEGES ON ${db}.* TO '${2}'@'localhost'"
        [[ -n ${3:-} ]] && sql+=" IDENTIFIED BY '${3}'"
        sql+=" WITH GRANT OPTION;"
    fi
    ynh_mysql_execute_as_root "$sql"
 }
 # Drop a database
 #
 # [internal]
 #
 # If you intend to drop the database *and* the associated user,
 # consider using ynh_mysql_remove_db instead.
 #
 # usage: ynh_mysql_drop_db db
 # | arg: db - the database name to drop
 ynh_mysql_drop_db() {
    ynh_mysql_execute_as_root "DROP DATABASE ${1};"
 }
 # Dump a database
 #
 # example: ynh_mysql_dump_db 'roundcube' > ./dump.sql
 #
 # usage: ynh_mysql_dump_db db
 # | arg: db - the database name to dump
 # | ret: the mysqldump output
 ynh_mysql_dump_db() {
    mysqldump -u "root" -p"$(sudo cat $MYSQL_ROOT_PWD_FILE)" --single-transaction --skip-dump-date "$1"
 }
 # Create a user
 #
 # [internal]
 #
 # usage: ynh_mysql_create_user user pwd [host]
 # | arg: user - the user name to create
 # | arg: pwd - the password to identify user by
 ynh_mysql_create_user() {
    ynh_mysql_execute_as_root \
        "CREATE USER '${1}'@'localhost' IDENTIFIED BY '${2}';"
 }
 # Check if a mysql user exists
 #
 # usage: ynh_mysql_user_exists user
 # | arg: user - the user for which to check existence
 ynh_mysql_user_exists()
 {
   local user=$1
   if [[ -z $(ynh_mysql_execute_as_root "SELECT User from mysql.user WHERE User = '$user';") ]]
   then
      return 1
   else
      return 0
   fi
 }
 # Drop a user
 #
 # [internal]
 #
 # usage: ynh_mysql_drop_user user
 # | arg: user - the user name to drop
 ynh_mysql_drop_user() {
    ynh_mysql_execute_as_root "DROP USER '${1}'@'localhost';"
 }
 # Create a database, an user and its password. Then store the password in the app's config
 #
 # After executing this helper, the password of the created database will be available in $db_pwd
 # It will also be stored as "mysqlpwd" into the app settings.
 #
 # usage: ynh_mysql_setup_db user name [pwd]
 # | arg: user - Owner of the database
 # | arg: name - Name of the database
 # | arg: pwd - Password of the database. If not given, a password will be generated
 ynh_mysql_setup_db () {
 	local db_user="$1"
 	local db_name="$2"
 	local new_db_pwd=$(ynh_string_random)	# Generate a random password
 	# If $3 is not given, use new_db_pwd instead for db_pwd.
 	db_pwd="${3:-$new_db_pwd}"
 	ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd"	# Create the database
 	ynh_app_setting_set $app mysqlpwd $db_pwd	# Store the password in the app's config
 }
 # Remove a database if it exists, and the associated user
 #
 # usage: ynh_mysql_remove_db user name
 # | arg: user - Owner of the database
 # | arg: name - Name of the database
 ynh_mysql_remove_db () {
 	local db_user="$1"
 	local db_name="$2"
 	local mysql_root_password=$(sudo cat $MYSQL_ROOT_PWD_FILE)
 	if mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"; then	# Check if the database exists
 		echo "Removing database $db_name" >&2
 		ynh_mysql_drop_db $db_name	# Remove the database	
 	else
 		echo "Database $db_name not found" >&2
 	fi
 	# Remove mysql user if it exists
        if $(ynh_mysql_user_exists $db_user); then
 		ynh_mysql_drop_user $db_user
 	fi
 }
 # Sanitize a string intended to be the name of a database
 # (More specifically : replace - and . by _)
 #
 # example: dbname=$(ynh_sanitize_dbid $app)
 #
 # usage: ynh_sanitize_dbid name
 # | arg: name - name to correct/sanitize
 # | ret: the corrected name
 ynh_sanitize_dbid () {
 	local dbid=${1//[-.]/_}	# We should avoid having - and . in the name of databases. They are replaced by _
 	echo $dbid
 }
--- a/data/helpers.d/network
+++ b/data/helpers.d/network
@ -1,67 +0,0 @@
 # Normalize the url path syntax
 # Handle the slash at the beginning of path and its absence at ending
 # Return a normalized url path
 #
 # example: url_path=$(ynh_normalize_url_path $url_path)
 #          ynh_normalize_url_path example -> /example
 #          ynh_normalize_url_path /example -> /example
 #          ynh_normalize_url_path /example/ -> /example
 #          ynh_normalize_url_path / -> /
 #
 # usage: ynh_normalize_url_path path_to_normalize
 # | arg: url_path_to_normalize - URL path to normalize before using it
 ynh_normalize_url_path () {
 	local path_url=$1
 	test -n "$path_url" || ynh_die "ynh_normalize_url_path expect a URL path as first argument and received nothing."
 	if [ "${path_url:0:1}" != "/" ]; then    # If the first character is not a /
 		path_url="/$path_url"    # Add / at begin of path variable
 	fi
 	if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then    # If the last character is a / and that not the only character.
 		path_url="${path_url:0:${#path_url}-1}"	# Delete the last character
 	fi
 	echo $path_url
 }
 # Find a free port and return it
 #
 # example: port=$(ynh_find_port 8080)
 #
 # usage: ynh_find_port begin_port
 # | arg: begin_port - port to start to search
 ynh_find_port () {
 	local port=$1
 	test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port."
 	while netcat -z 127.0.0.1 $port       # Check if the port is free
 	do
 		port=$((port+1))	# Else, pass to next port
 	done
 	echo $port
 }
 # Check availability of a web path
 #
 # example: ynh_webpath_available some.domain.tld /coffee
 #
 # usage: ynh_webpath_available domain path
 # | arg: domain - the domain/host of the url
 # | arg: path - the web path to check the availability of
 ynh_webpath_available () {
 	local domain=$1
 	local path=$2
 	sudo yunohost domain url-available $domain $path
 }
 # Register/book a web path for an app
 #
 # example: ynh_webpath_register wordpress some.domain.tld /coffee
 #
 # usage: ynh_webpath_register app domain path
 # | arg: app - the app for which the domain should be registered
 # | arg: domain - the domain/host of the web path
 # | arg: path - the web path to be registered
 ynh_webpath_register () {
 	local app=$1
 	local domain=$2
 	local path=$3
 	sudo yunohost app register-url $app $domain $path
 }
--- a/data/helpers.d/nodejs
+++ b/data/helpers.d/nodejs
@ -1,198 +0,0 @@
 n_install_dir="/opt/node_n"
 node_version_path="$n_install_dir/n/versions/node"
 # N_PREFIX is the directory of n, it needs to be loaded as a environment variable.
 export N_PREFIX="$n_install_dir"
 # Install Node version management
 #
 # [internal]
 #
 # usage: ynh_install_n
 ynh_install_n () {
 	echo "Installation of N - Node.js version management" >&2
 	# Build an app.src for n
 	mkdir -p "../conf"
 	echo "SOURCE_URL=https://github.com/tj/n/archive/v2.1.7.tar.gz
 SOURCE_SUM=2ba3c9d4dd3c7e38885b37e02337906a1ee91febe6d5c9159d89a9050f2eea8f" > "../conf/n.src"
 	# Download and extract n
 	ynh_setup_source "$n_install_dir/git" n
 	# Install n
 	(cd "$n_install_dir/git"
 	PREFIX=$N_PREFIX make install 2>&1)
 }
 # Load the version of node for an app, and set variables.
 #
 # ynh_use_nodejs has to be used in any app scripts before using node for the first time.
 #
 # 2 variables are available:
 #   - $nodejs_path: The absolute path of node for the chosen version.
 #   - $nodejs_version: Just the version number of node for this app. Stored as 'nodejs_version' in settings.yml.
 # And 2 alias stored in variables:
 #   - $nodejs_use_version: An old variable, not used anymore. Keep here to not break old apps
 #     NB: $PATH will contain the path to node, it has to be propagated to any other shell which needs to use it.
 #     That's means it has to be added to any systemd script.
 #
 # usage: ynh_use_nodejs
 ynh_use_nodejs () {
 	nodejs_version=$(ynh_app_setting_get $app nodejs_version)
 	nodejs_use_version="echo \"Deprecated command, should be removed\""
 	# Get the absolute path of this version of node
 	nodejs_path="$node_version_path/$nodejs_version/bin"
 	# Load the path of this version of node in $PATH
 	[[ :$PATH: == *":$nodejs_path"* ]] || PATH="$nodejs_path:$PATH"
 }
 # Install a specific version of nodejs
 #
 # n (Node version management) uses the PATH variable to store the path of the version of node it is going to use.
 # That's how it changes the version
 #
 # ynh_install_nodejs will install the version of node provided as argument by using n.
 #
 # usage: ynh_install_nodejs [nodejs_version]
 # | arg: nodejs_version - Version of node to install.
 #        If possible, prefer to use major version number (e.g. 8 instead of 8.10.0).
 #        The crontab will handle the update of minor versions when needed.
 ynh_install_nodejs () {
 	# Use n, https://github.com/tj/n to manage the nodejs versions
 	nodejs_version="$1"
 	# Create $n_install_dir
 	mkdir -p "$n_install_dir"
 	# Load n path in PATH
 	CLEAR_PATH="$n_install_dir/bin:$PATH"
 	# Remove /usr/local/bin in PATH in case of node prior installation
 	PATH=$(echo $CLEAR_PATH | sed 's@/usr/local/bin:@@')
 	# Move an existing node binary, to avoid to block n.
 	test -x /usr/bin/node && mv /usr/bin/node /usr/bin/node_n
 	test -x /usr/bin/npm && mv /usr/bin/npm /usr/bin/npm_n
 	# If n is not previously setup, install it
 	if ! test $(n --version > /dev/null 2>&1)
 	then
 		ynh_install_n
 	fi
 	# Modify the default N_PREFIX in n script
 	ynh_replace_string "^N_PREFIX=\${N_PREFIX-.*}$" "N_PREFIX=\${N_PREFIX-$N_PREFIX}" "$n_install_dir/bin/n"
 	# Restore /usr/local/bin in PATH
 	PATH=$CLEAR_PATH
 	# And replace the old node binary.
 	test -x /usr/bin/node_n && mv /usr/bin/node_n /usr/bin/node
 	test -x /usr/bin/npm_n && mv /usr/bin/npm_n /usr/bin/npm
 	# Install the requested version of nodejs
 	n $nodejs_version
 	# Find the last "real" version for this major version of node.
 	real_nodejs_version=$(find $node_version_path/$nodejs_version* -maxdepth 0 | sort --version-sort | tail --lines=1)
 	real_nodejs_version=$(basename $real_nodejs_version)
 	# Create a symbolic link for this major version if the file doesn't already exist
 	if [ ! -e "$node_version_path/$nodejs_version" ]
 	then
 		ln --symbolic --force --no-target-directory $node_version_path/$real_nodejs_version $node_version_path/$nodejs_version
 	fi
 	# Store the ID of this app and the version of node requested for it
 	echo "$YNH_APP_ID:$nodejs_version" | tee --append "$n_install_dir/ynh_app_version"
 	# Store nodejs_version into the config of this app
 	ynh_app_setting_set $app nodejs_version $nodejs_version
 	# Build the update script and set the cronjob
 	ynh_cron_upgrade_node
 	ynh_use_nodejs
 }
 # Remove the version of node used by the app.
 #
 # This helper will check if another app uses the same version of node,
 # if not, this version of node will be removed.
 # If no other app uses node, n will be also removed.
 #
 # usage: ynh_remove_nodejs
 ynh_remove_nodejs () {
 	nodejs_version=$(ynh_app_setting_get $app nodejs_version)
 	# Remove the line for this app
 	sed --in-place "/$YNH_APP_ID:$nodejs_version/d" "$n_install_dir/ynh_app_version"
 	# If no other app uses this version of nodejs, remove it.
 	if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version"
 	then
 		$n_install_dir/bin/n rm $nodejs_version
 	fi
 	# If no other app uses n, remove n
 	if [ ! -s "$n_install_dir/ynh_app_version" ]
 	then
 		ynh_secure_remove "$n_install_dir"
 		ynh_secure_remove "/usr/local/n"
 		sed --in-place "/N_PREFIX/d" /root/.bashrc
 		rm -f /etc/cron.daily/node_update
 	fi
 }
 # Set a cron design to update your node versions
 #
 # [internal]
 #
 # This cron will check and update all minor node versions used by your apps.
 #
 # usage: ynh_cron_upgrade_node
 ynh_cron_upgrade_node () {
 	# Build the update script
 	cat > "$n_install_dir/node_update.sh" << EOF
 #!/bin/bash
 version_path="$node_version_path"
 n_install_dir="$n_install_dir"
 # Log the date
 date
 # List all real installed version of node
 all_real_version="\$(find \$version_path/* -maxdepth 0 -type d | sed "s@\$version_path/@@g")"
 # Keep only the major version number of each line
 all_real_version=\$(echo "\$all_real_version" | sed 's/\..*\$//')
 # Remove double entries
 all_real_version=\$(echo "\$all_real_version" | sort --unique)
 # Read each major version
 while read version
 do
 	echo "Update of the version \$version"
 	sudo \$n_install_dir/bin/n \$version
 	# Find the last "real" version for this major version of node.
 	real_nodejs_version=\$(find \$version_path/\$version* -maxdepth 0 | sort --version-sort | tail --lines=1)
 	real_nodejs_version=\$(basename \$real_nodejs_version)
 	# Update the symbolic link for this version
 	sudo ln --symbolic --force --no-target-directory \$version_path/\$real_nodejs_version \$version_path/\$version
 done <<< "\$(echo "\$all_real_version")"
 EOF
 	chmod +x "$n_install_dir/node_update.sh"
 	# Build the cronjob
 	cat > "/etc/cron.daily/node_update" << EOF
 #!/bin/bash
 $n_install_dir/node_update.sh >> $n_install_dir/node_update.log
 EOF
 	chmod +x "/etc/cron.daily/node_update"
 }
--- a/data/helpers.d/package
+++ b/data/helpers.d/package
@ -1,192 +0,0 @@
 # Check if apt is free to use, or wait, until timeout.
 #
 # [internal]
 #
 # usage: ynh_wait_dpkg_free
 ynh_wait_dpkg_free() {
    local try
    # With seq 1 17, timeout will be almost 30 minutes
    for try in `seq 1 17`
    do
        # Check if /var/lib/dpkg/lock is used by another process
        if sudo lsof /var/lib/dpkg/lock > /dev/null
        then
            echo "apt is already in use..."
            # Sleep an exponential time at each round
            sleep $(( try * try ))
        else
            return 0
        fi
    done
    echo "apt still used, but timeout reached !"
 }
 # Check either a package is installed or not
 #
 # example: ynh_package_is_installed 'yunohost' && echo "ok"
 #
 # usage: ynh_package_is_installed name
 # | arg: name - the package name to check
 ynh_package_is_installed() {
    ynh_wait_dpkg_free
    dpkg-query -W -f '${Status}' "$1" 2>/dev/null \
        | grep -c "ok installed" &>/dev/null
 }
 # Get the version of an installed package
 #
 # example: version=$(ynh_package_version 'yunohost')
 #
 # usage: ynh_package_version name
 # | arg: name - the package name to get version
 # | ret: the version or an empty string
 ynh_package_version() {
    if ynh_package_is_installed "$1"; then
        dpkg-query -W -f '${Version}' "$1" 2>/dev/null
    else
        echo ''
    fi
 }
 # APT wrapper for non-interactive operation
 #
 # [internal]
 #
 # usage: ynh_apt update
 ynh_apt() {
    ynh_wait_dpkg_free
    DEBIAN_FRONTEND=noninteractive sudo apt-get -y $@
 }
 # Update package index files
 #
 # usage: ynh_package_update
 ynh_package_update() {
    ynh_apt update
 }
 # Install package(s)
 #
 # usage: ynh_package_install name [name [...]]
 # | arg: name - the package name to install
 ynh_package_install() {
    ynh_apt --no-remove -o Dpkg::Options::=--force-confdef \
            -o Dpkg::Options::=--force-confold install $@
 }
 # Remove package(s)
 #
 # usage: ynh_package_remove name [name [...]]
 # | arg: name - the package name to remove
 ynh_package_remove() {
    ynh_apt remove $@
 }
 # Remove package(s) and their uneeded dependencies
 #
 # usage: ynh_package_autoremove name [name [...]]
 # | arg: name - the package name to remove
 ynh_package_autoremove() {
    ynh_apt autoremove $@
 }
 # Purge package(s) and their uneeded dependencies
 #
 # usage: ynh_package_autopurge name [name [...]]
 # | arg: name - the package name to autoremove and purge
 ynh_package_autopurge() {
    ynh_apt autoremove --purge $@
 }
 # Build and install a package from an equivs control file
 #
 # [internal]
 #
 # example: generate an empty control file with `equivs-control`, adjust its
 #          content and use helper to build and install the package:
 #              ynh_package_install_from_equivs /path/to/controlfile
 #
 # usage: ynh_package_install_from_equivs controlfile
 # | arg: controlfile - path of the equivs control file
 ynh_package_install_from_equivs () {
    local controlfile=$1
    # retrieve package information
    local pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2)	# Retrieve the name of the debian package
    local pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2)	# And its version number
    [[ -z "$pkgname" || -z "$pkgversion" ]] \
        && echo "Invalid control file" && exit 1	# Check if this 2 variables aren't empty.
    # Update packages cache
    ynh_package_update
    # Build and install the package
    local TMPDIR=$(mktemp -d)
    # Force the compatibility level at 10, levels below are deprecated 
    echo 10 > /usr/share/equivs/template/debian/compat
    # Note that the cd executes into a sub shell
    # Create a fake deb package with equivs-build and the given control file
    # Install the fake package without its dependencies with dpkg
    # Install missing dependencies with ynh_package_install
    ynh_wait_dpkg_free
    (cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \
     && equivs-build ./control 1>/dev/null \
     && sudo dpkg --force-depends \
          -i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
     && ynh_package_install -f) || ynh_die "Unable to install dependencies"
    [[ -n "$TMPDIR" ]] && rm -rf $TMPDIR	# Remove the temp dir.
    # check if the package is actually installed
    ynh_package_is_installed "$pkgname"
 }
 # Define and install dependencies with a equivs control file
 # This helper can/should only be called once per app
 #
 # usage: ynh_install_app_dependencies dep [dep [...]]
 # | arg: dep - the package name to install in dependence
 #   You can give a choice between some package with this syntax : "dep1|dep2"
 #   Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5"
 #   This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5)
 ynh_install_app_dependencies () {
    local dependencies=$@
    local dependencies=${dependencies// /, }
    local dependencies=${dependencies//|/ | }
    local manifest_path="../manifest.json"
    if [ ! -e "$manifest_path" ]; then
    	manifest_path="../settings/manifest.json"	# Into the restore script, the manifest is not at the same place
    fi
    local version=$(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4)	# Retrieve the version number in the manifest file.
    if [ ${#version} -eq 0 ]; then
        version="1.0"
    fi
    local dep_app=${app//_/-}	# Replace all '_' by '-'
    cat > /tmp/${dep_app}-ynh-deps.control << EOF	# Make a control file for equivs-build
 Section: misc
 Priority: optional
 Package: ${dep_app}-ynh-deps
 Version: ${version}
 Depends: ${dependencies}
 Architecture: all
 Description: Fake package for ${app} (YunoHost app) dependencies
 This meta-package is only responsible of installing its dependencies.
 EOF
    ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \
        || ynh_die "Unable to install dependencies"	# Install the fake package and its dependencies
    rm /tmp/${dep_app}-ynh-deps.control
    ynh_app_setting_set $app apt_dependencies $dependencies
 }
 # Remove fake package and its dependencies
 #
 # Dependencies will removed only if no other package need them.
 #
 # usage: ynh_remove_app_dependencies
 ynh_remove_app_dependencies () {
    local dep_app=${app//_/-}	# Replace all '_' by '-'
    ynh_package_autopurge ${dep_app}-ynh-deps	# Remove the fake package and its dependencies if they not still used.
 }
--- a/data/helpers.d/print
+++ b/data/helpers.d/print
@ -1,126 +0,0 @@
 # Print a message to stderr and exit
 # usage: ynh_die MSG [RETCODE]
 ynh_die() {
  echo "$1" 1>&2
  exit "${2:-1}"
 }
 # Display a message in the 'INFO' logging category
 #
 # usage: ynh_info "Some message"
 ynh_print_info() {
    echo "$1" >> "$YNH_STDINFO"
 }
 # Ignore the yunohost-cli log to prevent errors with conditional commands
 #
 # [internal]
 #
 # usage: ynh_no_log COMMAND
 #
 # Simply duplicate the log, execute the yunohost command and replace the log without the result of this command
 # It's a very badly hack...
 ynh_no_log() {
  local ynh_cli_log=/var/log/yunohost/yunohost-cli.log
  sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move
  eval $@
  local exit_code=$?
  sudo mv ${ynh_cli_log}-move ${ynh_cli_log}
  return $?
 }
 # Main printer, just in case in the future we have to change anything about that.
 #
 # [internal]
 #
 ynh_print_log () {
  echo -e "${1}"
 }
 # Print a warning on stderr
 #
 # usage: ynh_print_warn "Text to print"
 # | arg: text - The text to print
 ynh_print_warn () {
  ynh_print_log "\e[93m\e[1m[WARN]\e[0m ${1}" >&2
 }
 # Print an error on stderr
 #
 # usage: ynh_print_err "Text to print"
 # | arg: text - The text to print
 ynh_print_err () {
  ynh_print_log "\e[91m\e[1m[ERR]\e[0m ${1}" >&2
 }
 # Execute a command and print the result as an error
 #
 # usage: ynh_exec_err command to execute
 # usage: ynh_exec_err "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_exec_err () {
 	ynh_print_err "$(eval $@)"
 }
 # Execute a command and print the result as a warning
 #
 # usage: ynh_exec_warn command to execute
 # usage: ynh_exec_warn "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_exec_warn () {
 	ynh_print_warn "$(eval $@)"
 }
 # Execute a command and force the result to be printed on stdout
 #
 # usage: ynh_exec_warn_less command to execute
 # usage: ynh_exec_warn_less "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_exec_warn_less () {
 	eval $@ 2>&1
 }
 # Execute a command and redirect stdout in /dev/null
 #
 # usage: ynh_exec_quiet command to execute
 # usage: ynh_exec_quiet "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_exec_quiet () {
 	eval $@ > /dev/null
 }
 # Execute a command and redirect stdout and stderr in /dev/null
 #
 # usage: ynh_exec_fully_quiet command to execute
 # usage: ynh_exec_fully_quiet "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_exec_fully_quiet () {
 	eval $@ > /dev/null 2>&1
 }
 # Remove any logs for all the following commands.
 #
 # usage: ynh_print_OFF
 # WARNING: You should be careful with this helper, and never forget to use ynh_print_ON as soon as possible to restore the logging.
 ynh_print_OFF () {
 	set +x
 }
 # Restore the logging after ynh_print_OFF
 #
 # usage: ynh_print_ON
 ynh_print_ON () {
 	set -x
 	# Print an echo only for the log, to be able to know that ynh_print_ON has been called.
 	echo ynh_print_ON > /dev/null
 }
--- a/data/helpers.d/psql
+++ b/data/helpers.d/psql
@ -1,148 +0,0 @@
 # Create a master password and set up global settings
 # Please always call this script in install and restore scripts
 #
 # usage: ynh_psql_test_if_first_run
 ynh_psql_test_if_first_run() {
 	if [ -f /etc/yunohost/psql ];
 	then
 		echo "PostgreSQL is already installed, no need to create master password"
 	else
 		local pgsql="$(ynh_string_random)"
 		echo "$pgsql" > /etc/yunohost/psql
 		if [ -e /etc/postgresql/9.4/ ]
 		then
 			local pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
 		elif [ -e /etc/postgresql/9.6/ ]
 		then
 			local pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
 		else
 			ynh_die "postgresql shoud be 9.4 or 9.6"
 		fi
 		systemctl start postgresql
 		sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres
 		# force all user to connect to local database using passwords
 		# https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
 		# Note: we can't use peer since YunoHost create users with nologin
 		#  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
 		sed -i '/local\s*all\s*all\s*peer/i \
 			local all all password' "$pg_hba"
 		systemctl enable postgresql
 		systemctl reload postgresql
 	fi
 }
 # Open a connection as a user
 #
 # example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
 # example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
 #
 # usage: ynh_psql_connect_as user pwd [db]
 # | arg: user - the user name to connect as
 # | arg: pwd - the user password
 # | arg: db - the database to connect to
 ynh_psql_connect_as() {
 	local user="$1"
 	local pwd="$2"
 	local db="$3"
 	sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db"
 }
 # # Execute a command as root user
 #
 # usage: ynh_psql_execute_as_root sql [db]
 # | arg: sql - the SQL command to execute
 ynh_psql_execute_as_root () {
 	local sql="$1"
 	sudo --login --user=postgres psql <<< "$sql"
 }
 # Execute a command from a file as root user
 #
 # usage: ynh_psql_execute_file_as_root file [db]
 # | arg: file - the file containing SQL commands
 # | arg: db - the database to connect to
 ynh_psql_execute_file_as_root() {
 	local file="$1"
 	local db="$2"
 	sudo --login --user=postgres psql "$db" < "$file"
 }
 # Create a database, an user and its password. Then store the password in the app's config
 #
 # After executing this helper, the password of the created database will be available in $db_pwd
 # It will also be stored as "psqlpwd" into the app settings.
 #
 # usage: ynh_psql_setup_db user name [pwd]
 # | arg: user - Owner of the database
 # | arg: name - Name of the database
 # | arg: pwd - Password of the database. If not given, a password will be generated
 ynh_psql_setup_db () {
 	local db_user="$1"
 	local db_name="$2"
 	local new_db_pwd=$(ynh_string_random)	# Generate a random password
 	# If $3 is not given, use new_db_pwd instead for db_pwd.
 	local db_pwd="${3:-$new_db_pwd}"
 	ynh_psql_create_db "$db_name" "$db_user" "$db_pwd"	# Create the database
 	ynh_app_setting_set "$app" psqlpwd "$db_pwd"	# Store the password in the app's config
 }
 # Create a database and grant privilegies to a user
 #
 # usage: ynh_psql_create_db db [user [pwd]]
 # | arg: db - the database name to create
 # | arg: user - the user to grant privilegies
 # | arg: pwd  - the user password
 ynh_psql_create_db() {
 	local db="$1"
 	local user="$2"
 	local pwd="$3"
 	ynh_psql_create_user "$user" "$pwd"
 	sudo --login --user=postgres createdb --owner="$user" "$db"
 }
 # Drop a database
 #
 # usage: ynh_psql_drop_db db
 # | arg: db - the database name to drop
 # | arg: user - the user to drop
 ynh_psql_remove_db() {
 	local db="$1"
 	local user="$2"
 	sudo --login --user=postgres dropdb "$db"
 	ynh_psql_drop_user "$user"
 }
 # Dump a database
 #
 # example: ynh_psql_dump_db 'roundcube' > ./dump.sql
 #
 # usage: ynh_psql_dump_db db
 # | arg: db - the database name to dump
 # | ret: the psqldump output
 ynh_psql_dump_db() {
 	local db="$1"
 	sudo --login --user=postgres pg_dump "$db"
 }
 # Create a user
 #
 # usage: ynh_psql_create_user user pwd [host]
 # | arg: user - the user name to create
 ynh_psql_create_user() {
 	local user="$1"
 	local pwd="$2"
 	sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres
 }
 # Drop a user
 #
 # usage: ynh_psql_drop_user user
 # | arg: user - the user name to drop
 ynh_psql_drop_user() {
 	local user="$1"
 	sudo --login --user=postgres dropuser "$user"
 }
--- a/data/helpers.d/setting
+++ b/data/helpers.d/setting
@ -1,27 +0,0 @@
 # Get an application setting
 #
 # usage: ynh_app_setting_get app key
 # | arg: app - the application id
 # | arg: key - the setting to get
 ynh_app_setting_get() {
    sudo yunohost app setting "$1" "$2" --output-as plain --quiet
 }
 # Set an application setting
 #
 # usage: ynh_app_setting_set app key value
 # | arg: app - the application id
 # | arg: key - the setting name to set
 # | arg: value - the setting value to set
 ynh_app_setting_set() {
    sudo yunohost app setting "$1" "$2" --value="$3" --quiet
 }
 # Delete an application setting
 #
 # usage: ynh_app_setting_delete app key
 # | arg: app - the application id
 # | arg: key - the setting to delete
 ynh_app_setting_delete() {
    sudo yunohost app setting -d "$1" "$2" --quiet
 }
--- a/data/helpers.d/string
+++ b/data/helpers.d/string
@ -1,59 +0,0 @@
 # Generate a random string
 #
 # example: pwd=$(ynh_string_random 8)
 #
 # usage: ynh_string_random [length]
 # | arg: length - the string length to generate (default: 24)
 ynh_string_random() {
    dd if=/dev/urandom bs=1 count=1000 2> /dev/null \
      | tr -c -d 'A-Za-z0-9' \
      | sed -n 's/\(.\{'"${1:-24}"'\}\).*/\1/p'
 }
 # Substitute/replace a string (or expression) by another in a file
 #
 # usage: ynh_replace_string match_string replace_string target_file
 # | arg: match_string - String to be searched and replaced in the file
 # | arg: replace_string - String that will replace matches
 # | arg: target_file - File in which the string will be replaced.
 #
 # As this helper is based on sed command, regular expressions and
 # references to sub-expressions can be used
 # (see sed manual page for more information)
 ynh_replace_string () {
 	local delimit=@
 	local match_string=$1
 	local replace_string=$2
 	local workfile=$3
 	# Escape the delimiter if it's in the string.
 	match_string=${match_string//${delimit}/"\\${delimit}"}
 	replace_string=${replace_string//${delimit}/"\\${delimit}"}
 	sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile"
 }
 # Substitute/replace a special string by another in a file
 #
 # usage: ynh_replace_special_string match_string replace_string target_file
 # | arg: match_string - String to be searched and replaced in the file
 # | arg: replace_string - String that will replace matches
 # | arg: target_file - File in which the string will be replaced.
 #
 # This helper will use ynh_replace_string, but as you can use special
 # characters, you can't use some regular expressions and sub-expressions.
 ynh_replace_special_string () {
 	local match_string=$1
 	local replace_string=$2
 	local workfile=$3
  # Escape any backslash to preserve them as simple backslash.
  match_string=${match_string//\\/"\\\\"}
  replace_string=${replace_string//\\/"\\\\"}
 	# Escape the & character, who has a special function in sed.
 	match_string=${match_string//&/"\&"}
 	replace_string=${replace_string//&/"\&"}
 	ynh_replace_string "$match_string" "$replace_string" "$workfile"
 }
--- a/data/helpers.d/system
+++ b/data/helpers.d/system
@ -1,55 +0,0 @@
 # Manage a fail of the script
 #
 # [internal]
 #
 # usage: 
 # ynh_exit_properly is used only by the helper ynh_abort_if_errors.
 # You should not use it directly.
 # Instead, add to your script:
 # ynh_clean_setup () {
 #        instructions...
 # }
 #
 # This function provide a way to clean some residual of installation that not managed by remove script.
 #
 # It prints a warning to inform that the script was failed, and execute the ynh_clean_setup function if used in the app script
 #
 ynh_exit_properly () {
 	local exit_code=$?
 	if [ "$exit_code" -eq 0 ]; then
 			exit 0	# Exit without error if the script ended correctly
 	fi
 	trap '' EXIT	# Ignore new exit signals
 	set +eu	# Do not exit anymore if a command fail or if a variable is empty
 	echo -e "!!\n  $app's script has encountered an error. Its execution was cancelled.\n!!" >&2
 	if type -t ynh_clean_setup > /dev/null; then	# Check if the function exist in the app script.
 		ynh_clean_setup	# Call the function to do specific cleaning for the app.
 	fi
 	ynh_die	# Exit with error status
 }
 # Exits if an error occurs during the execution of the script.
 #
 # usage: ynh_abort_if_errors
 #
 # This configure the rest of the script execution such that, if an error occurs
 # or if an empty variable is used, the execution of the script stops
 # immediately and a call to `ynh_clean_setup` is triggered if it has been
 # defined by your script.
 #
 ynh_abort_if_errors () {
 	set -eu	# Exit if a command fail, and if a variable is used unset.
 	trap ynh_exit_properly EXIT	# Capturing exit signals on shell script
 }
 # Fetch the Debian release codename
 #
 # usage: ynh_get_debian_release
 # | ret: The Debian release codename (i.e. jessie, stretch, ...)
 ynh_get_debian_release () {
 	echo $(lsb_release --codename --short)
 }
--- a/data/helpers.d/user
+++ b/data/helpers.d/user
@ -1,71 +0,0 @@
 # Check if a YunoHost user exists
 #
 # example: ynh_user_exists 'toto' || exit 1
 #
 # usage: ynh_user_exists username
 # | arg: username - the username to check
 ynh_user_exists() {
    sudo yunohost user list --output-as json | grep -q "\"username\": \"${1}\""
 }
 # Retrieve a YunoHost user information
 #
 # example: mail=$(ynh_user_get_info 'toto' 'mail')
 #
 # usage: ynh_user_get_info username key
 # | arg: username - the username to retrieve info from
 # | arg: key - the key to retrieve
 # | ret: string - the key's value
 ynh_user_get_info() {
    sudo yunohost user info "$1" --output-as plain | ynh_get_plain_key "$2"
 }
 # Get the list of YunoHost users
 #
 # example: for u in $(ynh_user_list); do ...
 #
 # usage: ynh_user_list
 # | ret: string - one username per line
 ynh_user_list() {
    sudo yunohost user list --output-as plain --quiet \
      | awk '/^##username$/{getline; print}'
 }
 # Check if a user exists on the system
 #
 # usage: ynh_system_user_exists username
 # | arg: username - the username to check
 ynh_system_user_exists() {
    getent passwd "$1" &>/dev/null
 }
 # Create a system user
 #
 # usage: ynh_system_user_create user_name [home_dir]
 # | arg: user_name - Name of the system user that will be create
 # | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
 ynh_system_user_create () {
 	if ! ynh_system_user_exists "$1"	# Check if the user exists on the system
 	then	# If the user doesn't exist
 		if [ $# -ge 2 ]; then	# If a home dir is mentioned
 			local user_home_dir="-d $2"
 		else
 			local user_home_dir="--no-create-home"
 		fi
 		sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
 	fi
 }
 # Delete a system user
 #
 # usage: ynh_system_user_delete user_name
 # | arg: user_name - Name of the system user that will be create
 ynh_system_user_delete () {
    if ynh_system_user_exists "$1"	# Check if the user exists on the system
    then
 		echo "Remove the user $1" >&2
 		sudo userdel $1
 	else
 		echo "The user $1 was not found" >&2
    fi
 }
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@ -1,279 +0,0 @@
 # Extract a key from a plain command output
 #
 # example: yunohost user info tata --output-as plain | ynh_get_plain_key mail
 #
 # usage: ynh_get_plain_key key [subkey [subsubkey ...]]
 # | ret: string - the key's value
 ynh_get_plain_key() {
    local prefix="#"
    local founded=0
    local key=$1
    shift
    while read line; do
        if [[ "$founded" == "1" ]] ; then
            [[ "$line" =~ ^${prefix}[^#] ]] && return
            echo $line
        elif [[ "$line" =~ ^${prefix}${key}$ ]]; then
            if [[ -n "${1:-}" ]]; then
                prefix+="#"
                key=$1
                shift
            else
                founded=1
            fi
        fi
    done
 }
 # Restore a previous backup if the upgrade process failed
 #
 # usage:
 # ynh_backup_before_upgrade
 # ynh_clean_setup () {
 # 	ynh_restore_upgradebackup
 # }
 # ynh_abort_if_errors
 #
 ynh_restore_upgradebackup () {
 	echo "Upgrade failed." >&2
 	local app_bck=${app//_/-}	# Replace all '_' by '-'
  	NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
 	if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
 	then	
 		# Check if an existing backup can be found before removing and restoring the application.
 		if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
 		then
 			# Remove the application then restore it
 			sudo yunohost app remove $app
 			# Restore the backup
 			sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force
 			ynh_die "The app was restored to the way it was before the failed upgrade."
 		fi
 	else
      		echo "\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !" >&2
  	fi
 }
 # Make a backup in case of failed upgrade
 #
 # usage:
 # ynh_backup_before_upgrade
 # ynh_clean_setup () {
 # 	ynh_restore_upgradebackup
 # }
 # ynh_abort_if_errors
 #
 ynh_backup_before_upgrade () {
 	if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]
 	then
 		echo "This app doesn't have any backup script." >&2
 		return
 	fi
 	backup_number=1
 	local old_backup_number=2
 	local app_bck=${app//_/-}	# Replace all '_' by '-'
 	NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
        if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
        then
 		# Check if a backup already exists with the prefix 1
 		if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
 		then
 			# Prefix becomes 2 to preserve the previous backup
 			backup_number=2
 			old_backup_number=1
 		fi
 		# Create backup
 		sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number
 		if [ "$?" -eq 0 ]
 		then
 			# If the backup succeeded, remove the previous backup
 			if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
 			then
 				# Remove the previous backup only if it exists
 				sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
 			fi
 		else
 			ynh_die "Backup failed, the upgrade process was aborted."
 		fi
        else
                echo "\$NO_BACKUP_UPGRADE is set, backup will be avoided. Be careful, this upgrade is going to be operated without a security backup"
        fi
 }
 # Download, check integrity, uncompress and patch the source from app.src
 #
 # The file conf/app.src need to contains:
 #
 # SOURCE_URL=Address to download the app archive
 # SOURCE_SUM=Control sum
 # # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # # default: sha256
 # SOURCE_SUM_PRG=sha256
 # # (Optional) Archive format
 # # default: tar.gz
 # SOURCE_FORMAT=tar.gz
 # # (Optional) Put false if sources are directly in the archive root
 # # default: true
 # SOURCE_IN_SUBDIR=false
 # # (Optionnal) Name of the local archive (offline setup support)
 # # default: ${src_id}.${src_format}
 # SOURCE_FILENAME=example.tar.gz 
 # # (Optional) If it set as false don't extract the source.
 # # (Useful to get a debian package or a python wheel.)
 # # default: true
 # SOURCE_EXTRACT=(true|false)
 #
 # Details:
 # This helper downloads sources from SOURCE_URL if there is no local source
 # archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME
 #
 # Next, it checks the integrity with "SOURCE_SUM_PRG -c --status" command.
 #
 # If it's ok, the source archive will be uncompressed in $dest_dir. If the
 # SOURCE_IN_SUBDIR is true, the first level directory of the archive will be
 # removed.
 #
 # Finally, patches named sources/patches/${src_id}-*.patch and extra files in
 # sources/extra_files/$src_id will be applied to dest_dir
 #
 #
 # usage: ynh_setup_source dest_dir [source_id]
 # | arg: dest_dir  - Directory where to setup sources
 # | arg: source_id - Name of the app, if the package contains more than one app
 ynh_setup_source () {
    local dest_dir=$1
    local src_id=${2:-app} # If the argument is not given, source_id equals "app"
    # Load value from configuration file (see above for a small doc about this file
    # format)
    local src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_extract=$(grep 'SOURCE_EXTRACT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
    # Default value
    src_sumprg=${src_sumprg:-sha256sum}
    src_in_subdir=${src_in_subdir:-true}
    src_format=${src_format:-tar.gz}
    src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]')
    src_extract=${src_extract:-true}
    if [ "$src_filename" = "" ] ; then
        src_filename="${src_id}.${src_format}"
    fi
    local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"
    if test -e "$local_src"
    then    # Use the local source file if it is present
        cp $local_src $src_filename
    else    # If not, download the source
        local out=`wget -nv -O $src_filename $src_url 2>&1` || ynh_print_err $out
    fi
    # Check the control sum
    echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \
        || ynh_die "Corrupt source"
    # Extract source into the app dir
    mkdir -p "$dest_dir"
    if ! "$src_extract"
    then
        mv $src_filename $dest_dir
    elif [ "$src_format" = "zip" ]
    then 
        # Zip format
        # Using of a temp directory, because unzip doesn't manage --strip-components
        if $src_in_subdir ; then
            local tmp_dir=$(mktemp -d)
            unzip -quo $src_filename -d "$tmp_dir"
            cp -a $tmp_dir/*/. "$dest_dir"
            ynh_secure_remove "$tmp_dir"
        else
            unzip -quo $src_filename -d "$dest_dir"
        fi
    else
        local strip=""
        if $src_in_subdir ; then
            strip="--strip-components 1"
        fi
        if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then
            tar -xf $src_filename -C "$dest_dir" $strip
        else
            ynh_die "Archive format unrecognized."
        fi
    fi
    # Apply patches
    if (( $(find $YNH_CWD/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then
        local old_dir=$(pwd)
        (cd "$dest_dir" \
            && for p in $YNH_CWD/../sources/patches/${src_id}-*.patch; do \
                patch -p1 < $p; done) \
            || ynh_die "Unable to apply patches"
        cd $old_dir
    fi
    # Add supplementary files
    if test -e "$YNH_CWD/../sources/extra_files/${src_id}"; then
        cp -a $YNH_CWD/../sources/extra_files/$src_id/. "$dest_dir"
    fi
 }
 # Curl abstraction to help with POST requests to local pages (such as installation forms)
 #
 # $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?))
 #
 # example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
 # 
 # usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
 # | arg: page_uri    - Path (relative to $path_url) of the page where POST data will be sent
 # | arg: key1=value1 - (Optionnal) POST key and corresponding value
 # | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
 # | arg: ...         - (Optionnal) More POST keys and values
 ynh_local_curl () {
 	# Define url of page to curl
 	local full_page_url=https://localhost$path_url$1
 	# Concatenate all other arguments with '&' to prepare POST data
 	local POST_data=""
 	local arg=""
 	for arg in "${@:2}"
 	do
 		POST_data="${POST_data}${arg}&"
 	done
 	if [ -n "$POST_data" ]
 	then
 		# Add --data arg and remove the last character, which is an unecessary '&'
 		POST_data="--data ${POST_data::-1}"
 	fi
 	# Wait untils nginx has fully reloaded (avoid curl fail with http2)
 	sleep 2
 	# Curl the URL
 	curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url"
 }
 # Render templates with Jinja2
 # 
 # Attention : Variables should be exported before calling this helper to be
 # accessible inside templates.
 #
 # usage: ynh_render_template some_template output_path
 # | arg: some_template - Template file to be rendered
 # | arg: output_path   - The path where the output will be redirected to
 ynh_render_template() {
   local template_path=$1
   local output_path=$2
   # Taken from https://stackoverflow.com/a/35009576
   python2.7 -c 'import os, sys, jinja2; sys.stdout.write(
                    jinja2.Template(sys.stdin.read()
                 ).render(os.environ));' < $template_path > $output_path
 }
--- a/data/hooks/backup/05-conf_ldap
+++ b/data/hooks/backup/05-conf_ldap
@ -1,17 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ldap"
 # Backup the configuration
 ynh_backup "/etc/ldap/slapd.conf" "${backup_dir}/slapd.conf"
 sudo slapcat -b cn=config -l "${backup_dir}/cn=config.master.ldif"
 # Backup the database
 sudo slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
--- a/data/hooks/backup/08-conf_ssh
+++ b/data/hooks/backup/08-conf_ssh
@ -1,17 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ssh"
 # Backup the configuration
 if [ -d /etc/ssh/ ]; then
    ynh_backup "/etc/ssh" "$backup_dir"
 else
    echo "SSH is not installed"
 fi
--- a/data/hooks/backup/11-conf_ynh_mysql
+++ b/data/hooks/backup/11-conf_ynh_mysql
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ynh/mysql"
 # Save MySQL root password
 ynh_backup "/etc/yunohost/mysql" "${backup_dir}/root_pwd"
--- a/data/hooks/backup/14-conf_ssowat
+++ b/data/hooks/backup/14-conf_ssowat
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ssowat"
 # Backup the configuration
 ynh_backup "/etc/ssowat" "$backup_dir"
--- a/data/hooks/backup/17-data_home
+++ b/data/hooks/backup/17-data_home
@ -1,19 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/data/home"
 # Backup user home
 for f in $(find /home/* -type d -prune | awk -F/ '{print $NF}'); do
    if [[ ! "$f" =~ ^yunohost|lost\+found ]]; then
        if [ ! -e "/home/$f/.nobackup" ]; then
            ynh_backup "/home/$f" "${backup_dir}/$f" 1
        fi
    fi
 done
--- a/data/hooks/backup/20-conf_ynh_firewall
+++ b/data/hooks/backup/20-conf_ynh_firewall
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ynh/firewall"
 # Backup the configuration
 ynh_backup "/etc/yunohost/firewall.yml" "${backup_dir}/firewall.yml"
--- a/data/hooks/backup/21-conf_ynh_certs
+++ b/data/hooks/backup/21-conf_ynh_certs
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ynh/certs"
 # Backup certificates
 ynh_backup "/etc/yunohost/certs" "$backup_dir"
--- a/data/hooks/backup/23-data_mail
+++ b/data/hooks/backup/23-data_mail
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/data/mail"
 # Backup mails
 ynh_backup /var/mail "$backup_dir" 1
--- a/data/hooks/backup/26-conf_xmpp
+++ b/data/hooks/backup/26-conf_xmpp
@ -1,14 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/xmpp"
 # Backup the configuration
 ynh_backup /etc/metronome "${backup_dir}/etc"
 ynh_backup /var/lib/metronome "${backup_dir}/var"
--- a/data/hooks/backup/29-conf_nginx
+++ b/data/hooks/backup/29-conf_nginx
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/nginx"
 # Backup the configuration
 ynh_backup "/etc/nginx/conf.d" "$backup_dir"
--- a/data/hooks/backup/32-conf_cron
+++ b/data/hooks/backup/32-conf_cron
@ -1,15 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/cron"
 # Backup the configuration
 for f in $(ls -1B /etc/cron.d/yunohost*); do
  ynh_backup "$f" "${backup_dir}/${f##*/}"
 done
--- a/data/hooks/backup/40-conf_ynh_currenthost
+++ b/data/hooks/backup/40-conf_ynh_currenthost
@ -1,13 +0,0 @@
 #!/bin/bash
 # Exit hook on subcommand error or unset variable
 set -eu
 # Source YNH helpers
 source /usr/share/yunohost/helpers.d/filesystem
 # Backup destination
 backup_dir="${1}/conf/ynh"
 # Backup the configuration
 ynh_backup "/etc/yunohost/current_host" "${backup_dir}/current_host"
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@ -1,132 +0,0 @@
 #!/bin/bash
 set -e
 services_path="/etc/yunohost/services.yml"
 do_init_regen() {
  if [[ $EUID -ne 0 ]]; then
    echo "You must be root to run this script" 1>&2
    exit 1
  fi
  cd /usr/share/yunohost/templates/yunohost
  [[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost
  # set default current_host
  [[ -f /etc/yunohost/current_host ]] \
    || echo "yunohost.org" > /etc/yunohost/current_host
  # copy default services and firewall
  [[ -f $services_path ]] \
    || cp services.yml "$services_path"
  [[ -f /etc/yunohost/firewall.yml ]] \
    || cp firewall.yml /etc/yunohost/firewall.yml
  # allow users to access /media directory
  [[ -d /etc/skel/media ]] \
    || (mkdir -p /media && ln -s /media /etc/skel/media)
 }
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/yunohost
  # update services.yml
  if [[ -f $services_path ]]; then
      tmp_services_path="${services_path}-tmp"
      new_services_path="${services_path}-new"
      sudo cp "$services_path" "$tmp_services_path"
      _update_services "$new_services_path" || {
        sudo mv "$tmp_services_path" "$services_path"
        exit 1
      }
      if [[ -f $new_services_path ]]; then
          # replace services.yml with new one
          sudo mv "$new_services_path" "$services_path"
          sudo mv "$tmp_services_path" "${services_path}-old"
      else
          sudo rm -f "$tmp_services_path"
      fi
  else
      sudo cp services.yml /etc/yunohost/services.yml
  fi
  mkdir -p "$pending_dir"/etc/etckeeper/
  cp etckeeper.conf "$pending_dir"/etc/etckeeper/
 }
 _update_services() {
  sudo python2 - << EOF
 import yaml
 with open('services.yml') as f:
    new_services = yaml.load(f)
 with open('/etc/yunohost/services.yml') as f:
    services = yaml.load(f)
 updated = False
 for service, conf in new_services.items():
    # remove service with empty conf
    if conf is None:
        if service in services:
            print("removing '{0}' from services".format(service))
            del services[service]
            updated = True
    # add new service
    elif not services.get(service, None):
        print("adding '{0}' to services".format(service))
        services[service] = conf
        updated = True
    # update service conf
    else:
        conffiles = services[service].pop('conffiles', {})
        # status need to be removed
        if "status" not in conf and "status" in services[service]:
            print("update '{0}' service status access".format(service))
            del services[service]["status"]
            updated = True
        if services[service] != conf:
            print("update '{0}' service".format(service))
            services[service].update(conf)
            updated = True
        if conffiles:
            services[service]['conffiles'] = conffiles
 if updated:
    with open('/etc/yunohost/services.yml-new', 'w') as f:
        yaml.safe_dump(services, f, default_flow_style=False)
 EOF
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    ;;
  init)
    do_init_regen
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@ -1,129 +0,0 @@
 #!/bin/bash
 set -e
 ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
 do_init_regen() {
  if [[ $EUID -ne 0 ]]; then
    echo "You must be root to run this script" 1>&2
    exit 1
  fi
  LOGFILE="/tmp/yunohost-ssl-init"
  echo "Initializing a local SSL certification authority ..."
  echo "(logs available in $LOGFILE)"
  rm -f $LOGFILE
  touch $LOGFILE
  # create certs and SSL directories
  mkdir -p "/etc/yunohost/certs/yunohost.org"
  mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
  # initialize some files
  [[ -f "${ssl_dir}/serial" ]] \
    || openssl rand -hex 19 > "${ssl_dir}/serial"
  [[ -f "${ssl_dir}/index.txt" ]] \
    || touch "${ssl_dir}/index.txt"
  openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf"
  ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem"
  ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem"
  ynh_key="/etc/yunohost/certs/yunohost.org/key.pem"
  # create default certificates
  if [[ ! -f "$ynh_ca" ]]; then
      echo -e "\n# Creating the CA key (?)\n" >>$LOGFILE
      openssl req -x509 \
        -new \
        -config "$openssl_conf" \
        -days 3650 \
        -out "${ssl_dir}/ca/cacert.pem" \
        -keyout "${ssl_dir}/ca/cakey.pem" \
        -nodes -batch >>$LOGFILE 2>&1
      cp "${ssl_dir}/ca/cacert.pem" "$ynh_ca"
      ln -sf "$ynh_ca" /etc/ssl/certs/ca-yunohost_crt.pem
      update-ca-certificates
  fi
  if [[ ! -f "$ynh_crt" ]]; then
      echo -e "\n# Creating initial key and certificate (?)\n" >>$LOGFILE
      openssl req -new \
        -config "$openssl_conf" \
        -days 730 \
        -out "${ssl_dir}/certs/yunohost_csr.pem" \
        -keyout "${ssl_dir}/certs/yunohost_key.pem" \
        -nodes -batch >>$LOGFILE 2>&1
      openssl ca \
        -config "$openssl_conf" \
        -days 730 \
        -in "${ssl_dir}/certs/yunohost_csr.pem" \
        -out "${ssl_dir}/certs/yunohost_crt.pem" \
        -batch >>$LOGFILE 2>&1
      last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
      chmod 640 "${ssl_dir}/certs/yunohost_key.pem"
      chmod 640 "$last_cert"
      cp "${ssl_dir}/certs/yunohost_key.pem" "$ynh_key"
      cp "$last_cert" "$ynh_crt"
      ln -sf "$ynh_crt" /etc/ssl/certs/yunohost_crt.pem
      ln -sf "$ynh_key" /etc/ssl/private/yunohost_key.pem
  fi
 }
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/ssl
  install -D -m 644 openssl.cnf "${pending_dir}/${ssl_dir}/openssl.cnf"
 }
 do_post_regen() {
  regen_conf_files=$1
  # Ensure that index.txt exists
  index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt
  [[ -f "${index_txt}" ]] || {
    if [[ -f "${index_txt}.saved" ]]; then
      # use saved database from 2.2
      sudo cp "${index_txt}.saved" "${index_txt}"
    elif [[ -f "${index_txt}.old" ]]; then
      # ... or use the state-1 database
      sudo cp "${index_txt}.old" "${index_txt}"
    else
      # ... or create an empty one
      sudo touch "${index_txt}"
    fi
  }
  # TODO: regenerate certificates if conf changed?
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  init)
    do_init_regen
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/03-ssh
+++ b/data/hooks/conf_regen/03-ssh
@ -1,45 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/ssh
  # only overwrite SSH configuration on an ISO installation
  if [[ ! -f /etc/yunohost/from_script ]]; then
      # do not listen to IPv6 if unavailable
      [[ -f /proc/net/if_inet6 ]] \
        || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
      install -D -m 644 sshd_config "${pending_dir}/etc/ssh/sshd_config"
  fi
 }
 do_post_regen() {
  regen_conf_files=$1
  if [[ ! -f /etc/yunohost/from_script ]]; then
    [[ -z "$regen_conf_files" ]] \
      || sudo service ssh restart
  fi
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@ -1,143 +0,0 @@
 #!/bin/bash
 set -e
 tmp_backup_dir_file="/tmp/slapd-backup-dir.txt"
 do_init_regen() {
  if [[ $EUID -ne 0 ]]; then
      echo "You must be root to run this script" 1>&2
      exit 1
  fi
  do_pre_regen ""
  # fix some permissions
  chown root:openldap /etc/ldap/slapd.conf
  chown -R openldap:openldap /etc/ldap/schema/
  # check the slapd config file at first
  slaptest -Q -u -f /etc/ldap/slapd.conf
  # regenerate LDAP config directory from slapd.conf
  rm -Rf /etc/ldap/slapd.d
  mkdir /etc/ldap/slapd.d
  slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
  chown -R openldap:openldap /etc/ldap/slapd.d/
  service slapd restart
 }
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/slapd
  # create needed directories
  ldap_dir="${pending_dir}/etc/ldap"
  schema_dir="${ldap_dir}/schema"
  mkdir -p "$ldap_dir" "$schema_dir"
  # remove legacy configuration file
  [ ! -f /etc/ldap/slapd-yuno.conf ] \
    || touch "${pending_dir}/etc/ldap/slapd-yuno.conf"
  # remove temporary backup file
  sudo rm -f "$tmp_backup_dir_file"
  # retrieve current and new backends
  curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2>/dev/null | awk '{print $2}')
  new_backend=$(grep '^database' slapd.conf | awk '{print $2}')
  # save current database before any conf changes
  if [[ -n "$curr_backend" && "$curr_backend" != "$new_backend" ]]; then
    backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
    sudo mkdir -p "$backup_dir"
    sudo slapcat -b dc=yunohost,dc=org \
      -l "${backup_dir}/dc=yunohost-dc=org.ldif"
    echo "$backup_dir" > "$tmp_backup_dir_file"
  fi
  # copy configuration files
  cp -a ldap.conf slapd.conf "$ldap_dir"
  cp -a sudo.schema mailserver.schema "$schema_dir"
  install -D -m 644 slapd.default "${pending_dir}/etc/default/slapd"
 }
 do_post_regen() {
  regen_conf_files=$1
  # ensure that slapd.d exists
  sudo mkdir -p /etc/ldap/slapd.d
  # fix some permissions
  sudo chown root:openldap /etc/ldap/slapd.conf
  sudo chown -R openldap:openldap /etc/ldap/schema/
  sudo chown -R openldap:openldap /etc/ldap/slapd.d/
  [ -z "$regen_conf_files" ] && exit 0
  # check the slapd config file at first
  sudo slaptest -Q -u -f /etc/ldap/slapd.conf
  # check if a backup should be restored
  backup_dir=$(cat "$tmp_backup_dir_file" 2>/dev/null || true)
  if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
      # regenerate LDAP config directory and import database as root
      # since the admin user may be unavailable
      sudo sh -c "rm -Rf /etc/ldap/slapd.d;
  mkdir /etc/ldap/slapd.d;
  slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
  chown -R openldap:openldap /etc/ldap/slapd.d;
  slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
    -l '${backup_dir}/dc=yunohost-dc=org.ldif';
  chown -R openldap:openldap /var/lib/ldap" 2>&1
  else
      # regenerate LDAP config directory from slapd.conf
      sudo rm -Rf /etc/ldap/slapd.d
      sudo mkdir /etc/ldap/slapd.d
      sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
      sudo chown -R openldap:openldap /etc/ldap/slapd.d/
  fi
  sudo service slapd force-reload
  # on slow hardware/vm this regen conf would exit before the admin user that
  # is stored in ldap is available because ldap seems to slow to restart
  # so we'll wait either until we are able to log as admin or until a timeout
  # is reached
  # we need to do this because the next hooks executed after this one during
  # postinstall requires to run as admin thus breaking postinstall on slow
  # hardware which mean yunohost can't be correctly installed on those hardware
  # and this sucks
  # wait a maximum time of 5 minutes
  # yes, force-reload behave like a restart
  number_of_wait=0
  while ! sudo su admin -c '' && ((number_of_wait < 60))
  do
      sleep 5
      ((number_of_wait += 1))
  done
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  init)
    do_init_regen
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/09-nslcd
+++ b/data/hooks/conf_regen/09-nslcd
@ -1,36 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/nslcd
  install -D -m 644 nslcd.conf "${pending_dir}/etc/nslcd.conf"
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service nslcd restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@ -1,76 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/metronome
  # create directories for pending conf
  metronome_dir="${pending_dir}/etc/metronome"
  metronome_conf_dir="${metronome_dir}/conf.d"
  mkdir -p "$metronome_conf_dir"
  # retrieve variables
  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # install main conf file
  cat metronome.cfg.lua \
    | sed "s/{{ main_domain }}/${main_domain}/g" \
    > "${metronome_dir}/metronome.cfg.lua"
  # add domain conf files
  for domain in $domain_list; do
    cat domain.tpl.cfg.lua \
      | sed "s/{{ domain }}/${domain}/g" \
      > "${metronome_conf_dir}/${domain}.cfg.lua"
  done
  # remove old domain conf files
  conf_files=$(ls -1 /etc/metronome/conf.d \
                 | awk '/^[^\.]+\.[^\.]+.*\.cfg\.lua$/ { print $1 }')
  for file in $conf_files; do
    domain=${file%.cfg.lua}
    [[ $domain_list =~ $domain ]] \
      || touch "${metronome_conf_dir}/${file}"
  done
 }
 do_post_regen() {
  regen_conf_files=$1
  # fix some permissions
  sudo chown -R metronome: /var/lib/metronome/
  sudo chown -R metronome: /etc/metronome/conf.d/
  # retrieve variables
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # create metronome directories for domains
  for domain in $domain_list; do
    sudo mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
  done
  [[ -z "$regen_conf_files" ]] \
    || sudo service metronome restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@ -1,119 +0,0 @@
 #!/bin/bash
 set -e
 . /usr/share/yunohost/helpers.d/utils
 do_init_regen() {
  if [[ $EUID -ne 0 ]]; then
    echo "You must be root to run this script" 1>&2
    exit 1
  fi
  do_pre_regen ""
 }
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/nginx
  nginx_dir="${pending_dir}/etc/nginx"
  nginx_conf_dir="${nginx_dir}/conf.d"
  mkdir -p "$nginx_conf_dir"
  # install plain conf files
  cp plain/* "$nginx_conf_dir"
  # probably run with init: just disable default site, restart NGINX and exit
  if [[ -z "$pending_dir" ]]; then
    rm -f "${nginx_dir}/sites-enabled/default"
    service nginx restart
    exit 0
  fi
  # retrieve variables
  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # add domain conf files
  for domain in $domain_list; do
    domain_conf_dir="${nginx_conf_dir}/${domain}.d"
    mkdir -p "$domain_conf_dir"
    mail_autoconfig_dir="${pending_dir}/var/www/.well-known/${domain}/autoconfig/mail/"
    mkdir -p "$mail_autoconfig_dir"
    # NGINX server configuration
    export domain
    export domain_cert_ca=$(yunohost domain cert-status $domain --json \
                            | jq ".certificates.\"$domain\".CA_type" \
                            | tr -d '"')
    ynh_render_template "server.tpl.conf" "${nginx_conf_dir}/${domain}.conf"
    ynh_render_template "autoconfig.tpl.xml" "${mail_autoconfig_dir}/config-v1.1.xml"
    [[ $main_domain != $domain ]] \
      && touch "${domain_conf_dir}/yunohost_local.conf" \
      || cp yunohost_local.conf "${domain_conf_dir}/yunohost_local.conf"
  done
  # remove old domain conf files
  conf_files=$(ls -1 /etc/nginx/conf.d \
                 | awk '/^[^\.]+\.[^\.]+.*\.conf$/ { print $1 }')
  for file in $conf_files; do
    domain=${file%.conf}
    [[ $domain_list =~ $domain ]] \
      || touch "${nginx_conf_dir}/${file}"
  done
  # remove old mail-autoconfig files
  autoconfig_files=$(ls -1 /var/www/.well-known/*/autoconfig/mail/config-v1.1.xml 2>/dev/null || true)
  for file in $autoconfig_files; do
    domain=$(basename $(readlink -f $(dirname $file)/../..))
    [[ $domain_list =~ $domain ]] \
      || (mkdir -p "$(dirname ${pending_dir}/${file})" && touch "${pending_dir}/${file}")
  done
  # disable default site
  mkdir -p "${nginx_dir}/sites-enabled"
  touch "${nginx_dir}/sites-enabled/default"
 }
 do_post_regen() {
  regen_conf_files=$1
  [ -z "$regen_conf_files" ] && exit 0
  # retrieve variables
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # create NGINX conf directories for domains
  for domain in $domain_list; do
    sudo mkdir -p "/etc/nginx/conf.d/${domain}.d"
  done
  # Reload nginx configuration
  pgrep nginx && sudo service nginx reload
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  init)
    do_init_regen
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/19-postfix
+++ b/data/hooks/conf_regen/19-postfix
@ -1,67 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/postfix
  postfix_dir="${pending_dir}/etc/postfix"
  mkdir -p "$postfix_dir"
  default_dir="${pending_dir}/etc/default/"
  mkdir -p "$default_dir"
  # install plain conf files
  cp plain/* "$postfix_dir"
  # prepare main.cf conf file
  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ')
  cat main.cf \
    | sed "s/{{ main_domain }}/${main_domain}/g" \
    > "${postfix_dir}/main.cf"
  cat postsrsd \
    | sed "s/{{ main_domain }}/${main_domain}/g" \
    | sed "s/{{ domain_list }}/${domain_list}/g" \
    > "${default_dir}/postsrsd"
  # adapt it for IPv4-only hosts
  if [ ! -f /proc/net/if_inet6 ]; then
    sed -i \
      's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \
      "${postfix_dir}/main.cf"
    sed -i \
      's/inet_interfaces = all/&\ninet_protocols = ipv4/' \
      "${postfix_dir}/main.cf"
  fi
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || { sudo service postfix restart && sudo service postsrsd restart; }
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/25-dovecot
+++ b/data/hooks/conf_regen/25-dovecot
@ -1,78 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/dovecot
  dovecot_dir="${pending_dir}/etc/dovecot"
  mkdir -p "${dovecot_dir}/global_script"
  # copy simple conf files
  cp dovecot-ldap.conf "${dovecot_dir}/dovecot-ldap.conf"
  cp dovecot.sieve "${dovecot_dir}/global_script/dovecot.sieve"
  # prepare dovecot.conf conf file
  main_domain=$(cat /etc/yunohost/current_host)
  cat dovecot.conf \
    | sed "s/{{ main_domain }}/${main_domain}/g" \
    > "${dovecot_dir}/dovecot.conf"
  # adapt it for IPv4-only hosts
  if [ ! -f /proc/net/if_inet6 ]; then
    sed -i \
      's/^\(listen =\).*/\1 */' \
      "${dovecot_dir}/dovecot.conf"
  fi
  mkdir -p "${dovecot_dir}/yunohost.d"
  cp pre-ext.conf "${dovecot_dir}/yunohost.d"
  cp post-ext.conf "${dovecot_dir}/yunohost.d"
 }
 do_post_regen() {
  regen_conf_files=$1
  sudo mkdir -p "/etc/dovecot/yunohost.d/pre-ext.d"
  sudo mkdir -p "/etc/dovecot/yunohost.d/post-ext.d"
  # create vmail user
  id vmail > /dev/null 2>&1 \
    || sudo adduser --system --ingroup mail --uid 500 vmail
  # fix permissions
  sudo chown -R vmail:mail /etc/dovecot/global_script
  sudo chmod 770 /etc/dovecot/global_script
  sudo chown root:mail /var/mail
  sudo chmod 1775 /var/mail
  [ -z "$regen_conf_files" ] && exit 0
  # compile sieve script
  [[ "$regen_conf_files" =~ dovecot\.sieve ]] && {
    sudo sievec /etc/dovecot/global_script/dovecot.sieve
    sudo chown -R vmail:mail /etc/dovecot/global_script
  }
  sudo service dovecot restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/31-rspamd
+++ b/data/hooks/conf_regen/31-rspamd
@ -1,79 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/rspamd
  install -D -m 644 metrics.local.conf \
      "${pending_dir}/etc/rspamd/local.d/metrics.conf"
  install -D -m 644 dkim_signing.conf \
      "${pending_dir}/etc/rspamd/local.d/dkim_signing.conf"
  install -D -m 644 rspamd.sieve \
      "${pending_dir}/etc/dovecot/global_script/rspamd.sieve"
 }
 do_post_regen() {
  ##
  ## DKIM key generation
  ##
  # create DKIM directory with proper permission
  sudo mkdir -p /etc/dkim
  sudo chown _rspamd /etc/dkim
  # retrieve domain list
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # create DKIM key for domains
  for domain in $domain_list; do
    domain_key="/etc/dkim/${domain}.mail.key"
    [ ! -f "$domain_key" ] && {
      # We use a 1024 bit size because nsupdate doesn't seem to be able to
      # handle 2048...
      sudo opendkim-genkey --domain="$domain" \
          --selector=mail --directory=/etc/dkim -b 1024
      sudo mv /etc/dkim/mail.private "$domain_key"
      sudo mv /etc/dkim/mail.txt "/etc/dkim/${domain}.mail.txt"
    }
  done
  # fix DKIM keys permissions
  sudo chown _rspamd /etc/dkim/*.mail.key
  sudo chmod 400 /etc/dkim/*.mail.key
  regen_conf_files=$1
  [ -z "$regen_conf_files" ] && exit 0
  # compile sieve script
  [[ "$regen_conf_files" =~ rspamd\.sieve ]] && {
    sudo sievec /etc/dovecot/global_script/rspamd.sieve
    sudo chown -R vmail:mail /etc/dovecot/global_script
    sudo systemctl restart dovecot
  }
  # Restart rspamd due to the upgrade
  # https://rspamd.com/announce/2016/08/01/rspamd-1.3.1.html 
  sudo systemctl -q restart rspamd.service 
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/34-mysql
+++ b/data/hooks/conf_regen/34-mysql
@ -1,78 +0,0 @@
 #!/bin/bash
 set -e
 MYSQL_PKG="mariadb-server-10.1"
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/mysql
  install -D -m 644 my.cnf "${pending_dir}/etc/mysql/my.cnf"
 }
 do_post_regen() {
  regen_conf_files=$1
  if [ ! -f /etc/yunohost/mysql ]; then
      . /usr/share/yunohost/helpers.d/string
      # ensure that mysql is running
      sudo systemctl -q is-active mysql.service \
        || sudo service mysql start
      # generate and set new root password
      mysql_password=$(ynh_string_random 10)
      sudo mysqladmin -s -u root -pyunohost password "$mysql_password" || {
        if [ $FORCE -eq 1 ]; then
            . /usr/share/yunohost/helpers.d/package
            echo "It seems that you have already configured MySQL." \
              "YunoHost needs to have a root access to MySQL to runs its" \
              "applications, and is going to reset the MySQL root password." \
              "You can find this new password in /etc/yunohost/mysql." >&2
            # set new password with debconf
            sudo debconf-set-selections << EOF
 $MYSQL_PKG mysql-server/root_password password $mysql_password
 $MYSQL_PKG mysql-server/root_password_again password $mysql_password
 EOF
            # reconfigure Debian package
            sudo dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
        else
            echo "It seems that you have already configured MySQL." \
              "YunoHost needs to have a root access to MySQL to runs its" \
              "applications, but the MySQL root password is unknown." \
              "You must either pass --force to reset the password or" \
              "put the current one into the file /etc/yunohost/mysql." >&2
            exit 1
        fi
      }
      # store new root password
      echo "$mysql_password" | sudo tee /etc/yunohost/mysql
      sudo chmod 400 /etc/yunohost/mysql
  fi
  [[ -z "$regen_conf_files" ]] \
    || sudo service mysql restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/37-avahi-daemon
+++ b/data/hooks/conf_regen/37-avahi-daemon
@ -1,37 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/avahi-daemon
  install -D -m 644 avahi-daemon.conf \
    "${pending_dir}/etc/avahi/avahi-daemon.conf"
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service avahi-daemon restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/40-glances
+++ b/data/hooks/conf_regen/40-glances
@ -1,36 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/glances
  install -D -m 644 glances.default "${pending_dir}/etc/default/glances"
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service glances restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/43-dnsmasq
+++ b/data/hooks/conf_regen/43-dnsmasq
@ -1,75 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  # source ip helpers
  . /usr/share/yunohost/helpers.d/ip
  cd /usr/share/yunohost/templates/dnsmasq
  # create directory for pending conf
  dnsmasq_dir="${pending_dir}/etc/dnsmasq.d"
  mkdir -p "$dnsmasq_dir"
  etcdefault_dir="${pending_dir}/etc/default"
  mkdir -p "$etcdefault_dir"
  # add general conf files
  cp plain/etcdefault ${pending_dir}/etc/default/dnsmasq
  cp plain/dnsmasq.conf ${pending_dir}/etc/dnsmasq.conf
  # add resolver file
  cat plain/resolv.dnsmasq.conf | grep "^nameserver" | shuf > ${pending_dir}/etc/resolv.dnsmasq.conf
  # retrieve variables
  ipv4=$(curl -s -4 https://ip.yunohost.org 2>/dev/null || true)
  ynh_validate_ip4 "$ipv4" || ipv4='127.0.0.1'
  ipv6=$(curl -s -6 https://ip6.yunohost.org 2>/dev/null || true)
  ynh_validate_ip6 "$ipv6" || ipv6=''
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # add domain conf files
  for domain in $domain_list; do
    cat domain.tpl \
      | sed "s/{{ domain }}/${domain}/g" \
      | sed "s/{{ ip }}/${ipv4}/g" \
      > "${dnsmasq_dir}/${domain}"
    [[ -n $ipv6 ]] \
      && echo "address=/${domain}/${ipv6}" >> "${dnsmasq_dir}/${domain}"
  done
  # remove old domain conf files
  conf_files=$(ls -1 /etc/dnsmasq.d \
                 | awk '/^[^\.]+\.[^\.]+.*$/ { print $1 }')
  for domain in $conf_files; do
    [[ $domain_list =~ $domain ]] \
      || touch "${dnsmasq_dir}/${domain}"
  done
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service dnsmasq restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/46-nsswitch
+++ b/data/hooks/conf_regen/46-nsswitch
@ -1,36 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/nsswitch
  install -D -m 644 nsswitch.conf "${pending_dir}/etc/nsswitch.conf"
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service unscd restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/conf_regen/52-fail2ban
+++ b/data/hooks/conf_regen/52-fail2ban
@ -1,42 +0,0 @@
 #!/bin/bash
 set -e
 do_pre_regen() {
  pending_dir=$1
  cd /usr/share/yunohost/templates/fail2ban
  fail2ban_dir="${pending_dir}/etc/fail2ban"
  mkdir -p "${fail2ban_dir}/filter.d"
  mkdir -p "${fail2ban_dir}/jail.d"
  cp yunohost.conf "${fail2ban_dir}/filter.d/yunohost.conf"
  cp jail.conf "${fail2ban_dir}/jail.conf"
  cp yunohost-jails.conf "${fail2ban_dir}/jail.d/"
 }
 do_post_regen() {
  regen_conf_files=$1
  [[ -z "$regen_conf_files" ]] \
    || sudo service fail2ban restart
 }
 FORCE=${2:-0}
 DRY_RUN=${3:-0}
 case "$1" in
  pre)
    do_pre_regen $4
    ;;
  post)
    do_post_regen $4
    ;;
  *)
    echo "hook called with unknown argument \`$1'" >&2
    exit 1
    ;;
 esac
 exit 0
--- a/data/hooks/restore/05-conf_ldap
+++ b/data/hooks/restore/05-conf_ldap
@ -1,58 +0,0 @@
 backup_dir="${1}/conf/ldap"
 if [[ $EUID -ne 0 ]]; then
    # We need to execute this script as root, since the ldap
    # service will be shut down during the operation (and sudo
    # won't be available)
    sudo /bin/bash $(readlink -f $0) $1
 else
    service slapd stop || true
    # Create a directory for backup
    TMPDIR="/tmp/$(date +%s)"
    mkdir -p "$TMPDIR"
    die() {
        state=$1
        error=$2
        # Restore saved configuration and database
        [[ $state -ge 1 ]] \
          && (rm -rf /etc/ldap/slapd.d &&
              mv "${TMPDIR}/slapd.d" /etc/ldap/slapd.d)
        [[ $state -ge 2 ]] \
          && (rm -rf /var/lib/ldap &&
              mv "${TMPDIR}/ldap" /var/lib/ldap)
        chown -R openldap: /etc/ldap/slapd.d /var/lib/ldap
        service slapd start
        rm -rf "$TMPDIR"
        # Print an error message and exit
        printf "%s" "$error" 1>&2
        exit 1
    }
    # Restore the configuration
    mv /etc/ldap/slapd.d "$TMPDIR"
    mkdir -p /etc/ldap/slapd.d
    cp -a "${backup_dir}/slapd.conf" /etc/ldap/slapd.conf
    slapadd -F /etc/ldap/slapd.d -b cn=config \
        -l "${backup_dir}/cn=config.master.ldif" \
      || die 1 "Unable to restore LDAP configuration"
    chown -R openldap: /etc/ldap/slapd.d
    # Restore the database
    mv /var/lib/ldap "$TMPDIR"
    mkdir -p /var/lib/ldap
    slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
        -l "${backup_dir}/dc=yunohost-dc=org.ldif" \
      || die 2 "Unable to restore LDAP database"
    chown -R openldap: /var/lib/ldap
    service slapd start
    rm -rf "$TMPDIR"
 fi
--- a/data/hooks/restore/08-conf_ssh
+++ b/data/hooks/restore/08-conf_ssh
@ -1,9 +0,0 @@
 backup_dir="$1/conf/ssh"
 if [ -d /etc/ssh/ ]; then
    sudo cp -a $backup_dir/. /etc/ssh
    sudo service ssh restart
 else
    echo "SSH is not installed"
 fi
--- a/data/hooks/restore/11-conf_ynh_mysql
+++ b/data/hooks/restore/11-conf_ynh_mysql
@ -1,42 +0,0 @@
 backup_dir="$1/conf/ynh/mysql"
 MYSQL_PKG="mariadb-server-10.1"
 # ensure that mysql is running
 service mysql status >/dev/null 2>&1 \
  || service mysql start
 # retrieve current and new password
 [ -f /etc/yunohost/mysql ] \
  && curr_pwd=$(sudo cat /etc/yunohost/mysql)
 new_pwd=$(sudo cat "${backup_dir}/root_pwd" || sudo cat "${backup_dir}/mysql")
 [ -z "$curr_pwd" ] && curr_pwd="yunohost"
 [ -z "$new_pwd" ] && {
    . /usr/share/yunohost/helpers.d/string
    new_pwd=$(ynh_string_random 10)
 }
 # attempt to change it
 sudo mysqladmin -s -u root -p"$curr_pwd" password "$new_pwd" || {
  . /usr/share/yunohost/helpers.d/package
  echo "It seems that you have already configured MySQL." \
    "YunoHost needs to have a root access to MySQL to runs its" \
    "applications, and is going to reset the MySQL root password." \
    "You can find this new password in /etc/yunohost/mysql." >&2
  # set new password with debconf
  sudo debconf-set-selections << EOF
 $MYSQL_PKG mysql-server/root_password password $new_pwd
 $MYSQL_PKG mysql-server/root_password_again password $new_pwd
 EOF
  # reconfigure Debian package
  sudo dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
 }
 # store new root password
 echo "$new_pwd" | sudo tee /etc/yunohost/mysql
 sudo chmod 400 /etc/yunohost/mysql
 # reload the grant tables
 sudo mysqladmin -s -u root -p"$new_pwd" reload
--- a/data/hooks/restore/14-conf_ssowat
+++ b/data/hooks/restore/14-conf_ssowat
@ -1,3 +0,0 @@
 backup_dir="$1/conf/ssowat"
 sudo cp -a $backup_dir/. /etc/ssowat
--- a/data/hooks/restore/17-data_home
+++ b/data/hooks/restore/17-data_home
@ -1,3 +0,0 @@
 backup_dir="$1/data/home"
 sudo cp -a $backup_dir/. /home
--- a/data/hooks/restore/20-conf_ynh_firewall
+++ b/data/hooks/restore/20-conf_ynh_firewall
@ -1,4 +0,0 @@
 backup_dir="$1/conf/ynh/firewall"
 sudo cp -a $backup_dir/. /etc/yunohost
 sudo yunohost firewall reload
--- a/data/hooks/restore/21-conf_ynh_certs
+++ b/data/hooks/restore/21-conf_ynh_certs
@ -1,8 +0,0 @@
 backup_dir="$1/conf/ynh/certs"
 sudo mkdir -p /etc/yunohost/certs/
 sudo cp -a $backup_dir/. /etc/yunohost/certs/
 sudo yunohost app ssowatconf
 sudo service nginx reload
 sudo service metronome reload
--- a/data/hooks/restore/23-data_mail
+++ b/data/hooks/restore/23-data_mail
@ -1,8 +0,0 @@
 backup_dir="$1/data/mail"
 sudo cp -a $backup_dir/. /var/mail/ || echo 'No mail found'
 sudo chown -R vmail:mail /var/mail/
 # Restart services to use migrated certs
 sudo service postfix restart
 sudo service dovecot restart
--- a/data/hooks/restore/26-conf_xmpp
+++ b/data/hooks/restore/26-conf_xmpp
@ -1,7 +0,0 @@
 backup_dir="$1/conf/xmpp"
 sudo cp -a $backup_dir/etc/. /etc/metronome
 sudo cp -a $backup_dir/var/. /var/lib/metronome
 # Restart to apply new conf and certs
 sudo service metronome restart
--- a/data/hooks/restore/29-conf_nginx
+++ b/data/hooks/restore/29-conf_nginx
@ -1,7 +0,0 @@
 backup_dir="$1/conf/nginx"
 # Copy all conf except apps specific conf located in DOMAIN.d
 sudo find $backup_dir/ -mindepth 1 -maxdepth 1 -name '*.d' -or -exec sudo cp -a {} /etc/nginx/conf.d/ \;
 # Restart to use new conf and certs
 sudo service nginx restart
--- a/data/hooks/restore/32-conf_cron
+++ b/data/hooks/restore/32-conf_cron
@ -1,6 +0,0 @@
 backup_dir="$1/conf/cron"
 sudo cp -a $backup_dir/. /etc/cron.d
 # Restart just in case
 sudo service cron restart
--- a/data/hooks/restore/40-conf_ynh_currenthost
+++ b/data/hooks/restore/40-conf_ynh_currenthost
@ -1,3 +0,0 @@
 backup_dir="$1/conf/ynh"
 sudo cp -a "${backup_dir}/current_host" /etc/yunohost/current_host
--- a/data/other/ldap_scheme.yml
+++ b/data/other/ldap_scheme.yml
@ -1,56 +0,0 @@
 parents:
    ou=users:
        ou: users
        objectClass:
            - organizationalUnit
            - top
    ou=domains:
        ou: domains
        objectClass:
            - organizationalUnit
            - top
    ou=apps:
        ou: apps
        objectClass:
            - organizationalUnit
            - top
    ou=groups:
        ou: groups
        objectClass:
            - organizationalUnit
            - top
    ou=sudo:
        ou: sudo
        objectClass:
            - organizationalUnit
            - top
 children:
    cn=admins,ou=groups:
        cn: admins
        gidNumber: "4001"
        memberUid: admin
        objectClass:
            - posixGroup
            - top
    cn=sftpusers,ou=groups:
        cn: sftpusers
        gidNumber: "4002"
        memberUid: admin
        objectClass:
            - posixGroup
            - top
    cn=admin,ou=sudo:
        cn: admin
        sudoUser: admin
        sudoHost: ALL
        sudoCommand: ALL
        sudoOption: "!authenticate"
        objectClass:
            - sudoRole
            - top
--- a/data/other/password/100000-most-used.txt.gz
+++ b/data/other/password/100000-most-used.txt.gz
--- a/data/other/yunoprompt.service
+++ b/data/other/yunoprompt.service
@ -1,14 +0,0 @@
 [Unit]
 Description=YunoHost boot prompt
 After=getty@tty2.service
 [Service]
 Type=simple
 ExecStart=/usr/bin/yunoprompt
 StandardInput=tty
 TTYPath=/dev/tty2
 TTYReset=yes
 TTYVHangup=yes
 [Install]
 WantedBy=default.target
--- a/data/templates/avahi-daemon/avahi-daemon.conf
+++ b/data/templates/avahi-daemon/avahi-daemon.conf
@ -1,68 +0,0 @@
 # This file is part of avahi.
 #
 # avahi is free software; you can redistribute it and/or modify it
 # under the terms of the GNU Lesser General Public License as
 # published by the Free Software Foundation; either version 2 of the
 # License, or (at your option) any later version.
 #
 # avahi is distributed in the hope that it will be useful, but WITHOUT
 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
 # License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
 # License along with avahi; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 # USA.
 # See avahi-daemon.conf(5) for more information on this configuration
 # file!
 [server]
 host-name=yunohost
 domain-name=local
 #browse-domains=0pointer.de, zeroconf.org
 use-ipv4=yes
 use-ipv6=yes
 #allow-interfaces=eth0
 #deny-interfaces=eth1
 #check-response-ttl=no
 #use-iff-running=no
 #enable-dbus=yes
 #disallow-other-stacks=no
 #allow-point-to-point=no
 #cache-entries-max=4096
 #clients-max=4096
 #objects-per-client-max=1024
 #entries-per-entry-group-max=32
 ratelimit-interval-usec=1000000
 ratelimit-burst=1000
 [wide-area]
 enable-wide-area=yes
 [publish]
 #disable-publishing=no
 #disable-user-service-publishing=no
 #add-service-cookie=no
 #publish-addresses=yes
 #publish-hinfo=yes
 #publish-workstation=yes
 #publish-domain=yes
 #publish-dns-servers=192.168.50.1, 192.168.50.2
 #publish-resolv-conf-dns-servers=yes
 #publish-aaaa-on-ipv4=yes
 #publish-a-on-ipv6=no
 [reflector]
 #enable-reflector=no
 #reflect-ipv=no
 [rlimits]
 #rlimit-as=
 rlimit-core=0
 rlimit-data=4194304
 rlimit-fsize=0
 rlimit-nofile=768
 rlimit-stack=4194304
 rlimit-nproc=3
--- a/data/templates/dnsmasq/domain.tpl
+++ b/data/templates/dnsmasq/domain.tpl
@ -1,5 +0,0 @@
 address=/{{ domain }}/{{ ip }}
 txt-record={{ domain }},"v=spf1 mx a -all"
 mx-host={{ domain }},{{ domain }},5
 srv-host=_xmpp-client._tcp.{{ domain }},{{ domain }},5222,0,5
 srv-host=_xmpp-server._tcp.{{ domain }},{{ domain }},5269,0,5
--- a/data/templates/dnsmasq/plain/dnsmasq.conf
+++ b/data/templates/dnsmasq/plain/dnsmasq.conf
@ -1,6 +0,0 @@
 domain-needed
 expand-hosts
 listen-address=127.0.0.1
 resolv-file=/etc/resolv.dnsmasq.conf
 cache-size=256
--- a/data/templates/dnsmasq/plain/etcdefault
+++ b/data/templates/dnsmasq/plain/etcdefault
@ -1,33 +0,0 @@
 # This file has five functions: 
 # 1) to completely disable starting dnsmasq, 
 # 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 
 # 3) to select an alternative config file
 #    by setting DNSMASQ_OPTS to --conf-file=<file>
 # 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for
 #    more configuration variables.
 # 5) to stop the resolvconf package from controlling dnsmasq's
 #    idea of which upstream nameservers to use.
 # For upgraders from very old versions, all the shell variables set 
 # here in previous versions are still honored by the init script
 # so if you just keep your old version of this file nothing will break.
 #DOMAIN_SUFFIX=`dnsdomainname`
 #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
 # Whether or not to run the dnsmasq daemon; set to 0 to disable.
 ENABLED=1
 # By default search this drop directory for configuration options.
 # Libvirt leaves a file here to make the system dnsmasq play nice.
 # Comment out this line if you don't want this. The dpkg-* are file
 # endings which cause dnsmasq to skip that file. This avoids pulling
 # in backups made by dpkg.
 CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
 # If the resolvconf package is installed, dnsmasq will use its output 
 # rather than the contents of /etc/resolv.conf to find upstream 
 # nameservers. Uncommenting this line inhibits this behaviour.
 # Note that including a "resolv-file=<filename>" line in 
 # /etc/dnsmasq.conf is not enough to override resolvconf if it is
 # installed: the line below must be uncommented.
 IGNORE_RESOLVCONF=yes
--- a/data/templates/dnsmasq/plain/resolv.dnsmasq.conf
+++ b/data/templates/dnsmasq/plain/resolv.dnsmasq.conf
@ -1,31 +0,0 @@
 # This file will be used to generate /etc/resolv.dnsmasq.conf
 # To avoid that every instance rely on the first server as primary
 # server, this list is *shuffled* during every regen-conf of dnsmasq
 # In the possibility where the first nameserver is down, dnsmasq
 # will automatically switch to the next as primary server.
 # List taken from
 # http://diyisp.org/dokuwiki/doku.php?id=technical:dnsresolver
 # (FR) FDN
 nameserver 80.67.169.12
 nameserver 80.67.169.40
 # (FR) LDN
 nameserver 80.67.188.188
 # (FR) ARN
 nameserver 89.234.141.66
 # (FR) gozmail / grifon
 nameserver 89.234.186.18
 # (DE) FoeBud / Digital Courage
 nameserver 85.214.20.141
 # (FR) Aquilenet [added manually, following comments from @sachaz]
 nameserver 141.255.128.100
 nameserver 141.255.128.101
 # (DE) CCC Berlin
 nameserver 213.73.91.35
 # (DE) Ideal-Hosting
 nameserver 84.200.69.80
 nameserver 84.200.70.40
 # (DK) censurfridns
 nameserver 91.239.100.100
 nameserver 89.233.43.71
--- a/data/templates/dovecot/dovecot-ldap.conf
+++ b/data/templates/dovecot/dovecot-ldap.conf
@ -1,9 +0,0 @@
 hosts = 127.0.0.1
 auth_bind = yes
 ldap_version = 3
 base = ou=users,dc=yunohost,dc=org
 user_attrs = uidNumber=500,gidNumber=8,mailuserquota=quota_rule=*:bytes=%$
 user_filter = (&(objectClass=inetOrgPerson)(uid=%n))
 pass_filter = (&(objectClass=inetOrgPerson)(uid=%n))
 default_pass_scheme = SSHA
--- a/data/templates/dovecot/dovecot.conf
+++ b/data/templates/dovecot/dovecot.conf
@ -1,96 +0,0 @@
 !include yunohost.d/pre-ext.conf
 listen = *, ::
 auth_mechanisms = plain login
 mail_gid = 8
 mail_home = /var/mail/%n
 mail_location = maildir:/var/mail/%n
 mail_uid = 500
 protocols = imap sieve
 mail_plugins = $mail_plugins quota
 ssl = yes
 ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
 ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
 ssl_protocols = !SSLv3
 passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
 }
 userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
 }
 protocol imap {
  imap_client_workarounds =
  mail_plugins = $mail_plugins imap_quota antispam
 }
 protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  mail_plugins = quota sieve
  postmaster_address = postmaster@{{ main_domain }}
 }
 protocol sieve {
 }
 service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-master {
    group = mail
    mode = 0660
    user = vmail
  }
 }
 service quota-warning {
  executable = script /usr/bin/quota-warning.sh
  user = vmail
  unix_listener quota-warning {
  }
 }
 plugin {
  sieve = /var/mail/sievescript/%n/.dovecot.sieve
  sieve_dir = /var/mail/sievescript/%n/scripts/
  sieve_before = /etc/dovecot/global_script/
 }
 plugin {
  antispam_debug_target = syslog
  antispam_verbose_debug = 0
  antispam_backend = pipe
  antispam_spam = Junk;SPAM
  antispam_trash = Trash
  antispam_pipe_program = /usr/bin/rspamc
  antispam_pipe_program_args = -h;localhost:11334;-P;q1
  antispam_pipe_program_spam_arg = learn_spam
  antispam_pipe_program_notspam_arg = learn_ham
 }
 plugin {
  quota = maildir:User quota
  quota_rule2 = SPAM:ignore
  quota_rule3 = Trash:ignore
 }
 plugin {
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  quota_warning3 = -storage=100%% quota-warning below %u # user is no longer over quota
 }
 !include yunohost.d/post-ext.conf
--- a/data/templates/dovecot/dovecot.sieve
+++ b/data/templates/dovecot/dovecot.sieve
@ -1,4 +0,0 @@
 require "fileinto"; 
    if header :contains "X-Spam-Flag" "YES" { 
        fileinto "Junk"; 
    }
--- a/data/templates/dovecot/post-ext.conf
+++ b/data/templates/dovecot/post-ext.conf
@ -1 +0,0 @@
 !include_try post-ext.d/*.conf
--- a/data/templates/dovecot/pre-ext.conf
+++ b/data/templates/dovecot/pre-ext.conf
@ -1 +0,0 @@
 !include_try pre-ext.d/*.conf
--- a/data/templates/fail2ban/jail.conf
+++ b/data/templates/fail2ban/jail.conf
@ -1,855 +0,0 @@
 #
 # WARNING: heavily refactored in 0.9.0 release.  Please review and
 #          customize settings for your setup.
 #
 # Changes:  in most of the cases you should not modify this
 #           file, but provide customizations in jail.local file,
 #           or separate .conf files under jail.d/ directory, e.g.:
 #
 # HOW TO ACTIVATE JAILS:
 #
 # YOU SHOULD NOT MODIFY THIS FILE.
 #
 # It will probably be overwritten or improved in a distribution update.
 #
 # Provide customizations in a jail.local file or a jail.d/customisation.local.
 # For example to change the default bantime for all jails and to enable the
 # ssh-iptables jail the following (uncommented) would appear in the .local file.
 # See man 5 jail.conf for details.
 #
 # [DEFAULT]
 # bantime = 3600
 #
 # [sshd]
 # enabled = true
 #
 # See jail.conf(5) man page for more information
 # Comments: use '#' for comment lines and ';' (following a space) for inline comments
 [INCLUDES]
 #before = paths-distro.conf
 before = paths-debian.conf
 # The DEFAULT allows a global definition of the options. They can be overridden
 # in each jail afterwards.
 [DEFAULT]
 #
 # MISCELLANEOUS OPTIONS
 #
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 # ban a host which matches an address in this list. Several addresses can be
 # defined using space (and/or comma) separator.
 ignoreip = 127.0.0.1/8
 # External command that will take an tagged arguments to ignore, e.g. <ip>,
 # and return true if the IP is to be ignored. False otherwise.
 #
 # ignorecommand = /path/to/command <ip>
 ignorecommand =
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600
 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
 findtime  = 600
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 5
 # "backend" specifies the backend used to get files modification.
 # Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
 # This option can be overridden in each jail as well.
 #
 # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
 #              If pyinotify is not installed, Fail2ban will use auto.
 # gamin:     requires Gamin (a file alteration monitor) to be installed.
 #              If Gamin is not installed, Fail2ban will use auto.
 # polling:   uses a polling algorithm which does not require external libraries.
 # systemd:   uses systemd python library to access the systemd journal.
 #              Specifying "logpath" is not valid for this backend.
 #              See "journalmatch" in the jails associated filter config
 # auto:      will try to use the following backends, in order:
 #              pyinotify, gamin, polling.
 #
 # Note: if systemd backend is chosen as the default but you enable a jail
 #       for which logs are present only in its own log files, specify some other
 #       backend for that jail (e.g. polling) and provide empty value for
 #       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
 backend = auto
 # "usedns" specifies if jails should trust hostnames in logs,
 #   warn when DNS lookups are performed, or ignore all hostnames in logs
 #
 # yes:   if a hostname is encountered, a DNS lookup will be performed.
 # warn:  if a hostname is encountered, a DNS lookup will be performed,
 #        but it will be logged as a warning.
 # no:    if a hostname is encountered, will not be used for banning,
 #        but it will be logged as info.
 # raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
 usedns = warn
 # "logencoding" specifies the encoding of the log files handled by the jail
 #   This is used to decode the lines from the log file.
 #   Typical examples:  "ascii", "utf-8"
 #
 #   auto:   will use the system locale setting
 logencoding = auto
 # "enabled" enables the jails.
 #  By default all jails are disabled, and it should stay this way.
 #  Enable only relevant to your setup jails in your .local or jail.d/*.conf
 #
 # true:  jail will be enabled and log files will get monitored for changes
 # false: jail is not enabled
 enabled = false
 # "filter" defines the filter to use by the jail.
 #  By default jails have names matching their filter name
 #
 filter = %(__name__)s
 #
 # ACTIONS
 #
 # Some options used for actions
 # Destination email address used solely for the interpolations in
 # jail.{conf,local,d/*} configuration files.
 destemail = root@localhost
 # Sender email address used solely for some actions
 sender = root@localhost
 # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
 # mailing. Change mta configuration parameter to mail if you want to
 # revert to conventional 'mail'.
 mta = sendmail
 # Default protocol
 protocol = tcp
 # Specify chain where jumps would need to be added in iptables-* actions
 chain = INPUT
 # Ports to be banned
 # Usually should be overridden in a particular jail
 port = 0:65535
 # Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
 fail2ban_agent = Fail2Ban/%(fail2ban_version)s
 #
 # Action shortcuts. To be used to define action parameter
 # Default banning action (e.g. iptables, iptables-new,
 # iptables-multiport, shorewall, etc) It is used to define
 # action_* variables. Can be overridden globally or per
 # section within jail.local file
 banaction = iptables-multiport
 banaction_allports = iptables-allports
 # The simplest action to take: ban only
 action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report to the destemail.
 action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
 # ban & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
 #
 # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
 # to the destemail.
 action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 # Report block via blocklist.de fail2ban reporting service API
 # 
 # See the IMPORTANT note in action.d/blocklist_de.conf for when to
 # use this action. Create a file jail.d/blocklist_de.local containing
 # [Init]
 # blocklist_de_apikey = {api key from registration]
 #
 action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
 # Report ban via badips.com, and use as blacklist
 #
 # See BadIPsAction docstring in config/action.d/badips.py for
 # documentation for this action.
 #
 # NOTE: This action relies on banaction being present on start and therefore
 # should be last action defined for a jail.
 #
 action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
 #
 # Report ban via badips.com (uses action.d/badips.conf for reporting only)
 #
 action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
 # globally (section [DEFAULT]) or per specific section
 action = %(action_)s
 #
 # JAILS
 #
 #
 # SSH servers
 #
 [sshd]
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [sshd-ddos]
 # This jail corresponds to the standard configuration in Fail2ban.
 # The mail-whois action send a notification e-mail with a whois request
 # in the body.
 port    = ssh
 logpath = %(sshd_log)s
 backend = %(sshd_backend)s
 [dropbear]
 port     = ssh
 logpath  = %(dropbear_log)s
 backend  = %(dropbear_backend)s
 [selinux-ssh]
 port     = ssh
 logpath  = %(auditd_log)s
 #
 # HTTP servers
 #
 [apache-auth]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-badbots]
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
 port     = http,https
 logpath  = %(apache_access_log)s
 bantime  = 172800
 maxretry = 1
 [apache-noscript]
 port     = http,https
 logpath  = %(apache_error_log)s
 [apache-overflows]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-nohome]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-botsearch]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-fakegooglebot]
 port     = http,https
 logpath  = %(apache_access_log)s
 maxretry = 1
 ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
 [apache-modsecurity]
 port     = http,https
 logpath  = %(apache_error_log)s
 maxretry = 2
 [apache-shellshock]
 port    = http,https
 logpath = %(apache_error_log)s
 maxretry = 1
 [openhab-auth]
 filter = openhab
 action = iptables-allports[name=NoAuthFailures]
 logpath = /opt/openhab/logs/request.log
 [nginx-http-auth]
 port    = http,https
 logpath = %(nginx_error_log)s
 # To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` 
 # and define `limit_req` and `limit_req_zone` as described in nginx documentation
 # http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
 # or for example see in 'config/filter.d/nginx-limit-req.conf'
 [nginx-limit-req]
 port    = http,https
 logpath = %(nginx_error_log)s
 [nginx-botsearch]
 port     = http,https
 logpath  = %(nginx_error_log)s
 maxretry = 2
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
 [php-url-fopen]
 port    = http,https
 logpath = %(nginx_access_log)s
          %(apache_access_log)s
 [suhosin]
 port    = http,https
 logpath = %(suhosin_log)s
 [lighttpd-auth]
 # Same as above for Apache's mod_auth
 # It catches wrong authentifications
 port    = http,https
 logpath = %(lighttpd_error_log)s
 #
 # Webmail and groupware servers
 #
 [roundcube-auth]
 port     = http,https
 logpath  = %(roundcube_errors_log)s
 [openwebmail]
 port     = http,https
 logpath  = /var/log/openwebmail.log
 [horde]
 port     = http,https
 logpath  = /var/log/horde/horde.log
 [groupoffice]
 port     = http,https
 logpath  = /home/groupoffice/log/info.log
 [sogo-auth]
 # Monitor SOGo groupware server
 # without proxy this would be:
 # port    = 20000
 port     = http,https
 logpath  = /var/log/sogo/sogo.log
 [tine20]
 logpath  = /var/log/tine20/tine20.log
 port     = http,https
 #
 # Web Applications
 #
 #
 [drupal-auth]
 port     = http,https
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [guacamole]
 port     = http,https
 logpath  = /var/log/tomcat*/catalina.out
 [monit]
 #Ban clients brute-forcing the monit gui login
 port = 2812
 logpath  = /var/log/monit
 [webmin-auth]
 port    = 10000
 logpath = %(syslog_authpriv)s
 backend = %(syslog_backend)s
 [froxlor-auth]
 port    = http,https
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 #
 # HTTP Proxy servers
 #
 #
 [squid]
 port     =  80,443,3128,8080
 logpath = /var/log/squid/access.log
 [3proxy]
 port    = 3128
 logpath = /var/log/3proxy.log
 #
 # FTP servers
 #
 [proftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(proftpd_log)s
 backend  = %(proftpd_backend)s
 [pure-ftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(pureftpd_log)s
 backend  = %(pureftpd_backend)s
 [gssftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(syslog_daemon)s
 backend  = %(syslog_backend)s
 [wuftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(wuftpd_log)s
 backend  = %(wuftpd_backend)s
 [vsftpd]
 # or overwrite it in jails.local to be
 # logpath = %(syslog_authpriv)s
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = %(vsftpd_log)s
 #
 # Mail servers
 #
 # ASSP SMTP Proxy Jail
 [assp]
 port     = smtp,465,submission
 logpath  = /root/path/to/assp/logs/maillog.txt
 [courier-smtp]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [postfix-rbl]
 port     = smtp,465,submission
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 maxretry = 1
 [sendmail-auth]
 port    = submission,465,smtp
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [sendmail-reject]
 port     = smtp,465,submission
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [qmail-rbl]
 filter  = qmail
 port    = smtp,465,submission
 logpath = /service/qmail/log/main/current
 # dovecot defaults to logging to the mail syslog facility
 # but can be set by syslog_facility in the dovecot configuration.
 [dovecot]
 port    = pop3,pop3s,imap,imaps,submission,465,sieve
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [sieve]
 port   = smtp,465,submission
 logpath = %(dovecot_log)s
 backend = %(dovecot_backend)s
 [solid-pop3d]
 port    = pop3,pop3s
 logpath = %(solidpop3d_log)s
 [exim]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [exim-spam]
 port   = smtp,465,submission
 logpath = %(exim_main_log)s
 [kerio]
 port    = imap,smtp,imaps,465
 logpath = /opt/kerio/mailserver/store/logs/security.log
 #
 # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
 # all relevant ports get banned
 #
 [courier-auth]
 port     = smtp,465,submission,imaps,pop3,pop3s
 logpath  = %(syslog_mail)s
 backend  = %(syslog_backend)s
 [postfix-sasl]
 port     = smtp,465,submission,imap,imaps,pop3,pop3s
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 logpath  = %(postfix_log)s
 backend  = %(postfix_backend)s
 [perdition]
 port   = imap,imaps,pop3,pop3s
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [squirrelmail]
 port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks
 logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
 [cyrus-imap]
 port   = imap,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 [uwimap-auth]
 port   = imap,imaps
 logpath = %(syslog_mail)s
 backend = %(syslog_backend)s
 #
 #
 # DNS servers
 #
 # !!! WARNING !!!
 #   Since UDP is connection-less protocol, spoofing of IP and imitation
 #   of illegal actions is way too simple.  Thus enabling of this filter
 #   might provide an easy way for implementing a DoS against a chosen
 #   victim. See
 #    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
 #   Please DO NOT USE this jail unless you know what you are doing.
 #
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks UDP traffic for DNS requests.
 # [named-refused-udp]
 #
 # filter   = named-refused
 # port     = domain,953
 # protocol = udp
 # logpath  = /var/log/named/security.log
 # IMPORTANT: see filter.d/named-refused for instructions to enable logging
 # This jail blocks TCP traffic for DNS requests.
 [named-refused]
 port     = domain,953
 logpath  = /var/log/named/security.log
 [nsd]
 port     = 53
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 logpath = /var/log/nsd.log
 #
 # Miscellaneous
 #
 [asterisk]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 [freeswitch]
 port     = 5060,5061
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
 logpath  = /var/log/freeswitch.log
 maxretry = 10
 # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
 # equivalent section:
 # log-warning = 2
 #
 # for syslog (daemon facility)
 # [mysqld_safe]
 # syslog
 #
 # for own logfile
 # [mysqld]
 # log-error=/var/log/mysqld.log
 [mysqld-auth]
 port     = 3306
 logpath  = %(mysql_log)s
 backend  = %(mysql_backend)s
 # Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf')
 [mongodb-auth]
 # change port when running with "--shardsvr" or "--configsvr" runtime operation
 port     = 27017
 logpath  = /var/log/mongodb/mongodb.log
 # Jail for more extended banning of persistent abusers
 # !!! WARNINGS !!!
 # 1. Make sure that your loglevel specified in fail2ban.conf/.local
 #    is not at DEBUG level -- which might then cause fail2ban to fall into
 #    an infinite loop constantly feeding itself with non-informative lines
 # 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
 #    to maintain entries for failed logins for sufficient amount of time
 [recidive]
 logpath  = /var/log/fail2ban.log
 banaction = %(banaction_allports)s
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 # Generic filter for PAM. Has to be used with action which bans all
 # ports such as iptables-allports, shorewall
 [pam-generic]
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = %(banaction_allports)s
 logpath  = %(syslog_authpriv)s
 backend  = %(syslog_backend)s
 [xinetd-fail]
 banaction = iptables-multiport-log
 logpath   = %(syslog_daemon)s
 backend   = %(syslog_backend)s
 maxretry  = 2
 # stunnel - need to set port for this
 [stunnel]
 logpath = /var/log/stunnel4/stunnel.log
 [ejabberd-auth]
 port    = 5222
 logpath = /var/log/ejabberd/ejabberd.log
 [counter-strike]
 logpath = /opt/cstrike/logs/L[0-9]*.log
 # Firewall: http://www.cstrike-planet.com/faq/6
 tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
 udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 # consider low maxretry and a long bantime
 # nobody except your own Nagios server should ever probe nrpe
 [nagios]
 logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
 backend  = %(syslog_backend)s
 maxretry = 1
 [oracleims]
 # see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
 logpath = /opt/sun/comms/messaging64/log/mail.log_current
 banaction = %(banaction_allports)s
 [directadmin]
 logpath = /var/log/directadmin/login.log
 port = 2222
 [portsentry]
 logpath  = /var/lib/portsentry/portsentry.history
 maxretry = 1
 [pass2allow-ftp]
 # this pass2allow example allows FTP traffic after successful HTTP authentication
 port         = ftp,ftp-data,ftps,ftps-data
 # knocking_url variable must be overridden to some secret value in jail.local
 knocking_url = /knocking/
 filter       = apache-pass[knocking_url="%(knocking_url)s"]
 # access log of the website with HTTP auth
 logpath      = %(apache_access_log)s
 blocktype    = RETURN
 returntype   = DROP
 bantime      = 3600
 maxretry     = 1
 findtime     = 1
 [murmur]
 # AKA mumble-server
 port     = 64738
 action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
 logpath  = /var/log/mumble-server/mumble-server.log
 [screensharingd]
 # For Mac OS Screen Sharing Service (VNC)
 logpath  = /var/log/system.log
 logencoding = utf-8
 [haproxy-http-auth]
 # HAProxy by default doesn't log to file you'll need to set it up to forward
 # logs to a syslog server which would then write them to disk.
 # See "haproxy-http-auth" filter for a brief cautionary note when setting
 # maxretry and findtime.
 logpath  = /var/log/haproxy.log
 [slapd]
 port    = ldap,ldaps
 filter  = slapd
 logpath = /var/log/slapd.log
--- a/data/templates/fail2ban/yunohost-jails.conf
+++ b/data/templates/fail2ban/yunohost-jails.conf
@ -1,32 +0,0 @@
 [sshd]
 enabled = true
 [sshd-ddos]
 enabled = true
 [nginx-http-auth]
 enabled = true
 [postfix]
 enabled = true
 [dovecot]
 enabled = true
 [postfix-sasl]
 enabled = true
 [recidive]
 enabled = true
 [pam-generic]
 enabled = true
 [yunohost]
 enabled  = true
 port     = http,https
 protocol = tcp
 filter   = yunohost
 logpath  = /var/log/nginx/*error.log
           /var/log/nginx/*access.log
 maxretry = 6
--- a/data/templates/fail2ban/yunohost.conf
+++ b/data/templates/fail2ban/yunohost.conf
@ -1,24 +0,0 @@
 # Fail2Ban configuration file
 #
 # Author: Adrien Beudin
 #
 # $Revision: 2 $
 #
 [Definition]
 # Option:  failregex
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = helpers.lua:[0-9]+: authenticate\(\): Connection failed for: .*, client: <HOST>
            ^<HOST> -.*\"POST /yunohost/api/login HTTP/1.1\" 401
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex =
--- a/data/templates/glances/glances.default
+++ b/data/templates/glances/glances.default
@ -1,5 +0,0 @@
 # Default is to launch glances with '-s' option.
 DAEMON_ARGS="-s -B 127.0.0.1"
 # Change to 'true' to have glances running at startup
 RUN="true"
--- a/data/templates/metronome/domain.tpl.cfg.lua
+++ b/data/templates/metronome/domain.tpl.cfg.lua
@ -1,15 +0,0 @@
 VirtualHost "{{ domain }}"
  ssl = {
        key = "/etc/yunohost/certs/{{ domain }}/key.pem";
        certificate = "/etc/yunohost/certs/{{ domain }}/crt.pem";
  }
  authentication = "ldap2"
  ldap = {
     hostname      = "localhost",
     user = {
       basedn        = "ou=users,dc=yunohost,dc=org",
       filter        = "(&(objectClass=posixAccount)(mail=*@{{ domain }}))",
       usernamefield = "mail",
       namefield     = "cn",
       },
  }
--- a/data/templates/metronome/metronome.cfg.lua
+++ b/data/templates/metronome/metronome.cfg.lua
@ -1,160 +0,0 @@
 -- ** Metronome's config file example **
 -- 
 -- The format is exactly equal to Prosody's:
 --
 -- Lists are written { "like", "this", "one" } 
 -- Lists can also be of { 1, 2, 3 } numbers, etc. 
 -- Either commas, or semi-colons; may be used as seperators.
 --
 -- A table is a list of values, except each value has a name. An 
 -- example would be:
 --
 -- ssl = { key = "keyfile.key", certificate = "certificate.cert" }
 --
 -- Tip: You can check that the syntax of this file is correct when you have finished
 -- by running: luac -p metronome.cfg.lua
 -- If there are any errors, it will let you know what and where they are, otherwise it 
 -- will keep quiet.
 -- Global settings go in this section
 -- This is the list of modules Metronome will load on startup.
 -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
 modules_enabled = {
 	-- Generally required
 		"roster"; -- Allow users to have a roster. Recommended.
 		"saslauth"; -- Authentication for clients. Recommended if you want to log in.
 		"tls"; -- Add support for secure TLS on c2s/s2s connections
 		"disco"; -- Service discovery
 	-- Not essential, but recommended
 		"private"; -- Private XML storage (for room bookmarks, etc.)
 		"vcard"; -- Allow users to set vCards
 		"pep"; -- Allows setting of mood, tune, etc.
 		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
 		"bidi"; -- Enables Bidirectional Server-to-Server Streams.
 	-- Nice to have
 		"version"; -- Replies to server version requests
 		"uptime"; -- Report how long server has been running
 		"time"; -- Let others know the time here on this server
 		"ping"; -- Replies to XMPP pings with pongs
 		"register"; -- Allow users to register on this server using a client and change passwords
 		"stream_management"; -- Allows clients and servers to use Stream Management
 		"stanza_optimizations"; -- Allows clients to use Client State Indication and SIFT
 		"message_carbons"; -- Allows clients to enable carbon copies of messages
 		"mam"; -- Enable server-side message archives using Message Archive Management
 		"push"; -- Enable Push Notifications via PubSub using XEP-0357
 		"lastactivity"; -- Enables clients to know the last presence status of an user
 		"adhoc_cm"; -- Allow to set client certificates to login through SASL External via adhoc
 		"admin_adhoc"; -- administration adhoc commands
 		"bookmarks"; -- XEP-0048 Bookmarks synchronization between PEP and Private Storage
 		"sec_labels"; -- Allows to use a simplified version XEP-0258 Security Labels and related ACDFs.
 		"privacy"; -- Add privacy lists and simple blocking command support
 		-- Other specific functionality
 		--"admin_telnet"; -- administration console, telnet to port 5582
 		--"admin_web"; -- administration web interface
 		"bosh"; -- Enable support for BOSH clients, aka "XMPP over Bidirectional Streams over Synchronous HTTP"
 		--"compression"; -- Allow clients to enable Stream Compression
 		--"spim_block"; -- Require authorization via OOB form for messages from non-contacts and block unsollicited messages
 		--"gate_guard"; -- Enable config-based blacklisting and hit-based auto-banning features
 		--"incidents_handling"; -- Enable Incidents Handling support (can be administered via adhoc commands)
 		--"server_presence"; -- Enables Server Buddies extension support
 		--"service_directory"; -- Enables Service Directories extension support
 		--"public_service"; -- Enables Server vCard support for public services in directories and advertises in features
 		--"register_api"; -- Provides secure API for both Out-Of-Band and In-Band registration for E-Mail verification
 		"websocket"; -- Enable support for WebSocket clients, aka "XMPP over WebSockets"
 };
 -- Server PID
 pidfile = "/var/run/metronome/metronome.pid"
 -- HTTP server
 http_ports = { 5290 }
 http_interfaces = { "127.0.0.1", "::1" }
 --https_ports = { 5291 }
 --https_interfaces = { "127.0.0.1", "::1" }
 -- Enable IPv6
 use_ipv6 = true
 -- Discovery items
 disco_items = {
 	{ "muc.{{ main_domain }}" },
 	{ "pubsub.{{ main_domain }}" },
 	{ "upload.{{ main_domain }}" },
 	{ "vjud.{{ main_domain }}" }
 };
 -- BOSH configuration (mod_bosh)
 consider_bosh_secure = true
 cross_domain_bosh = true
 -- WebSocket configuration (mod_websocket)
 consider_websocket_secure = true
 cross_domain_websocket = true
 -- Disable account creation by default, for security
 allow_registration = false
 -- Use LDAP storage backend for all stores
 storage = "ldap"
 -- Logging configuration
 log = {
 	info = "/var/log/metronome/metronome.log"; -- Change 'info' to 'debug' for verbose logging
 	error = "/var/log/metronome/metronome.err";
 	-- "*syslog"; -- Uncomment this for logging to syslog
 	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
 }
 ------ Components ------
 -- You can specify components to add hosts that provide special services,
 -- like multi-user conferences, and transports.
 ---Set up a local BOSH service
 Component "localhost" "http"
 	modules_enabled = { "bosh" }
 ---Set up a MUC (multi-user chat) room server
 Component "muc.{{ main_domain }}" "muc"
 	name = "{{ main_domain }} Chatrooms"
 	modules_enabled = {
 		"muc_limits";
 		"muc_log";
 		"muc_log_mam";
 		"muc_log_http";
 		"muc_vcard";
    }
 	muc_event_rate = 0.5
 	muc_burst_factor = 10
 ---Set up a PubSub server
 Component "pubsub.{{ main_domain }}" "pubsub"
 	name = "{{ main_domain }} Publish/Subscribe"
 	unrestricted_node_creation = true -- Anyone can create a PubSub node (from any server)
 ---Set up a HTTP Upload service
 Component "upload.{{ main_domain }}" "http_upload"
 	name = "{{ main_domain }} Sharing Service"
 	http_file_size_limit = 6*1024*1024
 	http_file_quota = 60*1024*1024
 ---Set up a VJUD service
 Component "vjud.{{ main_domain }}" "vjud"
 	ud_disco_name = "{{ main_domain }} User Directory"
 ----------- Virtual hosts -----------
 -- You need to add a VirtualHost entry for each domain you wish Metronome to serve.
 -- Settings under each VirtualHost entry apply *only* to that host.
 Include "conf.d/*.cfg.lua"
--- a/data/templates/mysql/my.cnf
+++ b/data/templates/mysql/my.cnf
@ -1,92 +0,0 @@
 # Example MySQL config file for small systems.
 #
 # This is for a system with little memory (<= 64M) where MySQL is only used
 # from time to time and it's important that the mysqld daemon
 # doesn't use much resources.
 #
 # MySQL programs look for option files in a set of
 # locations which depend on the deployment platform.
 # You can copy this option file to one of those
 # locations. For information about these locations, see:
 # http://dev.mysql.com/doc/mysql/en/option-files.html
 #
 # In this file, you can use all long options that a program supports.
 # If you want to know which options a program supports, run the program
 # with the "--help" option.
 # The following options will be passed to all MySQL clients
 [client]
 #password       = your_password
 port            = 3306
 socket          = /var/run/mysqld/mysqld.sock
 # Here follows entries for some specific programs
 # The MySQL server
 [mysqld]
 port            = 3306
 socket          = /var/run/mysqld/mysqld.sock
 skip-external-locking
 key_buffer_size = 16K
 max_allowed_packet = 1M
 table_open_cache = 4
 sort_buffer_size = 64K
 read_buffer_size = 256K
 read_rnd_buffer_size = 256K
 net_buffer_length = 2K
 thread_stack = 128K
 # to avoid corruption on powerfailure
 default-storage-engine=innodb
 # Don't listen on a TCP/IP port at all. This can be a security enhancement,
 # if all processes that need to connect to mysqld run on the same host.
 # All interaction with mysqld must be made via Unix sockets or named pipes.
 # Note that using this option without enabling named pipes on Windows
 # (using the "enable-named-pipe" option) will render mysqld useless!
 # 
 #skip-networking
 server-id       = 1
 # Uncomment the following if you want to log updates
 #log-bin=mysql-bin
 # binary logging format - mixed recommended
 #binlog_format=mixed
 # Causes updates to non-transactional engines using statement format to be
 # written directly to binary log. Before using this option make sure that
 # there are no dependencies between transactional and non-transactional
 # tables such as in the statement INSERT INTO t_myisam SELECT * FROM
 # t_innodb; otherwise, slaves may diverge from the master.
 #binlog_direct_non_transactional_updates=TRUE
 # Uncomment the following if you are using InnoDB tables
 #innodb_data_home_dir = /var/lib/mysql
 #innodb_data_file_path = ibdata1:10M:autoextend
 #innodb_log_group_home_dir = /var/lib/mysql
 # You can set .._buffer_pool_size up to 50 - 80 %
 # of RAM but beware of setting memory usage too high
 #innodb_buffer_pool_size = 16M
 #innodb_additional_mem_pool_size = 2M
 # Set .._log_file_size to 25 % of buffer pool size
 #innodb_log_file_size = 5M
 #innodb_log_buffer_size = 8M
 #innodb_flush_log_at_trx_commit = 1
 #innodb_lock_wait_timeout = 50
 [mysqldump]
 quick
 max_allowed_packet = 16M
 [mysql]
 no-auto-rehash
 # Remove the next comment character if you are not familiar with SQL
 #safe-updates
 [myisamchk]
 key_buffer_size = 8M
 sort_buffer_size = 8M
 [mysqlhotcopy]
 interactive-timeout
--- a/data/templates/nginx/autoconfig.tpl.xml
+++ b/data/templates/nginx/autoconfig.tpl.xml
@ -1,19 +0,0 @@
 <clientConfig version="1.1">
  <emailProvider id="{{ domain }}">
    <domain>{{ domain }}</domain>
    <incomingServer type="imap">
      <hostname>{{ domain }}</hostname>
      <port>993</port>
      <socketType>SSL</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILLOCALPART%</username>
    </incomingServer>
    <outgoingServer type="smtp">
      <hostname>{{ domain }}</hostname>
      <port>587</port>
      <socketType>STARTTLS</socketType>
      <authentication>password-cleartext</authentication>
      <username>%EMAILLOCALPART%</username>
    </outgoingServer>
  </emailProvider>
 </clientConfig>
--- a/data/templates/nginx/plain/global.conf
+++ b/data/templates/nginx/plain/global.conf
@ -1,2 +0,0 @@
 server_tokens off;
 gzip_types text/css text/javascript application/javascript;
--- a/data/templates/nginx/plain/ssowat.conf
+++ b/data/templates/nginx/plain/ssowat.conf
@ -1,3 +0,0 @@
 lua_shared_dict cache 10m;
 init_by_lua_file   /usr/share/ssowat/init.lua;
 server_names_hash_bucket_size 64;
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@ -1,78 +0,0 @@
 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    location / {
        return 302 https://$http_host/yunohost/admin;
    }
    location /yunohost/admin {
        return 301 https://$http_host$request_uri;
    }
 }
 server {
    # Disabling http2 for now as it's causing weird issues with curl
    #listen 443 ssl http2 default_server;
    #listen [::]:443 ssl http2 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
    # (this doesn't work on jessie though ...?)
    # ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
    # As suggested by https://cipherli.st/
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    # Ciphers with intermediate compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=intermediate
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    #ssl_protocols TLSv1.2;
    #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    #ssl_dhparam /etc/ssl/private/dh2048.pem;
    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
    # https://wiki.mozilla.org/Security/Guidelines/Web_Security
    # https://observatory.mozilla.org/ 
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
    add_header 'Referrer-Policy' 'same-origin';
    add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Frame-Options "SAMEORIGIN";
    location / {
        return 302 https://$http_host/yunohost/admin;
    }
    location /yunohost {
        # Block crawlers bot
        if ($http_user_agent ~ (crawl|Googlebot|Slurp|spider|bingbot|tracker|click|parser|spider|facebookexternalhit) ) {
            return 403;
        }
        # Redirect most of 404 to maindomain.tld/yunohost/sso
        access_by_lua_file /usr/share/ssowat/access.lua;
    }
    include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    include /etc/nginx/conf.d/yunohost_api.conf.inc;
 }
--- a/data/templates/nginx/plain/yunohost_admin.conf.inc
+++ b/data/templates/nginx/plain/yunohost_admin.conf.inc
@ -1,14 +0,0 @@
 # Avoid the nginx path/alias traversal weakness ( #1037 )
 rewrite ^/yunohost/admin$ /yunohost/admin/ permanent;
 location /yunohost/admin/ {
    alias /usr/share/yunohost/admin/;
    default_type text/html;
    index index.html;
    # Short cache on handlebars templates
    location ~* \.(?:ms)$ {
      expires 5m;
      add_header Cache-Control "public";
    }
 }
--- a/data/templates/nginx/plain/yunohost_api.conf.inc
+++ b/data/templates/nginx/plain/yunohost_api.conf.inc
@ -1,18 +0,0 @@
 location /yunohost/api/ {
    proxy_read_timeout 3600s;
    proxy_pass http://127.0.0.1:6787/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    # Custom 502 error page
    error_page 502 /yunohost/api/error/502;
 }
 # Yunohost admin output complete 502 error page, so use only plain text.
 location = /yunohost/api/error/502 {
    return 502 '502 - Bad Gateway';
    add_header Content-Type text/plain;
    internal;
 }
--- a/data/templates/nginx/plain/yunohost_panel.conf.inc
+++ b/data/templates/nginx/plain/yunohost_panel.conf.inc
@ -1,8 +0,0 @@
 # Insert YunoHost panel
 sub_filter </head> '<script type="text/javascript" src="/ynhpanel.js"></script></head>';
 sub_filter_once on;
 # Apply to other mime types than text/html
 sub_filter_types application/xhtml+xml;
 # Prevent YunoHost panel files from being blocked by specific app rules
 location ~ ynhpanel\.(js|json|css) {
 }
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@ -1,89 +0,0 @@
 server {
    listen 80;
    listen [::]:80;
    server_name {{ domain }};
    access_by_lua_file /usr/share/ssowat/access.lua;
    include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
    location /yunohost/admin {
        return 301 https://$http_host$request_uri;
    }
    location /.well-known/autoconfig/mail {
        alias /var/www/.well-known/{{ domain }}/autoconfig/mail;
    }
    access_log /var/log/nginx/{{ domain }}-access.log;
    error_log /var/log/nginx/{{ domain }}-error.log;
 }
 server {
    # Disabling http2 for now as it's causing weird issues with curl
    #listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name {{ domain }};
    ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
    # (this doesn't work on jessie though ...?)
    # ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
    # As suggested by https://cipherli.st/
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    # Ciphers with intermediate compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=intermediate
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    #ssl_protocols TLSv1.2;
    #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    #ssl_dhparam /etc/ssl/private/dh2048.pem;
    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
    # https://wiki.mozilla.org/Security/Guidelines/Web_Security
    # https://observatory.mozilla.org/ 
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
    add_header Content-Security-Policy "upgrade-insecure-requests";
    add_header Content-Security-Policy-Report-Only "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Frame-Options "SAMEORIGIN";
    {% if domain_cert_ca == "Let's Encrypt" %}
    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
    resolver 127.0.0.1 127.0.1.1 valid=300s;
    resolver_timeout 5s;
    {% endif %}
    access_by_lua_file /usr/share/ssowat/access.lua;
    include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
    include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    include /etc/nginx/conf.d/yunohost_api.conf.inc;
    access_log /var/log/nginx/{{ domain }}-access.log;
    error_log /var/log/nginx/{{ domain }}-error.log;
 }
--- a/data/templates/nginx/yunohost_local.conf
+++ b/data/templates/nginx/yunohost_local.conf
@ -1 +0,0 @@
 server_name $server_name yunohost.local;
--- a/Show more
+++ b/Show more
		`@ -1,3 +0,0 @@`
			`backup_dir="$1/conf/ssowat"`

			`sudo cp -a $backup_dir/. /etc/ssowat`
		`@ -1,3 +0,0 @@`
			`backup_dir="$1/data/home"`

			`sudo cp -a $backup_dir/. /home`
		`@ -1,3 +0,0 @@`
			`backup_dir="$1/conf/ynh"`

			`sudo cp -a "${backup_dir}/current_host" /etc/yunohost/current_host`
		`@ -1,2 +0,0 @@`
			`server_tokens off;`
			`gzip_types text/css text/javascript application/javascript;`