diff --git a/seed/postgresql-client/templates/postgresqlclient.service b/seed/postgresql-client/templates/postgresqlclient.service
index 0dc6a15..7addde1 100644
--- a/seed/postgresql-client/templates/postgresqlclient.service
+++ b/seed/postgresql-client/templates/postgresqlclient.service
@@ -5,5 +5,5 @@ Before=network.target
 [Service]
 Type=oneshot
 Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
-ExecStart=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
+ExecStart=/usr/bin/timeout 300 bash -c 'while ! 3<> /dev/tcp/%%pg_client_server_domainname/5432; do sleep 1; done; echo "POSTGRESQL STARTED"'
 ExecStart=/usr/bin/timeout 90 bash -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "\l"; do sleep 1; done; echo "POSTGRESQL READY"'
diff --git a/seed/postgresql/applicationservice.yml b/seed/postgresql/applicationservice.yml
index d205722..e445853 100644
--- a/seed/postgresql/applicationservice.yml
+++ b/seed/postgresql/applicationservice.yml
@@ -2,5 +2,5 @@ format: '0.1'
 description: Postgresql
 depends:
   - server
-  - base-fedora-35
+  - base-fedora-36
 provider: Postgresql
diff --git a/seed/postgresql/dictionaries/22_postgresql.xml b/seed/postgresql/dictionaries/22_postgresql.xml
index 40e9bf8..2fa2ef7 100644
--- a/seed/postgresql/dictionaries/22_postgresql.xml
+++ b/seed/postgresql/dictionaries/22_postgresql.xml
@@ -2,7 +2,7 @@
 <rougail version="0.10">
   <services>
     <service name="postgresql" target="multi-user">
-      <override engine="none"/>
+      <override/>
       <ip ip_type='variable'>accounts.remote_.remote_ip_</ip>
       <file>/etc/postgresql/postgresql.conf</file>
       <file>/etc/postgresql/pg_hba.conf</file>
@@ -10,6 +10,7 @@
       <file engine="none">/etc/postgresql/pg_ident.conf</file>
       <file engine="none" mode="755">/bin/postgresql_init</file>
       <file engine="none" source="sysuser-postgresql.conf">/sysusers.d/0postgresql.conf</file>
+      <file engine="none" source="tmpfiles.postgresql.conf">/tmpfiles.d/0postgresql.conf</file>
       <file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
       <file>/etc/pki/tls/certs/postgresql.crt</file>
       <file owner="root" group="postgres" mode="440">/etc/pki/tls/private/postgresql.key</file>
diff --git a/seed/postgresql/manual/image/preinstall/postgresql_server.sh b/seed/postgresql/manual/image/preinstall/postgresql_server.sh
index 4bdeb8e..3f65348 100644
--- a/seed/postgresql/manual/image/preinstall/postgresql_server.sh
+++ b/seed/postgresql/manual/image/preinstall/postgresql_server.sh
@@ -1 +1,3 @@
 PKG="$PKG postgresql-server postgresql-contrib"
+# for postgresql-setup
+PKG="$PKG util-linux postgresql-upgrade"
diff --git a/seed/postgresql/templates/postgresql.conf b/seed/postgresql/templates/postgresql.conf
index 8849422..44df34c 100644
--- a/seed/postgresql/templates/postgresql.conf
+++ b/seed/postgresql/templates/postgresql.conf
@@ -47,9 +47,6 @@ directiveStartToken = §
 
 #data_directory = 'ConfigDir'		# use data in another directory
 					# (change requires restart)
-#>GNUNUX
-data_directory = '/srv/postgresql'
-#<GNUNUX
 #hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
 					# (change requires restart)
 #>GNUNUX
@@ -116,7 +113,7 @@ unix_socket_directories = '/var/run/postgresql'
 #>GNUNUX
 authentication_timeout = §§{pg_authentication_timeout}s
 #<GNUNUX
-#password_encryption = md5		# md5 or scram-sha-256
+#password_encryption = scram-sha-256	# scram-sha-256 or md5
 #db_user_namespace = off
 
 # GSSAPI using Kerberos
@@ -129,6 +126,7 @@ authentication_timeout = §§{pg_authentication_timeout}s
 #ssl_ca_file = ''
 #ssl_cert_file = 'server.crt'
 #ssl_crl_file = ''
+##ssl_crl_dir = ''
 #ssl_key_file = 'server.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
@@ -156,6 +154,8 @@ shared_buffers = 128MB			# min 128kB
 shared_buffers = §§{pg_shared_buffers}§§pg_shared_buffers_unit
 #huge_pages = try			# on, off, or try
 					# (change requires restart)
+#huge_page_size = 0			# zero for system default
+					# (change requires restart)
 #temp_buffers = 8MB			# min 800kB
 #max_prepared_transactions = 0		# zero disables the feature
 					# (change requires restart)
@@ -184,6 +184,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 					#   windows
 					#   mmap
 					# (change requires restart)
+#min_dynamic_shared_memory = 0MB	# (change requires restart)
 
 # - Disk -
 
@@ -199,7 +200,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
 
 #vacuum_cost_delay = 0			# 0-100 milliseconds (0 disables)
 #vacuum_cost_page_hit = 1		# 0-10000 credits
-#vacuum_cost_page_miss = 10		# 0-10000 credits
+#vacuum_cost_page_miss = 2		# 0-10000 credits
 #vacuum_cost_page_dirty = 20		# 0-10000 credits
 #vacuum_cost_limit = 200		# 1-10000 credits
 
@@ -212,17 +213,17 @@ dynamic_shared_memory_type = posix	# the default is the first option
 
 # - Asynchronous Behavior -
 
+#backend_flush_after = 0		# measured in pages, 0 disables
 #effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
 #maintenance_io_concurrency = 10	# 1-1000; 0 disables prefetching
 #max_worker_processes = 8		# (change requires restart)
-#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers
 #max_parallel_workers_per_gather = 2	# taken from max_parallel_workers
+#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers
 #parallel_leader_participation = on
 #max_parallel_workers = 8		# maximum number of max_worker_processes that
 					# can be used in parallel operations
 #old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
 					# (change requires restart)
-#backend_flush_after = 0		# measured in pages, 0 disables
 
 
 #------------------------------------------------------------------------------
@@ -246,13 +247,15 @@ dynamic_shared_memory_type = posix	# the default is the first option
 					#   fsync_writethrough
 					#   open_sync
 #full_page_writes = on			# recover from partial page writes
-#wal_compression = off			# enable compression of full-page writes
 #wal_log_hints = off			# also do full page writes of non-critical updates
 					# (change requires restart)
+#wal_compression = off			# enable compression of full-page writes
 #wal_init_zero = on			# zero-fill new WAL files
 #wal_recycle = on			# recycle WAL files
 #wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
+#>GNUNUX
 wal_buffers = §§pg_wal_buffers
+#<GNUNUX
 					# (change requires restart)
 #wal_writer_delay = 200ms		# 1-10000 milliseconds
 #wal_writer_flush_after = 1MB		# measured in pages, 0 disables
@@ -264,14 +267,14 @@ wal_buffers = §§pg_wal_buffers
 # - Checkpoints -
 
 #checkpoint_timeout = 5min		# range 30s-1d
+#checkpoint_completion_target = 0.9	# checkpoint target duration, 0.0 - 1.0
+#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
+#checkpoint_warning = 30s		# 0 disables
 #>GNUNUX
 #max_wal_size = 1GB
 max_wal_size = §§{pg_max_wal_size}§§pg_max_wal_size_unit
 #<GNUNUX
 min_wal_size = 80MB
-#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
-#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
-#checkpoint_warning = 30s		# 0 disables
 
 # - Archiving -
 
@@ -292,7 +295,6 @@ min_wal_size = 80MB
 				# placeholders: %p = path of file to restore
 				#               %f = file name only
 				# e.g. 'cp /mnt/server/archivedir/%f %p'
-				# (change requires restart)
 #archive_cleanup_command = ''	# command to execute at every restartpoint
 #recovery_end_command = ''	# command to execute at completion of recovery
 
@@ -327,20 +329,19 @@ min_wal_size = 80MB
 
 # - Sending Servers -
 
-# Set these on the master and on any standby that will send replication data.
+# Set these on the primary and on any standby that will send replication data.
 
 #max_wal_senders = 10		# max number of walsender processes
 				# (change requires restart)
+#max_replication_slots = 10	# max number of replication slots
+				# (change requires restart)
 #wal_keep_size = 0		# in megabytes; 0 disables
 #max_slot_wal_keep_size = -1	# in megabytes; -1 disables
 #wal_sender_timeout = 60s	# in milliseconds; 0 disables
-
-#max_replication_slots = 10	# max number of replication slots
-				# (change requires restart)
 #track_commit_timestamp = off	# collect timestamp of transaction commit
 				# (change requires restart)
 
-# - Master Server -
+# - Primary Server -
 
 # These settings are ignored on a standby server.
 
@@ -352,7 +353,7 @@ min_wal_size = 80MB
 
 # - Standby Servers -
 
-# These settings are ignored on a master server.
+# These settings are ignored on a primary server.
 
 #primary_conninfo = ''			# connection string to sending server
 #primary_slot_name = ''			# replication slot on sending server
@@ -372,7 +373,7 @@ min_wal_size = 80MB
 #hot_standby_feedback = off		# send info from standby to prevent
 					# query conflicts
 #wal_receiver_timeout = 60s		# time that receiver waits for
-					# communication from master
+					# communication from primary
 					# in milliseconds; 0 disables
 #wal_retrieve_retry_interval = 5s	# time to wait before retrying to
 					# retrieve WAL after a failed attempt
@@ -393,23 +394,26 @@ min_wal_size = 80MB
 
 # - Planner Method Configuration -
 
+#enable_async_append = on
 #enable_bitmapscan = on
+#enable_gathermerge = on
 #enable_hashagg = on
 #enable_hashjoin = on
+#enable_incremental_sort = on
 #enable_indexscan = on
 #enable_indexonlyscan = on
 #enable_material = on
+#enable_memoize = on
 #enable_mergejoin = on
 #enable_nestloop = on
 #enable_parallel_append = on
-#enable_seqscan = on
-#enable_sort = on
-#enable_incremental_sort = on
-#enable_tidscan = on
-#enable_partitionwise_join = off
-#enable_partitionwise_aggregate = off
 #enable_parallel_hash = on
 #enable_partition_pruning = on
+#enable_partitionwise_join = off
+#enable_partitionwise_aggregate = off
+#enable_seqscan = on
+#enable_sort = on
+#enable_tidscan = on
 
 # - Planner Cost Constants -
 
@@ -420,6 +424,12 @@ min_wal_size = 80MB
 #cpu_operator_cost = 0.0025		# same scale as above
 #parallel_tuple_cost = 0.1		# same scale as above
 #parallel_setup_cost = 1000.0	# same scale as above
+#min_parallel_table_scan_size = 8MB
+#min_parallel_index_scan_size = 512kB
+#effective_cache_size = 4GB
+#>GNUNUX
+effective_cache_size = §§{pg_effective_cache_size}§§pg_effective_cache_size_unit
+#<GNUNUX
 
 #jit_above_cost = 100000		# perform JIT compilation if available
 					# and query more expensive than this;
@@ -430,10 +440,6 @@ min_wal_size = 80MB
 					# query is more expensive than this;
 					# -1 disables
 
-#min_parallel_table_scan_size = 8MB
-#min_parallel_index_scan_size = 512kB
-#effective_cache_size = 4GB
-effective_cache_size = §§{pg_effective_cache_size}§§pg_effective_cache_size_unit
 
 # - Genetic Query Optimizer -
 
@@ -451,10 +457,9 @@ effective_cache_size = §§{pg_effective_cache_size}§§pg_effective_cache_size_
 #constraint_exclusion = partition	# on, off, or partition
 #cursor_tuple_fraction = 0.1		# range 0.0-1.0
 #from_collapse_limit = 8
+#jit = on				# allow JIT compilation
 #join_collapse_limit = 8		# 1 disables collapsing of explicit
 					# JOIN clauses
-#force_parallel_mode = off
-#jit = on				# allow JIT compilation
 #plan_cache_mode = auto			# auto, force_generic_plan or
 					# force_custom_plan
 
@@ -465,27 +470,24 @@ effective_cache_size = §§{pg_effective_cache_size}§§pg_effective_cache_size_
 
 # - Where to Log -
 
-#>GNUNUX
 #log_destination = 'stderr'		# Valid values are combinations of
 					# stderr, csvlog, syslog, and eventlog,
 					# depending on platform.  csvlog
 					# requires logging_collector to be on.
-log_destination = 'syslog'
-#<GNUNUX
 # This is used when logging to stderr:
-#logging_collector = off		# Enable capturing of stderr and csvlog
+#GNUNUX: logging_collector = on		# Enable capturing of stderr and csvlog
 					# into log files. Required to be on for
 					# csvlogs.
 					# (change requires restart)
 
 # These are only used if logging_collector is on:
-#log_directory = 'pg_log'		# directory where log files are written,
+#log_directory = 'log'			# directory where log files are written,
 					# can be absolute or relative to PGDATA
-#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
+#GNUNUX: log_filename = 'postgresql-%a.log'	# log file name pattern,
 					# can include strftime() escapes
 #log_file_mode = 0600			# creation mode for log files,
 					# begin with 0 to use octal notation
-#log_truncate_on_rotation = off		# If on, an existing log file with the
+#GNUNUX: log_truncate_on_rotation = on		# If on, an existing log file with the
 					# same name as the new log file will be
 					# truncated rather than appended to.
 					# But such truncation only occurs on
@@ -493,11 +495,14 @@ log_destination = 'syslog'
 					# or size-driven rotation.  Default is
 					# off, meaning append to existing files
 					# in all cases.
-#log_rotation_age = 1d			# Automatic rotation of logfiles will
+#GNUNUX: log_rotation_age = 1d			# Automatic rotation of logfiles will
 					# happen after that time.  0 disables.
-#log_rotation_size = 10MB		# Automatic rotation of logfiles will
+#GNUNUX: log_rotation_size = 0			# Automatic rotation of logfiles will
 					# happen after that much log output.
 					# 0 disables.
+#>GNUNUX
+log_destination = 'syslog'
+#<GNUNUX
 
 # These are relevant when logging to syslog:
 #syslog_facility = 'LOCAL0'
@@ -505,7 +510,7 @@ log_destination = 'syslog'
 #syslog_sequence_numbers = on
 #syslog_split_messages = on
 
-# This is only relevant when logging to eventlog (win32):
+# This is only relevant when logging to eventlog (Windows):
 # (change requires restart)
 #event_source = 'PostgreSQL'
 
@@ -565,6 +570,11 @@ log_destination = 'syslog'
 #debug_print_rewritten = off
 #debug_print_plan = off
 #debug_pretty_print = on
+#log_autovacuum_min_duration = -1	# log autovacuum activity;
+					# -1 disables, 0 logs all actions and
+					# their durations, > 0 logs only
+					# actions running at least this number
+					# of milliseconds.
 #log_checkpoints = off
 #log_connections = off
 #log_disconnections = off
@@ -579,9 +589,11 @@ log_destination = 'syslog'
 					#   %h = remote host
 					#   %b = backend type
 					#   %p = process ID
+					#   %P = process ID of parallel group leader
 					#   %t = timestamp without milliseconds
 					#   %m = timestamp with milliseconds
 					#   %n = timestamp with milliseconds (as a Unix epoch)
+					#   %Q = query ID (0 if none or not computed)
 					#   %i = command tag
 					#   %e = SQL state
 					#   %c = session ID
@@ -594,6 +606,8 @@ log_destination = 'syslog'
 					#   %% = '%'
 					# e.g. '<%u%%%d> '
 #log_lock_waits = off			# log lock waits >= deadlock_timeout
+#log_recovery_conflict_waits = off	# log standby recovery conflict waits
+					# >= deadlock_timeout
 #log_parameter_max_length = -1		# when logging statements, limit logged
 					# bind-parameter values to N bytes;
 					# -1 means print in full, 0 disables
@@ -608,6 +622,7 @@ log_destination = 'syslog'
 #FIXME en dure ?
 log_timezone = 'Europe/Paris'
 
+
 #------------------------------------------------------------------------------
 # PROCESS TITLE
 #------------------------------------------------------------------------------
@@ -624,19 +639,21 @@ log_timezone = 'Europe/Paris'
 # - Query and Index Statistics Collector -
 
 #track_activities = on
+#track_activity_query_size = 1024	# (change requires restart)
 #track_counts = on
 #track_io_timing = off
+#track_wal_io_timing = off
 #track_functions = none			# none, pl, all
-#track_activity_query_size = 1024	# (change requires restart)
 #stats_temp_directory = 'pg_stat_tmp'
 
 
 # - Monitoring -
 
+#compute_query_id = auto
+#log_statement_stats = off
 #log_parser_stats = off
 #log_planner_stats = off
 #log_executor_stats = off
-#log_statement_stats = off
 
 
 #------------------------------------------------------------------------------
@@ -652,10 +669,6 @@ autovacuum = on
 autovacuum = off
 §end if
 #<GNUNUX
-#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
-					# their durations, > 0 logs only
-					# actions running at least this number
-					# of milliseconds.
 #autovacuum_max_workers = 3		# max number of autovacuum subprocesses
 					# (change requires restart)
 #autovacuum_naptime = 1min		# time between autovacuum runs
@@ -701,10 +714,11 @@ autovacuum = off
 					#   error
 #search_path = '"$user", public'	# schema names
 #row_security = on
+#default_table_access_method = 'heap'
 #default_tablespace = ''		# a tablespace name, '' uses the default
+#default_toast_compression = 'pglz'	# 'pglz' or 'lz4'
 #temp_tablespaces = ''			# a list of tablespace names, '' uses
 					# only default tablespace
-#default_table_access_method = 'heap'
 #check_function_bodies = on
 #default_transaction_isolation = 'read committed'
 #default_transaction_read_only = off
@@ -713,17 +727,16 @@ autovacuum = off
 #statement_timeout = 0			# in milliseconds, 0 is disabled
 #lock_timeout = 0			# in milliseconds, 0 is disabled
 #idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
-#vacuum_freeze_min_age = 50000000
+#idle_session_timeout = 0		# in milliseconds, 0 is disabled
 #vacuum_freeze_table_age = 150000000
-#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_freeze_min_age = 50000000
+#vacuum_failsafe_age = 1600000000
 #vacuum_multixact_freeze_table_age = 150000000
-#vacuum_cleanup_index_scale_factor = 0.1	# fraction of total number of tuples
-						# before index cleanup, 0 always performs
-						# index cleanup
+#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_multixact_failsafe_age = 1600000000
 #bytea_output = 'hex'			# hex, escape
 #xmlbinary = 'base64'
 #xmloption = 'content'
-#gin_fuzzy_search_limit = 0
 #gin_pending_list_limit = 4MB
 
 # - Locale and Formatting -
@@ -757,14 +770,15 @@ default_text_search_config = 'pg_catalog.french'
 
 # - Shared Library Preloading -
 
-#shared_preload_libraries = ''	# (change requires restart)
 #local_preload_libraries = ''
 #session_preload_libraries = ''
+#shared_preload_libraries = ''	# (change requires restart)
 #jit_provider = 'llvmjit'		# JIT library to use
 
 # - Other Defaults -
 
 #dynamic_library_path = '$libdir'
+#gin_fuzzy_search_limit = 0
 
 
 #------------------------------------------------------------------------------
@@ -792,7 +806,6 @@ default_text_search_config = 'pg_catalog.french'
 #backslash_quote = safe_encoding	# on, off, or safe_encoding
 #escape_string_warning = on
 #lo_compat_privileges = off
-#operator_precedence_warning = off
 #quote_all_identifiers = off
 #standard_conforming_strings = on
 #synchronize_seqscans = on
@@ -811,6 +824,7 @@ default_text_search_config = 'pg_catalog.french'
 #data_sync_retry = off			# retry or panic on failure to fsync
 					# data?
 					# (change requires restart)
+#recovery_init_sync_method = fsync	# fsync, syncfs (Linux 5.8+)
 
 
 #------------------------------------------------------------------------------
diff --git a/seed/postgresql/templates/postgresql.service b/seed/postgresql/templates/postgresql.service
index 2e4e745..a65b4c5 100644
--- a/seed/postgresql/templates/postgresql.service
+++ b/seed/postgresql/templates/postgresql.service
@@ -1,11 +1,38 @@
 [Service]
-ExecStartPre=
-ExecStartPre=+/usr/local/lib/bin/postgresql_init
-ExecStartPre=/usr/libexec/postgresql-check-db-dir %N
-Environment=PGDATA=/srv/postgresql
+Environment=PGDATA=/srv/postgresql/postgresql
 Environment=PG_CONF=/etc/postgresql/postgresql.conf
 Environment=PG_HBA=/etc/postgresql/pg_hba.conf
 Environment=PG_IDENT=/etc/postgresql/pg_ident.conf
+Environment=LC_ALL=fr_FR.UTF-8
+ExecStartPre=
+ExecStartPre=+/usr/local/lib/bin/postgresql_init
+# if upgrade needed, do it
+ExecStartPre=/bin/bash -c '%slurp
+/usr/libexec/postgresql-check-db-dir %N || (%slurp
+ echo "UPGRADE" &&%slurp
+# directory creation must have 700 rights
+ umask 0077 &&%slurp
+# pg_upgrade do not like ssl activation
+ /bin/grep -v "ssl " ${PG_CONF} > /tmp/postgresql.conf &&%slurp
+ mv -f /tmp/postgresql.conf ${PGDATA}/postgresql.conf &&%slurp
+# pg_upgrade modify pg_hba.conf so copy it
+ /bin/rm ${PGDATA}/pg_hba.conf &&%slurp
+ /bin/cp -af ${PG_HBA} ${PGDATA} &&%slurp
+# do upgrade
+ /usr/bin/postgresql-setup --upgrade &&%slurp
+# re do link
+ ln -sf ${PG_HBA} ${PGDATA}/ &&%slurp
+ ln -sf ${PG_CONF} ${PGDATA}/ &&%slurp
+# remove old cluster
+ /srv/postgresql/postgresql/delete_old_cluster.sh &&%slurp
+ rm -f /srv/postgresql/postgresql/delete_old_cluster.sh &&%slurp
+# force index (see later)
+ touch /srv/postgresql/risotto_upgrade.lock%slurp
+)'
+# recheck db
+ExecStartPre=/usr/libexec/postgresql-check-db-dir %N
 ExecStart=
 ExecStart=/usr/bin/postmaster -D ${PGDATA} -c config_file=${PG_CONF} -c hba_file=${PG_HBA} -c ident_file=${PG_IDENT}
 ExecStartPost=-/usr/bin/psql -f /etc/postgresql/postgresql.sql
+# if lock do reindex
+ExecStartPost=/bin/bash -c 'if [ -f /srv/postgresql/risotto_upgrade.lock ];then echo REINDEX; /usr/bin/reindexdb && rm -f /srv/postgresql/risotto_upgrade.lock; fi'
diff --git a/seed/postgresql/templates/postgresql_init b/seed/postgresql/templates/postgresql_init
index fc84c6c..fda9a32 100644
--- a/seed/postgresql/templates/postgresql_init
+++ b/seed/postgresql/templates/postgresql_init
@@ -1,14 +1,22 @@
 #!/bin/bash -e
 
-[ -d "/srv/postgresql" ] && exit 0 || true
-
-/bin/mkdir /srv/postgresql
-/bin/chown postgres: /srv/postgresql
-mkdir /var/lib/pgsql
-/bin/chown postgres: /var/lib/pgsql
-/usr/bin/postgresql-setup --initdb
-/bin/rm /srv/postgresql/postgresql.conf
-/bin/rm /srv/postgresql/pg_hba.conf  
-/bin/rm /srv/postgresql/pg_ident.conf
-
+if [ ! -d "/srv/postgresql" ]; then
+    /bin/mkdir -p /srv/postgresql/postgresql
+    /bin/chown -R postgres: /srv/postgresql
+    /usr/bin/postgresql-setup --initdb
+    #/bin/rm /srv/postgresql/postgresql.conf
+    #/bin/rm /srv/postgresql/pg_hba.conf  
+    #/bin/rm /srv/postgresql/pg_ident.conf
+elif [ ! -d "/srv/postgresql/postgresql" ]; then
+    # migrate /srv/postgresql to /srv/postgresql/postgresql
+    # needed for upgrade...
+    mkdir /srv/postgresql/postgresql
+    mv /srv/postgresql/* /srv/postgresql/postgresql || true
+    chown postgres: /srv/postgresql/postgresql
+    chmod 700 /srv/postgresql/postgresql
+fi
+# for postgresql-setup...
+/bin/ln -sf /etc/postgresql/postgresql.conf /srv/postgresql/postgresql/postgresql.conf
+/bin/ln -sf /etc/postgresql/pg_hba.conf /srv/postgresql/postgresql/pg_hba.conf  
+/bin/ln -sf /etc/postgresql/pg_ident.conf /srv/postgresql/postgresql/pg_ident.conf
 exit 0
diff --git a/seed/postgresql/templates/sysuser-postgresql.conf b/seed/postgresql/templates/sysuser-postgresql.conf
index d07f84f..4458876 100644
--- a/seed/postgresql/templates/sysuser-postgresql.conf
+++ b/seed/postgresql/templates/sysuser-postgresql.conf
@@ -1,3 +1,3 @@
 g postgres 26 -
-u postgres 26:26     "PostgreSQL Server" /srv/postgresql  /bin/bash
+u postgres 26:26     "PostgreSQL Server" /srv/postgresql/postgresql  /bin/bash
 
diff --git a/seed/postgresql/templates/tmpfiles.postgresql.conf b/seed/postgresql/templates/tmpfiles.postgresql.conf
new file mode 100644
index 0000000..29b3c42
--- /dev/null
+++ b/seed/postgresql/templates/tmpfiles.postgresql.conf
@@ -0,0 +1,2 @@
+# for postgresql-setup only...
+d /var/lib/pgsql/ 0750 postgres postgres -
diff --git a/seed/reverse-proxy-client/tests/revprox.py b/seed/reverse-proxy-client/tests/revprox.py
index 9b85bf5..bb9ab17 100644
--- a/seed/reverse-proxy-client/tests/revprox.py
+++ b/seed/reverse-proxy-client/tests/revprox.py
@@ -34,7 +34,7 @@ class Authentication:
         code = ret.status_code
         content = ret.content
         assert code == 200
-        assert b'<title trspan="authPortal">Authentication portal</title>' in content
+        assert b'<title trspan="authPortal">Authentication portal</title>' in content, f'cannot find LemonLdap title: {content}'
 
     def auth_lemonldap(self,
                        req,