diff --git a/provisioning/roles/deploy_all/files/bin/deploy_as b/provisioning/roles/deploy_all/files/bin/deploy_as
new file mode 100755
index 0000000..a956e21
Binary files /dev/null and b/provisioning/roles/deploy_all/files/bin/deploy_as differ
diff --git a/provisioning/roles/deploy_all/files/bin/deploy_service.sh b/provisioning/roles/deploy_all/files/bin/deploy_service.sh
index 8beccc7..c7c7791 100755
--- a/provisioning/roles/deploy_all/files/bin/deploy_service.sh
+++ b/provisioning/roles/deploy_all/files/bin/deploy_service.sh
@@ -2,7 +2,6 @@
 . driglibash-base
 . /etc/jeancloud.env
 
-set -euo pipefail
 
 [ ! -f /data/mounted ] && die "/data is not mounted"
 
@@ -30,6 +29,7 @@ if [ ! -d "$new_nginx_conf_path" ] ; then
 	die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first"
 fi
 
+IFS=';' read uid username _ server < <(grep ";$service;" /docker/services.csv)
 
 docker_service="$(echo "$service" | tr '.' '_')"
 driglibash_section_prefix="[$service] "
@@ -47,9 +47,9 @@ cd "/docker/$service"
 ###############################################################################
 
 if "$deploy" ; then
-	mkdir -p "$DATA_DIR" "$HTTP_DIR"
+	run mkdir -p "$DATA_DIR" "$HTTP_DIR"
 	# Try running podman as non-root first…
-	chown www-data:www-data -R "$HTTP_DIR"
+	run chown $uid:www-data -R "$HTTP_DIR"
 else
     [ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
 fi
@@ -59,11 +59,19 @@ fi
 #							Run scripts
 ###############################################################################
 
+# Did deploy failed
+returncode=0
 if "$deploy" ; then
-	[ -x deploy.sh ] && ./deploy.sh
-	[ -x deploy_http.sh ] && sudo -u www-data bash -c "set -a ; . '$DOCKER_DIR/.env' ; set +a ; . ./deploy_http.sh"
+	if [ -x deploy.sh ] ; then
+		run ./deploy.sh
+		[ "$?" -ne 0 ] && echo "Erreur deploy.sh" && returncode=1
+	fi
+	if [ -x deploy_user.sh ] ; then
+		deploy_as "$service"
+		[ "$?" -ne 0 ] && echo "Erreur deploy_user.sh" && returncode=1
+	fi
 else
-	[ -x undeploy.sh ] && . undeploy.sh
+	[ -x undeploy.sh ] && run ./undeploy.sh
 fi
 
 
@@ -78,13 +86,17 @@ if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep  '^[^#]*services
     	# XXX Login to docker registry
 
     	section "Pulling images"
-    	run docker-compose pull
+    	docker-compose pull
+		if [ "$?" -ne 0 ] ; then
+			echo "PULL FAILED"
+		fi
 
     	section "Starting service"
     	run docker-compose up -d --remove-orphans
+		[ "$?" -ne 0 ] && echo "Erreur docker compose" && returncode=1
 	else
 		section "Removing containers"
-    	docker-compose down --rmi all --remove-orphans
+    	run docker-compose down --rmi all --remove-orphans
 	fi
 fi
 
@@ -111,11 +123,12 @@ for file in $( find "/docker/$service" -name "wg-*.sh") ; do
         wgif="${wgif:3:-3}"
         "$file" $wgif > "/etc/wireguard/$wgif.conf"
 		if "$deploy" ; then
-        	systemctl enable "wg-quick@$wgif"
-        	startwg.sh "$wgif"
+        	run systemctl enable "wg-quick@$wgif"
+        	run startwg.sh "$wgif"
+			[ "$?" -ne 0 ] && echo "Erreur wireguard" && returncode=1
 		else
 			if [ -z "$(ip a | grep "$wgif")" ] ; then
-				wg-quick down "$wgif"
+				run wg-quick down "$wgif"
 			fi
 		fi
     fi
@@ -138,9 +151,10 @@ fi
 
 section "Testing nginx conf"
 run nginx -t -c /etc/nginx/new_nginx.conf
+[ "$?" -ne 0 ] && echo "Erreur nginx" && returncode=1
 
 if [ "$noreload" == false ] ; then
-	restart_nginx.sh
+	run restart_nginx.sh
 fi
 
 section "Cleaning"
@@ -151,4 +165,5 @@ if [ -z "$(ls -A "$HTTP_DIR")" ] ; then
 	run rmdir "$HTTP_DIR"
 fi
 
-
+clean
+exit "$returncode"
diff --git a/provisioning/roles/deploy_all/files/bin/deploy_user.sh b/provisioning/roles/deploy_all/files/bin/deploy_user.sh
new file mode 100755
index 0000000..1be510c
--- /dev/null
+++ b/provisioning/roles/deploy_all/files/bin/deploy_user.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -euo pipefail
+
+if [ "$#" -ne 1 ] || [ -z "$1" ] ; then
+	echo "Usage: $0 <service_name>"
+	exit 1
+fi
+
+service="$1"
+
+user_file="/docker/$service/deploy_user.sh"
+env_file="/docker/$service/.env"
+
+if [ ! -f "$user_file" ] ; then
+	echo "No such file: $user_file"
+	exit 1
+fi
+
+if [ -f "$env_file" ] ; then
+	set -a
+	source "$env_file"
+	set +a
+fi
+
+"$user_file"
diff --git a/provisioning/roles/deploy_all/files/bin/deployall.sh b/provisioning/roles/deploy_all/files/bin/deployall.sh
index b91b394..4a06b17 100755
--- a/provisioning/roles/deploy_all/files/bin/deployall.sh
+++ b/provisioning/roles/deploy_all/files/bin/deployall.sh
@@ -2,7 +2,7 @@
 
 driglibash_run_retry=true
 . driglibash-base
-set -euo pipefail
+set -u
 
 # Already done at upload time ?	
 #run gen_env.sh
@@ -54,16 +54,15 @@ run mkdir -p "$new_nginx_conf_path"
 #                       Deploy services
 ###############################################################################
 
-if [ -f "/data/unmounted" ] || [ ! -f "/data/mounted" ] ; then
-	die "Error: /data is not mounted."
-fi
-
 section "Start docker"
 run systemctl start docker docker.socket
 
 section "Deploy mandatory services"
 deploy_service.sh deployer.jean-cloud.org noreload
 
+# List of failed services
+failed=""
+
 while read line ; do
 	read -r service target <<<$(echo "$line")
 
@@ -79,9 +78,17 @@ while read line ; do
 	
 	echo "Deploying"
     deploy_service.sh "$service" "noreload"
+	if [ "$?" -ne 0 ] ; then
+		failed="$failed $service"
+	fi
 
-done < /docker/services.txt
+done < <(grep -v '^[[:blank:]]*#' /docker/services.txt)
 
 restart_nginx.sh
 
+if [ -n "$failed" ] ; then
+	echo "FAILED SERVICES"
+	echo "$failed"
+fi
+
 clean
diff --git a/provisioning/roles/deploy_all/files/bin/findcert.sh b/provisioning/roles/deploy_all/files/bin/findcert.sh
index beb5905..9d415f1 100755
--- a/provisioning/roles/deploy_all/files/bin/findcert.sh
+++ b/provisioning/roles/deploy_all/files/bin/findcert.sh
@@ -16,7 +16,7 @@ fi
 
 . /etc/jeancloud.env
 
-# Look in both dns directories
+# Look in both cert directories
 for dir in "$dns_certs_path" "$http_certs_path" ; do
 	name="$(ls "$dir" | grep "^$service\(-[0-9]\{4\}\)\?$")" || true
 	if [ -z "$name" ] ; then
diff --git a/provisioning/roles/deploy_all/files/bin/gen_env.sh b/provisioning/roles/deploy_all/files/bin/gen_env.sh
index f5b48f3..5e2f811 100755
--- a/provisioning/roles/deploy_all/files/bin/gen_env.sh
+++ b/provisioning/roles/deploy_all/files/bin/gen_env.sh
@@ -28,6 +28,7 @@ for dir in /docker/* ; do
 	line_in_file "SECRET_DIR='/data/secrets/$service'" "/docker/$service/.env"
 	line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env"
 	line_in_file "JC_SERVICE='$service'" "/docker/$service/.env"
+	line_in_file "HOME='/docker/$service'" "/docker/$service/.env"
 	cert="$(findcert.sh "$service")" || true
 	if [ -n "$cert" ] ; then
 		line_in_file "JC_CERT='$cert'" "/docker/$service/.env"
diff --git a/provisioning/roles/deploy_all/files/bin/init.sh b/provisioning/roles/deploy_all/files/bin/init.sh
new file mode 100755
index 0000000..1678fe2
--- /dev/null
+++ b/provisioning/roles/deploy_all/files/bin/init.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+while IFS=';' read -r uid username service server
+do
+	home="/data/$service"
+	if [ -z "$(grep "^$username:" /etc/passwd)" ] ; then
+		useradd -m -U -r -d "$home" "$username"
+	fi
+
+	# Do not touch the group, it can be set to something useful
+	chown "$username" "$home"
+	chmod 770 "$home"
+done < <(grep -v '^#' /docker/services.csv)
diff --git a/provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh b/provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh
new file mode 100755
index 0000000..2991894
--- /dev/null
+++ b/provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+. driglibash-base
+
+set -euo pipefail
+
+[ "$#" -ne 1 ] && die "Usage: $0 <dest_directory>"
+dest_dir="$1"
+[ -z "$dest_dir" ] && die "Arg 'dest_directory' should not be empty."
+
+
+# Get content from nextcloud
+webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')"
+webdav_user="$(echo "$NC_SHARE_LINK"  |sed 's#.*/s/##')"
+webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
+
+rclone sync --config=/notfound --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$dest_dir"
+
+# Go to website
+cd "$dest_dir"
+
+# Rename .attachement dirs created by nextcloud
+while read filename ; do    
+    oldname="$(basename "$filename")"    
+    newname="${oldname:1}"    
+    path="$(dirname "$filename")"    
+    # And rename their references in md files  
+    find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \;    
+    mv "$path/$oldname" "$path/$newname"    
+done < <(find -type d -name '.attachments.*')
+
diff --git a/services/services.txt b/services/services.txt
index e6a9d69..9c068f9 100644
--- a/services/services.txt
+++ b/services/services.txt
@@ -1,39 +1,42 @@
+sftp.jean-cloud.net raku.jean-cloud.org
 benevoles31.karnaval.fr max.jean-cloud.org
-feministesucl34.communisteslibertaires.org none
+builder.rimarima.fr raku.jean-cloud.org
 chahut.jean-cloud.net max.jean-cloud.org
+chiloe.eu shlago.jean-cloud.org
+coldcms.chahut.jean-cloud.net raku.jean-cloud.org
 collectif-arthadie.fr vandamme.jean-cloud.org
 compagnienouvelle.fr nougaro.jean-cloud.org
 copaines.jean-cloud.net max.jean-cloud.org
-cousinades.jean-cloud.net max.jean-cloud.org
 deployer.jean-cloud.org shlago.jean-cloud.org
+dnscerts.jean-cloud.org max.jean-cloud.org
 etrevivant.net shlago.jean-cloud.org
-feteducourt2020.jean-cloud.net shlago.jean-cloud.org
+feministesucl34.communisteslibertaires.org none
 feteducourt.jean-cloud.net shlago.jean-cloud.org
+feteducourt2020.jean-cloud.net shlago.jean-cloud.org
 git.jean-cloud.net vandamme.jean-cloud.org
 grapes.chahut.jean-cloud.net max.jean-cloud.org
 gypsylyonfestival.com max.jean-cloud.org
 inurbe.fr shlago.jean-cloud.org
 jean-cloud.net shlago.jean-cloud.org
 leida.fr vandamme.jean-cloud.org
-dnscerts.jean-cloud.org max.jean-cloud.org
 lexicographe.jean-cloud.net shlago.jean-cloud.org
 metamorphosemagazine.fr shlago.jean-cloud.org
+mux.radiodemo.oma-radio.fr raku.jean-cloud.org
 nc-backup.jean-cloud.net raku.jean-cloud.org
-ns1.jean-cloud.org tetede.jean-cloud.org
 ns.jean-cloud.org shlago.jean-cloud.org
+ns1.jean-cloud.org tetede.jean-cloud.org
 nuage.jean-cloud.net vandamme.jean-cloud.org
+oma-radio.fr vandamme.jean-cloud.org
 pa1.studios.oma-radio.fr tetede.jean-cloud.org
 paj.oma-radio.fr nougaro.jean-cloud.org
 quadrille-elsa.jean-cloud.net shlago.jean-cloud.org
-chiloe.eu shlago.jean-cloud.org
-soundbase.radiodemo.oma-radio.fr montbonnot.jean-cloud.org
 radiodemo.oma-radio.fr raku.jean-cloud.org
-mux.radiodemo.oma-radio.fr raku.jean-cloud.org
 radionimaitre.oma-radio.fr tetede.jean-cloud.org
 raplacgr.jean-cloud.net tetede.jean-cloud.org
+rimarima.fr raku.jean-cloud.org
 rpnow.jean-cloud.net vandamme.jean-cloud.org
-sftp.jean-cloud.net raku.jean-cloud.org
+soundbase.radiodemo.oma-radio.fr montbonnot.jean-cloud.org
+static.jean-cloud.net vandamme.jean-cloud.org
 velov.jean-cloud.net shlago.jean-cloud.org
 wiki-cgr.jean-cloud.net vandamme.jean-cloud.org
-static.jean-cloud.net vandamme.jean-cloud.org
-oma-radio.fr vandamme.jean-cloud.org
+radio.karnaval.fr tetede.jean-cloud.org