diff --git a/data/helpers.d/apt b/data/helpers.d/apt
index 6a7f98ef3..7cfc3bcc7 100644
--- a/data/helpers.d/apt
+++ b/data/helpers.d/apt
@@ -253,9 +253,6 @@ ynh_install_app_dependencies() {
     # The (?<=php) syntax corresponds to lookbehind ;)
     local specific_php_version=$(echo $dependencies | grep -oP '(?<=php)[0-9.]+(?=-|\>)' | sort -u)
 
-    # Ignore case where the php version found is the one available in debian vanilla
-    [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version=""
-
     if [[ -n "$specific_php_version" ]]
     then
         # Cover a small edge case where a packager could have specified "php7.4-pwet php5-gni" which is confusing
@@ -263,10 +260,9 @@ ynh_install_app_dependencies() {
             || ynh_die --message="Inconsistent php versions in dependencies ... found : $specific_php_version"
 
         dependencies+=", php${specific_php_version}, php${specific_php_version}-fpm, php${specific_php_version}-common"
-
-        ynh_add_sury
     fi
 
+    local psql_installed="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
 
     # The first time we run ynh_install_app_dependencies, we will replace the
     # entire control file (This is in particular meant to cover the case of
@@ -286,23 +282,6 @@ ynh_install_app_dependencies() {
         dependencies="$current_dependencies, $dependencies"
     fi
 
-    #
-    # Epic ugly hack to fix the goddamn dependency nightmare of sury
-    # Sponsored by the "Djeezusse Fokin Kraiste Why Do Adminsys Has To Be So Fucking Complicated I Should Go Grow Potatoes Instead Of This Shit" collective
-    # https://github.com/YunoHost/issues/issues/1407
-    #
-    # If we require to install php dependency
-    if grep --quiet 'php' <<< "$dependencies"; then
-        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian)
-        if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9"; then
-            # And sury ain't already in sources.lists
-            if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list*; then
-                # Re-add sury
-                ynh_add_sury
-            fi
-        fi
-    fi
-
     cat >/tmp/${dep_app}-ynh-deps.control <<EOF # Make a control file for equivs-build
 Section: misc
 Priority: optional
@@ -319,34 +298,21 @@ EOF
 
     if [[ -n "$specific_php_version" ]]
     then
-        # Set the default php version back as the default version for php-cli.
-        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
-
-        # Store phpversion into the config of this app
         ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version
 
-        # Integrate new php-fpm service in yunohost
-        yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log"
-    elif grep --quiet 'php' <<< "$dependencies"; then
-        # Store phpversion into the config of this app
-        ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION
+        # Set the default php version back as the default version for php-cli.
+        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
     fi
-}
 
-# Add sury repository with adequate pin strategy
-#
-# [internal]
-#
-# usage: ynh_add_sury
-#
-ynh_add_sury() {
-
-    # Add an extra repository for those packages
-    ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600
+    # Trigger postgresql regenconf if we may have just installed postgresql
+    local psql_installed2="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
+    if [[ "$psql_installed" != "$psql_installed2" ]]
+    then
+        yunohost tools regen-conf postgresql
+    fi
 
 }
 
-
 # Add dependencies to install with ynh_install_app_dependencies
 #
 # usage: ynh_add_app_dependencies --package=phpversion [--replace]
diff --git a/data/helpers.d/postgresql b/data/helpers.d/postgresql
index c4ba4cb18..92a70a166 100644
--- a/data/helpers.d/postgresql
+++ b/data/helpers.d/postgresql
@@ -281,6 +281,8 @@ ynh_psql_remove_db() {
 
 # Create a master password and set up global settings
 #
+# [internal]
+#
 # usage: ynh_psql_test_if_first_run
 #
 # It also make sure that postgresql is installed and running
@@ -292,34 +294,5 @@ ynh_psql_test_if_first_run() {
     # Make sure postgresql is indeed installed
     dpkg --list | grep -q "ii  postgresql-$PSQL_VERSION" || ynh_die --message="postgresql-$PSQL_VERSION is not installed !?"
 
-    # Check for some weird issue where postgresql could be installed but etc folder would not exist ...
-    [ -e "/etc/postgresql/$PSQL_VERSION" ] || ynh_die --message="It looks like postgresql was not properly configured ? /etc/postgresql/$PSQL_VERSION is missing ... Could be due to a locale issue, c.f.https://serverfault.com/questions/426989/postgresql-etc-postgresql-doesnt-exist"
-
-    # Make sure postgresql is started and enabled
-    # (N.B. : to check the active state, we check the cluster state because
-    # postgresql could be flagged as active even though the cluster is in
-    # failed state because of how the service is configured..)
-    systemctl is-active postgresql@$PSQL_VERSION-main -q || ynh_systemd_action --service_name=postgresql --action=restart
-    systemctl is-enabled postgresql -q || systemctl enable postgresql --quiet
-
-    # If this is the very first time, we define the root password
-    # and configure a few things
-    if [ ! -f "$PSQL_ROOT_PWD_FILE" ]; then
-        local pg_hba=/etc/postgresql/$PSQL_VERSION/main/pg_hba.conf
-
-        local psql_root_password="$(ynh_string_random)"
-        echo "$psql_root_password" >$PSQL_ROOT_PWD_FILE
-        sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$psql_root_password'" postgres
-
-        # force all user to connect to local databases using hashed passwords
-        # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
-        # Note: we can't use peer since YunoHost create users with nologin
-        #  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
-        ynh_replace_string --match_string="local\(\s*\)all\(\s*\)all\(\s*\)peer" --replace_string="local\1all\2all\3md5" --target_file="$pg_hba"
-
-        # Integrate postgresql service in yunohost
-        yunohost service add postgresql --log "/var/log/postgresql/"
-
-        ynh_systemd_action --service_name=postgresql --action=reload
-    fi
+    yunohost tools regen-conf postgresql
 }
diff --git a/data/hooks/conf_regen/10-apt b/data/hooks/conf_regen/10-apt
index afd96e4ee..8a27abf22 100755
--- a/data/hooks/conf_regen/10-apt
+++ b/data/hooks/conf_regen/10-apt
@@ -7,6 +7,11 @@ do_pre_regen() {
 
     mkdir --parents "${pending_dir}/etc/apt/preferences.d"
 
+    # Add sury
+    mkdir -p ${pending_dir}/etc/apt/sources.list.d/
+    echo "deb https://packages.sury.org/php/ $(lsb_release --codename --short) main" > "${pending_dir}/etc/apt/sources.list.d/extra_php_version.list"
+
+    # Ban some packages from sury
     packages_to_refuse_from_sury="php php-fpm php-mysql php-xml php-zip php-mbstring php-ldap php-gd php-curl php-bz2 php-json php-sqlite3 php-intl openssl libssl1.1 libssl-dev"
     for package in $packages_to_refuse_from_sury; do
         echo "
@@ -15,6 +20,7 @@ Pin: origin \"packages.sury.org\"
 Pin-Priority: -1" >>"${pending_dir}/etc/apt/preferences.d/extra_php_version"
     done
 
+    # Ban some packages that users may inadvertendly try to install such as apache2 ...
     echo "
 
 # PLEASE READ THIS WARNING AND DON'T EDIT THIS FILE
@@ -44,11 +50,19 @@ Pin: release *
 Pin-Priority: -1
 " >>"${pending_dir}/etc/apt/preferences.d/ban_packages"
 
+
 }
 
 do_post_regen() {
     regen_conf_files=$1
 
+    # Add sury key
+    # We do this only at the post regen and if the key doesn't already exists, because we don't want the regenconf to fuck everything up if the regenconf runs while the network is down
+    if [[ ! -s /etc/apt/trusted.gpg.d/extra_php_version.gpg ]]
+    then
+        wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"
+    fi
+
     # Make sure php7.4 is the default version when using php in cli
     update-alternatives --set php /usr/bin/php7.4
 }
diff --git a/data/hooks/conf_regen/12-metronome b/data/hooks/conf_regen/12-metronome
index 5dfa7b5dc..c3c5ff828 100755
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@@ -2,6 +2,12 @@
 
 set -e
 
+if ! dpkg --list | grep -q 'ii *metronome '
+then
+    echo 'metronome is not installed, skipping'
+    exit 0
+fi
+
 do_pre_regen() {
     pending_dir=$1
 
diff --git a/data/hooks/conf_regen/34-mysql b/data/hooks/conf_regen/34-mysql
index 27c956ced..85fa39e2d 100755
--- a/data/hooks/conf_regen/34-mysql
+++ b/data/hooks/conf_regen/34-mysql
@@ -3,6 +3,12 @@
 set -e
 . /usr/share/yunohost/helpers
 
+if ! dpkg --list | grep -q 'ii *mariadb-server '
+then
+    echo 'mysql/mariadb is not installed, skipping'
+    exit 0
+fi
+
 do_pre_regen() {
     pending_dir=$1
 
diff --git a/data/hooks/conf_regen/35-postgresql b/data/hooks/conf_regen/35-postgresql
new file mode 100755
index 000000000..0da0767cc
--- /dev/null
+++ b/data/hooks/conf_regen/35-postgresql
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+set -e
+. /usr/share/yunohost/helpers
+
+if ! dpkg --list | grep -q "ii *postgresql-$PSQL_VERSION "
+then
+    echo 'postgresql is not installed, skipping'
+    exit 0
+fi
+
+if [ ! -e "/etc/postgresql/$PSQL_VERSION" ]
+then
+    ynh_die --message="It looks like postgresql was not properly configured ? /etc/postgresql/$PSQL_VERSION is missing ... Could be due to a locale issue, c.f.https://serverfault.com/questions/426989/postgresql-etc-postgresql-doesnt-exist"
+fi
+
+
+do_pre_regen() {
+    return 0
+}
+
+do_post_regen() {
+    regen_conf_files=$1
+  
+    # Make sure postgresql is started and enabled
+    # (N.B. : to check the active state, we check the cluster state because
+    # postgresql could be flagged as active even though the cluster is in
+    # failed state because of how the service is configured..)
+    systemctl is-active postgresql@$PSQL_VERSION-main -q || ynh_systemd_action --service_name=postgresql --action=restart
+    systemctl is-enabled postgresql -q || systemctl enable postgresql --quiet
+  
+    # If this is the very first time, we define the root password
+    # and configure a few things
+    if [ ! -f "$PSQL_ROOT_PWD_FILE" ] || [ -z "$(cat $PSQL_ROOT_PWD_FILE)" ]; then
+        ynh_string_random >$PSQL_ROOT_PWD_FILE
+    fi
+    
+    sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$(cat $PSQL_ROOT_PWD_FILE)'" postgres
+  
+    # force all user to connect to local databases using hashed passwords
+    # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
+    # Note: we can't use peer since YunoHost create users with nologin
+    #  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
+    local pg_hba=/etc/postgresql/$PSQL_VERSION/main/pg_hba.conf
+    ynh_replace_string --match_string="local\(\s*\)all\(\s*\)all\(\s*\)peer" --replace_string="local\1all\2all\3md5" --target_file="$pg_hba"
+
+    ynh_systemd_action --service_name=postgresql --action=reload
+}
+
+FORCE=${2:-0}
+DRY_RUN=${3:-0}
+
+case "$1" in
+  pre)
+    do_pre_regen $4
+    ;;
+  post)
+    do_post_regen $4
+    ;;
+  *)
+    echo "hook called with unknown argument \`$1'" >&2
+    exit 1
+    ;;
+esac
+
+exit 0
diff --git a/data/hooks/conf_regen/35-redis b/data/hooks/conf_regen/36-redis
similarity index 100%
rename from data/hooks/conf_regen/35-redis
rename to data/hooks/conf_regen/36-redis
diff --git a/data/templates/yunohost/services.yml b/data/templates/yunohost/services.yml
index 3863599bd..ed92ac47c 100644
--- a/data/templates/yunohost/services.yml
+++ b/data/templates/yunohost/services.yml
@@ -12,24 +12,31 @@ metronome:
   log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
   needs_exposed_ports: [5222, 5269]
   category: xmpp
+  ignore_if_package_is_not_installed: metronome
 mysql:
   log: [/var/log/mysql.log,/var/log/mysql.err,/var/log/mysql/error.log]
   actual_systemd_service: mariadb
   category: database
+  ignore_if_package_is_not_installed: mariadb-server
 nginx:
   log: /var/log/nginx
   test_conf: nginx -t
   needs_exposed_ports: [80, 443]
   category: web
-php7.4-fpm:
-  log: /var/log/php7.4-fpm.log
-  test_conf: php-fpm7.4 --test
-  category: web
+# Yunohost will dynamically add installed php-fpm services (7.3, 7.4, 8.0, ...) in services.py
+#php7.4-fpm:
+#  log: /var/log/php7.4-fpm.log
+#  test_conf: php-fpm7.4 --test
+#  category: web
 postfix:
   log: [/var/log/mail.log,/var/log/mail.err]
   actual_systemd_service: postfix@-
   needs_exposed_ports: [25, 587]
   category: email
+postgresql:
+  actual_systemd_service: 'postgresql@13-main'
+  category: database
+  ignore_if_package_is_not_installed: postgresql-13
 redis-server:
   log: /var/log/redis/redis-server.log
   category: database
diff --git a/debian/control b/debian/control
index 17eb56f55..31204a180 100644
--- a/debian/control
+++ b/debian/control
@@ -18,8 +18,6 @@ Depends: ${python3:Depends}, ${misc:Depends}
  , python-is-python3
  , nginx, nginx-extras (>=1.18)
  , apt, apt-transport-https, apt-utils, dirmngr
- , php7.4-common, php7.4-fpm, php7.4-ldap, php7.4-intl
- , mariadb-server, php7.4-mysql
  , openssh-server, iptables, fail2ban, dnsutils, bind9utils
  , openssl, ca-certificates, netcat-openbsd, iproute2
  , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd, libpam-ldapd
@@ -34,6 +32,8 @@ Depends: ${python3:Depends}, ${misc:Depends}
 Recommends: yunohost-admin
  , ntp, inetutils-ping | iputils-ping
  , bash-completion, rsyslog
+ , php7.4-common, php7.4-fpm, php7.4-ldap, php7.4-intl
+ , mariadb-server, php7.4-mysql
  , php7.4-gd, php7.4-curl, php-php-gettext
  , python3-pip
  , unattended-upgrades
diff --git a/locales/en.json b/locales/en.json
index 7a8d9d08f..20667d076 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -614,8 +614,8 @@
     "service_description_fail2ban": "Protects against brute-force and other kinds of attacks from the Internet",
     "service_description_metronome": "Manage XMPP instant messaging accounts",
     "service_description_mysql": "Stores app data (SQL database)",
+    "service_description_postgresql": "Stores app data (SQL database)",
     "service_description_nginx": "Serves or provides access to all the websites hosted on your server",
-    "service_description_php7.4-fpm": "Runs apps written in PHP with NGINX",
     "service_description_postfix": "Used to send and receive e-mails",
     "service_description_redis-server": "A specialized database used for rapid data access, task queue, and communication between programs",
     "service_description_rspamd": "Filters spam, and other e-mail related features",
diff --git a/src/yunohost/service.py b/src/yunohost/service.py
index 73534e2e3..b32ddc2fb 100644
--- a/src/yunohost/service.py
+++ b/src/yunohost/service.py
@@ -110,7 +110,7 @@ def service_add(
         # Try to get the description from systemd service
         _, systemd_info = _get_service_information_from_systemd(name)
         type_ = systemd_info.get("Type") if systemd_info is not None else ""
-        if type_ == "oneshot" and name != "postgresql":
+        if type_ == "oneshot":
             logger.warning(
                 "/!\\ Packagers! Please provide a --test_status when adding oneshot-type services in Yunohost, such that it has a reliable way to check if the service is running or not."
             )
@@ -699,13 +699,20 @@ def _get_services():
         if "log" not in services["ynh-vpnclient"]:
             services["ynh-vpnclient"]["log"] = ["/var/log/ynh-vpnclient.log"]
 
-    # Stupid hack for postgresql which ain't an official service ... Can't
-    # really inject that info otherwise. Real service we want to check for
-    # status and log is in fact postgresql@x.y-main (x.y being the version)
-    if "postgresql" in services:
-        if "description" in services["postgresql"]:
-            del services["postgresql"]["description"]
-        services["postgresql"]["actual_systemd_service"] = "postgresql@13-main"
+    services_with_package_condition = [name for name, infos in services.items() if infos.get("ignore_if_package_is_not_installed")]
+    for name in services_with_package_condition:
+        package = services[name]["ignore_if_package_is_not_installed"]
+        if os.system(f"dpkg --list | grep -q 'ii *{package}'") != 0:
+            del services[name]
+
+    php_fpm_versions = check_output(r"dpkg --list | grep -P 'ii  php\d.\d-fpm' | awk '{print $2}' | grep -o -P '\d.\d'")
+    php_fpm_versions = [v for v in php_fpm_versions.split('\n') if v.strip()]
+    for version in php_fpm_versions:
+        services[f"php{version}-fpm"] = {
+            "log": f"/var/log/php{version}-fpm.log",
+            "test_conf": f"php-fpm{version} --test",  # ofc the service is phpx.y-fpm but the program is php-fpmx.y because why not ...
+            "category": "web"
+        }
 
     # Remove legacy /var/log/daemon.log and /var/log/syslog from log entries
     # because they are too general. Instead, now the journalctl log is
@@ -825,11 +832,7 @@ def _get_journalctl_logs(service, number="all"):
     services = _get_services()
     systemd_service = services.get(service, {}).get("actual_systemd_service", service)
     try:
-        return check_output(
-            "journalctl --no-hostname --no-pager -u {0} -n{1}".format(
-                systemd_service, number
-            )
-        )
+        return check_output(f"journalctl --no-hostname --no-pager -u {systemd_service} -n{number}")
     except Exception:
         import traceback