diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index cf7711c..31700e1 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -53,7 +53,7 @@ repos:
   hooks:
   - id: actionlint
 - repo: https://github.com/scop/pre-commit-shfmt
-  rev: v3.11.0-1
+  rev: v3.12.0-1
   hooks:
   - id: shfmt
 - repo: https://github.com/adamchainz/blacken-docs
diff --git a/bootstrap b/bootstrap
index 7251b57..833ff60 100755
--- a/bootstrap
+++ b/bootstrap
@@ -4,33 +4,33 @@ echo "Weblate domain:"
 read -r domain
 cloud_domain="${domain%.weblate.cloud}"
 if [ "$cloud_domain" = "$domain" ]; then
-    echo "Cloud domain (without .weblate.cloud):"
-    read -r cloud_domain
+	echo "Cloud domain (without .weblate.cloud):"
+	read -r cloud_domain
 fi
 echo "Weblate title:"
 read -r title
 if [ -f ~/.config/weblate-bootstrap/sentry_dsn ]; then
-    sentry=$(cat ~/.config/weblate-bootstrap/sentry_dsn)
+	sentry=$(cat ~/.config/weblate-bootstrap/sentry_dsn)
 else
-    echo "Sentry DSN:"
-    read -r sentry
+	echo "Sentry DSN:"
+	read -r sentry
 fi
 if [ -f ~/.config/weblate-bootstrap/sentry_token ]; then
-    sentry_token=$(cat ~/.config/weblate-bootstrap/sentry_token)
+	sentry_token=$(cat ~/.config/weblate-bootstrap/sentry_token)
 else
-    echo "Sentry Token:"
-    read -r sentry_token
+	echo "Sentry Token:"
+	read -r sentry_token
 fi
 if [ -f ~/.config/weblate-bootstrap/graylog_token ]; then
-    graylog_token=$(cat ~/.config/weblate-bootstrap/graylog_token)
+	graylog_token=$(cat ~/.config/weblate-bootstrap/graylog_token)
 else
-    echo "Graylog Token:"
-    read -r graylog_token
+	echo "Graylog Token:"
+	read -r graylog_token
 fi
 
 smtp_pass=$(openssl rand -hex 32)
 
-cat > "${1:-/etc/weblate-bootstrap}" << EOT
+cat >"${1:-/etc/weblate-bootstrap}" <<EOT
 WEBLATE_DOMAIN="$domain"
 WEBLATE_CLOUD_DOMAIN="$cloud_domain"
 WEBLATE_TITLE="$title"
diff --git a/configure-system b/configure-system
index f6766b4..28f62b9 100755
--- a/configure-system
+++ b/configure-system
@@ -7,7 +7,7 @@ apt update
 apt install -y fail2ban vim
 apt purge -y vim-tiny cryptsetup-initramfs
 
-cat > /etc/fail2ban/jail.d/sshd.conf << EOT
+cat >/etc/fail2ban/jail.d/sshd.conf <<EOT
 [sshd]
 mode   = aggressive
 EOT
diff --git a/create-monitor-user b/create-monitor-user
index 1e54f2c..6239033 100755
--- a/create-monitor-user
+++ b/create-monitor-user
@@ -4,26 +4,26 @@ KEY="$(sed -n '/^env.KEY/ s/^env.KEY \(.*\)/\1/p' /etc/munin/plugin-conf.d/webla
 SERVER="$(sed -n '/^env.SERVER/ s/^env.SERVER \(.*\)/\1/p' /etc/munin/plugin-conf.d/weblate_servers)"
 
 if [ -z "$SERVER" ]; then
-    echo "Missing server configuration!"
-    exit 1
+	echo "Missing server configuration!"
+	exit 1
 fi
 
 if [ -n "$KEY" ]; then
-    if ! curl -f -s -H "Authorization: Token $KEY" "${SERVER}api/metrics/" -o /dev/null; then
-        echo "Key not working, recreating"
-        KEY=""
-    fi
+	if ! curl -f -s -H "Authorization: Token $KEY" "${SERVER}api/metrics/" -o /dev/null; then
+		echo "Key not working, recreating"
+		KEY=""
+	fi
 fi
 
 if [ -z "$KEY" ]; then
 
-    echo "Generating new key"
-    if [ -f "/home/weblate/weblate/docker-compose.override.yml" ]; then
-        cd /home/weblate/weblate || exit 1
-        KEY="$(sudo -u weblate docker compose exec --user weblate weblate weblate shell --no-imports -c 'from weblate.auth.models import User; user = User.objects.get_or_create(username="monitor")[0]; print(user.auth_token.key)')"
-    else
-        KEY="$(sudo -u weblate /home/weblate/weblate-env/bin/weblate shell --no-imports -c 'from weblate.auth.models import User; user = User.objects.get_or_create(username="monitor")[0]; print(user.auth_token.key)')"
-    fi
+	echo "Generating new key"
+	if [ -f "/home/weblate/weblate/docker-compose.override.yml" ]; then
+		cd /home/weblate/weblate || exit 1
+		KEY="$(sudo -u weblate docker compose exec --user weblate weblate weblate shell --no-imports -c 'from weblate.auth.models import User; user = User.objects.get_or_create(username="monitor")[0]; print(user.auth_token.key)')"
+	else
+		KEY="$(sudo -u weblate /home/weblate/weblate-env/bin/weblate shell --no-imports -c 'from weblate.auth.models import User; user = User.objects.get_or_create(username="monitor")[0]; print(user.auth_token.key)')"
+	fi
 
-    sed -i "s/^env.KEY .*/env.KEY $KEY/" /etc/munin/plugin-conf.d/weblate_servers
+	sed -i "s/^env.KEY .*/env.KEY $KEY/" /etc/munin/plugin-conf.d/weblate_servers
 fi
diff --git a/install-docker b/install-docker
index 3fa0a51..6a55b65 100755
--- a/install-docker
+++ b/install-docker
@@ -5,11 +5,11 @@
 apt-get update
 
 apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    apparmor \
-    lsb-release
+	ca-certificates \
+	curl \
+	gnupg \
+	apparmor \
+	lsb-release
 
 # Keyring
 # shellcheck disable=SC2174
@@ -18,14 +18,14 @@ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o
 
 # APT source
 echo \
-    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') \
-  $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
+	"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') \
+  $(lsb_release -cs) stable" >/etc/apt/sources.list.d/docker.list
 
 # Install Docker
 apt-get update
 apt-get install -y \
-    docker-ce \
-    docker-ce-cli \
-    containerd.io \
-    docker-buildx-plugin \
-    docker-compose-plugin
+	docker-ce \
+	docker-ce-cli \
+	containerd.io \
+	docker-buildx-plugin \
+	docker-compose-plugin
diff --git a/install-exim b/install-exim
index 3b71f52..6873428 100755
--- a/install-exim
+++ b/install-exim
@@ -8,12 +8,12 @@ set -e
 apt install -y exim4
 
 sed -i \
-    -e "s#dc_eximconfig_configtype=.*#dc_eximconfig_configtype='satellite'#" \
-    -e "s#dc_local_interfaces=.*#dc_local_interfaces='127.0.0.1'#" \
-    -e "s#dc_readhost=.*#dc_readhost='$WEBLATE_DOMAIN'#" \
-    -e "s#dc_smarthost=.*#dc_smarthost='172.16.0.84'#" \
-    -e "s#dc_hide_mailname=.*#dc_hide_mailname='true'#" \
-    /etc/exim4/update-exim4.conf.conf
+	-e "s#dc_eximconfig_configtype=.*#dc_eximconfig_configtype='satellite'#" \
+	-e "s#dc_local_interfaces=.*#dc_local_interfaces='127.0.0.1'#" \
+	-e "s#dc_readhost=.*#dc_readhost='$WEBLATE_DOMAIN'#" \
+	-e "s#dc_smarthost=.*#dc_smarthost='172.16.0.84'#" \
+	-e "s#dc_hide_mailname=.*#dc_hide_mailname='true'#" \
+	/etc/exim4/update-exim4.conf.conf
 
 #cat >> /etc/exim4/passwd.client <<EOT
 #mail.cihar.com:$WEBLATE_DOMAIN:$EXIM_PASS
diff --git a/install-graylog b/install-graylog
index a8b622d..519047d 100755
--- a/install-graylog
+++ b/install-graylog
@@ -3,10 +3,10 @@
 set -e
 
 if [ -n "$1" ]; then
-    WEBLATE_GRAYLOG_TOKEN="$1"
+	WEBLATE_GRAYLOG_TOKEN="$1"
 else
-    # shellcheck disable=SC1091
-    . /etc/weblate-bootstrap
+	# shellcheck disable=SC1091
+	. /etc/weblate-bootstrap
 fi
 
 # Install package
diff --git a/install-mail-delivery b/install-mail-delivery
index 8091f00..8a6f8a2 100755
--- a/install-mail-delivery
+++ b/install-mail-delivery
@@ -3,8 +3,8 @@
 set -e
 
 if [ -z "$1" ] || [ "$1" = "--help" ]; then
-    echo "Usage: install-mail-delivery HOSTNAME"
-    exit 1
+	echo "Usage: install-mail-delivery HOSTNAME"
+	exit 1
 fi
 
 ssh "$1" apt update
@@ -20,7 +20,7 @@ scp ~/Nextcloud/Weblate/Servers/Mail/DKIM/dkim.private.key "$1":/etc/exim4/dkim.
 ssh "$1" chgrp Debian-exim /etc/exim4/dkim.private.key
 ssh "$1" chmod 640 /etc/exim4/dkim.private.key
 
-ssh "$1" tee /etc/exim4/update-exim4.conf.conf << EOT
+ssh "$1" tee /etc/exim4/update-exim4.conf.conf <<EOT
 dc_eximconfig_configtype='internet'
 dc_other_hostnames=''
 dc_local_interfaces=''
@@ -36,7 +36,7 @@ dc_mailname_in_oh='true'
 dc_localdelivery='mail_spool'
 EOT
 
-ssh "$1" tee /etc/exim4/conf.d/main/00_local_settings << EOT
+ssh "$1" tee /etc/exim4/conf.d/main/00_local_settings <<EOT
 daemon_smtp_ports = 25 : 587
 REMOTE_SMTP_HELO_DATA = md.weblate.org
 MAIN_HARDCODE_PRIMARY_HOSTNAME = md.weblate.org
@@ -55,7 +55,7 @@ ssh "$1" systemctl restart exim4
 ssh "$1" ./scripts/install-graylog "'$(cat ~/.config/weblate-bootstrap/graylog_token)'"
 
 # shellcheck disable=SC2087
-ssh "$1" mail -r "noreply@weblate.org" -s "Test" -- "michal@weblate.org" << EOT
+ssh "$1" mail -r "noreply@weblate.org" -s "Test" -- "michal@weblate.org" <<EOT
 E-mail delivery from $1.
 
 --
diff --git a/install-munin b/install-munin
index 7a53b6e..93673e7 100755
--- a/install-munin
+++ b/install-munin
@@ -11,14 +11,14 @@ export PATH
 
 # Munin
 mkdir -p /etc/munin/plugin-conf.d/
-cat > /etc/munin/plugin-conf.d/postgres << EOT
+cat >/etc/munin/plugin-conf.d/postgres <<EOT
 [postgres_*]
 user weblate
 env.PGHOST 127.0.0.1
 env.PGUSER weblate
 env.PGPASSWORD weblate
 EOT
-cat > /etc/munin/plugin-conf.d/redis << EOT
+cat >/etc/munin/plugin-conf.d/redis <<EOT
 [redis]
 env.host1 127.0.0.1
 env.port1 6379
@@ -31,7 +31,7 @@ wget https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/r
 wget https://raw.githubusercontent.com/WeblateOrg/munin/master/weblate
 wget https://raw.githubusercontent.com/WeblateOrg/munin/master/ksm
 chmod +x redis weblate ksm
-cat > /etc/munin/plugin-conf.d/weblate_servers << EOT
+cat >/etc/munin/plugin-conf.d/weblate_servers <<EOT
 [weblate]
 env.SERVER https://$WEBLATE_DOMAIN/
 env.KEY
diff --git a/install-remote b/install-remote
index 2035cc0..df9fcfe 100755
--- a/install-remote
+++ b/install-remote
@@ -4,13 +4,13 @@
 set -e
 
 if [ ! -f .venv/bin/activate ]; then
-    echo "Missing virtual environment!"
-    exit 2
+	echo "Missing virtual environment!"
+	exit 2
 fi
 
 if [ -z "$1" ] || [ "$1" = "--help" ]; then
-    echo "Usage: install-remote HOSTNAME [VERSION]"
-    exit 1
+	echo "Usage: install-remote HOSTNAME [VERSION]"
+	exit 1
 fi
 
 SERVER_NAME="$1"
@@ -24,7 +24,7 @@ TMPFILE=$(mktemp --tmpdir weblate-log.XXXXXXXXXX)
 
 # Gather basic configuration
 bootstrap "$BOOTSTRAP" "$2"
-cat >> "$BOOTSTRAP" << EOT
+cat >>"$BOOTSTRAP" <<EOT
 WEBLATE_PASSWORD="$(apg -a 0 -M sncl -n 1 -x 10 -m 20)"
 EOT
 
@@ -42,14 +42,14 @@ pip install -r requirements.txt
 # debian-12 arm64: 114690389
 # debian-12 amd64: 114690387
 hcloud server create \
-    --image 114690389 \
-    --location fsn1 \
-    --name "$SERVER_NAME" \
-    --network 19990 \
-    --firewall 13110 \
-    --ssh-key 1056953 \
-    --ssh-key 1494306 \
-    --type cax11 | tee "$TMPFILE"
+	--image 114690389 \
+	--location fsn1 \
+	--name "$SERVER_NAME" \
+	--network 19990 \
+	--firewall 13110 \
+	--ssh-key 1056953 \
+	--ssh-key 1494306 \
+	--type cax11 | tee "$TMPFILE"
 
 IPADDRESS=$(sed -n 's/IPv4: \(.*\)/\1/p' "$TMPFILE")
 IP6ADDRESS=$(sed -n 's/IPv6: \(.*\)/\1/p' "$TMPFILE")
@@ -65,8 +65,8 @@ echo "Created server with address $IPADDRESS, please ensure $WEBLATE_DOMAIN poin
 read -r dummy
 
 s() {
-    # shellcheck disable=SC2029
-    ssh "root@$IPADDRESS" "$@"
+	# shellcheck disable=SC2029
+	ssh "root@$IPADDRESS" "$@"
 }
 
 # Configure mail sending
diff --git a/install-weblate b/install-weblate
index 0261aa7..5805634 100755
--- a/install-weblate
+++ b/install-weblate
@@ -10,58 +10,58 @@ cd /tmp
 # Install deps
 apt-get update
 apt-get install --no-install-recommends -y build-essential \
-    certbot \
-    curl \
-    cython3 \
-    fail2ban python3-pyinotify python3-systemd \
-    g++ \
-    gcc \
-    gettext \
-    gir1.2-pango-1.0 \
-    gir1.2-rsvg-2.0 \
-    git \
-    git-svn \
-    git-lfs \
-    gnupg \
-    libcairo2-dev \
-    libenchant-2-2 \
-    libfreetype6-dev \
-    libgirepository1.0-dev \
-    libjpeg-dev \
-    libldap2-dev \
-    libleptonica-dev \
-    libsasl2-dev \
-    libssl-dev \
-    libtesseract-dev \
-    libxml2-dev \
-    libxmlsec1-dev \
-    libxslt1-dev \
-    libyaml-dev \
-    libacl1-dev \
-    zlib1g-dev \
-    liblz4-dev \
-    libzstd-dev \
-    libxxhash-dev \
-    nginx \
-    openssh-client \
-    pkg-config \
-    postgresql-client \
-    python3-certbot-nginx \
-    python3-dev \
-    python3-gdbm \
-    python3-pip \
-    python3-virtualenv \
-    redis-server \
-    rsync \
-    subversion \
-    tesseract-ocr \
-    virtualenv \
-    uwsgi \
-    uwsgi-plugin-python3
+	certbot \
+	curl \
+	cython3 \
+	fail2ban python3-pyinotify python3-systemd \
+	g++ \
+	gcc \
+	gettext \
+	gir1.2-pango-1.0 \
+	gir1.2-rsvg-2.0 \
+	git \
+	git-svn \
+	git-lfs \
+	gnupg \
+	libcairo2-dev \
+	libenchant-2-2 \
+	libfreetype6-dev \
+	libgirepository1.0-dev \
+	libjpeg-dev \
+	libldap2-dev \
+	libleptonica-dev \
+	libsasl2-dev \
+	libssl-dev \
+	libtesseract-dev \
+	libxml2-dev \
+	libxmlsec1-dev \
+	libxslt1-dev \
+	libyaml-dev \
+	libacl1-dev \
+	zlib1g-dev \
+	liblz4-dev \
+	libzstd-dev \
+	libxxhash-dev \
+	nginx \
+	openssh-client \
+	pkg-config \
+	postgresql-client \
+	python3-certbot-nginx \
+	python3-dev \
+	python3-gdbm \
+	python3-pip \
+	python3-virtualenv \
+	redis-server \
+	rsync \
+	subversion \
+	tesseract-ocr \
+	virtualenv \
+	uwsgi \
+	uwsgi-plugin-python3
 
 # Install ruby deps for licesee
 apt-get install -y \
-    ruby bundler cmake pkg-config git libssl-dev ruby-dev
+	ruby bundler cmake pkg-config git libssl-dev ruby-dev
 
 # Add user
 adduser weblate --disabled-password --gecos Weblate
@@ -82,42 +82,42 @@ sudo -u weblate cp "$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/web
 
 # shellcheck disable=SC1004
 sed -i \
-    -e "s#^DATA_DIR.*#DATA_DIR = \"$WEBLATE_HOME/data\"#" \
-    -e 's#^ENABLE_HTTPS.*#ENABLE_HTTPS = True#' \
-    -e 's#^SERVER_EMAIL.*#SERVER_EMAIL = "noreply@weblate.org"#' \
-    -e 's#^DEFAULT_FROM_EMAIL.*#DEFAULT_FROM_EMAIL = "noreply@weblate.org"#' \
-    -e "s#^SECRET_KEY.*#SECRET_KEY = '$WEBLATE_SECRET'#" \
-    -e "s#^SITE_TITLE.*#SITE_TITLE = '$WEBLATE_TITLE'#" \
-    -e "s#^SITE_DOMAIN.*#SITE_DOMAIN = '$WEBLATE_DOMAIN'#" \
-    -e "s#^SENTRY_DSN.*#SENTRY_DSN = '$WEBLATE_SENTRY'#" \
-    -e "s#^SENTRY_ENVIRONMENT.*#SENTRY_ENVIRONMENT = SITE_DOMAIN#" \
-    -e "/HiredisParser/ D" \
-    -e "/SENTRY_DSN/ a \
+	-e "s#^DATA_DIR.*#DATA_DIR = \"$WEBLATE_HOME/data\"#" \
+	-e 's#^ENABLE_HTTPS.*#ENABLE_HTTPS = True#' \
+	-e 's#^SERVER_EMAIL.*#SERVER_EMAIL = "noreply@weblate.org"#' \
+	-e 's#^DEFAULT_FROM_EMAIL.*#DEFAULT_FROM_EMAIL = "noreply@weblate.org"#' \
+	-e "s#^SECRET_KEY.*#SECRET_KEY = '$WEBLATE_SECRET'#" \
+	-e "s#^SITE_TITLE.*#SITE_TITLE = '$WEBLATE_TITLE'#" \
+	-e "s#^SITE_DOMAIN.*#SITE_DOMAIN = '$WEBLATE_DOMAIN'#" \
+	-e "s#^SENTRY_DSN.*#SENTRY_DSN = '$WEBLATE_SENTRY'#" \
+	-e "s#^SENTRY_ENVIRONMENT.*#SENTRY_ENVIRONMENT = SITE_DOMAIN#" \
+	-e "/HiredisParser/ D" \
+	-e "/SENTRY_DSN/ a \
 SENTRY_TOKEN = '$WEBLATE_SENTRY_TOKEN'" \
-    -e "s#^        \"PASSWORD\":.*#        \"PASSWORD\": '$POSTGRES_PASS',#" \
-    -e "s#.*your_email@example.com.*#    ('Michal Čihař', 'michal@cihar.com'),#" \
-    -e '/social_core.pipeline.social_auth.load_extra_data/ a \
+	-e "s#^        \"PASSWORD\":.*#        \"PASSWORD\": '$POSTGRES_PASS',#" \
+	-e "s#.*your_email@example.com.*#    ('Michal Čihař', 'michal@cihar.com'),#" \
+	-e '/social_core.pipeline.social_auth.load_extra_data/ a \
     "weblate.legal.pipeline.tos_confirm",' \
-    -e '/weblate.middleware.SecurityMiddleware/ a \
+	-e '/weblate.middleware.SecurityMiddleware/ a \
     "weblate.legal.middleware.RequireTOSMiddleware",' \
-    -e '/weblate.gitexport/ a \
+	-e '/weblate.gitexport/ a \
     "wllegal",' \
-    -e '/weblate.gitexport/ a \
+	-e '/weblate.gitexport/ a \
     "weblate.legal",' \
-    -e 's#^MT_APERTIUM_APY.*#MT_APERTIUM_APY = "http://172.16.0.9:2737/"#' \
-    -e 's/^# MT_SERVICES/MT_SERVICES/' \
-    -e 's/^#     "weblate.machinery.apertium./   "weblate.machinery.apertium./' \
-    -e 's/^#     "weblate.machinery.weblatetm./    "weblate.machinery.weblatetm./' \
-    -e 's/^#     "weblate.memory.machine/    "weblate.memory.machine/' \
-    -e 's/^DEBUG =.*/DEBUG = False/' \
-    -e 's/"admin.E408"/"admin.E408", "weblate.E012", "weblate.E013"/' \
-    -e 's/^REGISTRATION_OPEN =.*/REGISTRATION_OPEN = False/' \
-    -e 's/^REQUIRE_LOGIN =.*/REQUIRE_LOGIN = True/' \
-    -e 's/^COMPRESS_OFFLINE =.*/COMPRESS_OFFLINE = True/' \
-    -e 's/#     "weblate.machinery.apertium.ApertiumAPYTranslation",/"weblate.machinery.apertium.ApertiumAPYTranslation",/' \
-    "$SETTINGS_PY"
+	-e 's#^MT_APERTIUM_APY.*#MT_APERTIUM_APY = "http://172.16.0.9:2737/"#' \
+	-e 's/^# MT_SERVICES/MT_SERVICES/' \
+	-e 's/^#     "weblate.machinery.apertium./   "weblate.machinery.apertium./' \
+	-e 's/^#     "weblate.machinery.weblatetm./    "weblate.machinery.weblatetm./' \
+	-e 's/^#     "weblate.memory.machine/    "weblate.memory.machine/' \
+	-e 's/^DEBUG =.*/DEBUG = False/' \
+	-e 's/"admin.E408"/"admin.E408", "weblate.E012", "weblate.E013"/' \
+	-e 's/^REGISTRATION_OPEN =.*/REGISTRATION_OPEN = False/' \
+	-e 's/^REQUIRE_LOGIN =.*/REQUIRE_LOGIN = True/' \
+	-e 's/^COMPRESS_OFFLINE =.*/COMPRESS_OFFLINE = True/' \
+	-e 's/#     "weblate.machinery.apertium.ApertiumAPYTranslation",/"weblate.machinery.apertium.ApertiumAPYTranslation",/' \
+	"$SETTINGS_PY"
 
-cat << EOT >> "$SETTINGS_PY"
+cat <<EOT >>"$SETTINGS_PY"
 
 # Hosted customization
 ADMINS_CONTACT = ['care@weblate.org']
@@ -131,15 +131,15 @@ EOT
 # Fill the database
 sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate migrate
 if [ -n "$WEBLATE_PASSWORD" ]; then
-    sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD"
+	sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD"
 else
-    sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař'
+	sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař'
 fi
 sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate collectstatic --noinput
 sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate compress --force
 # Track deploy at Sentry
 if ! grep -q "SENTRY_TOKEN = ''" "$SETTINGS_PY"; then
-    sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/weblate" sentry_deploy
+	sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/weblate" sentry_deploy
 fi
 
 # Celery and uwsgi
@@ -156,7 +156,7 @@ systemctl restart uwsgi.service
 
 # SSL cert
 if [ "$1" != "--nocert" ]; then
-    certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
+	certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
 fi
 
 # Enable http/2
@@ -168,7 +168,7 @@ sed -i 's/^\t# gzip/\tgzip/' /etc/nginx/nginx.conf
 # Hide server version
 sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
 # Weblate nginx snippet
-cat > /etc/nginx/snippets/weblate.conf << EOT
+cat >/etc/nginx/snippets/weblate.conf <<EOT
     location /static/ {
         # DATA_DIR/static/
         alias $WEBLATE_HOME/data/static/;
diff --git a/install-weblate-docker b/install-weblate-docker
index 788c2eb..8c7230a 100755
--- a/install-weblate-docker
+++ b/install-weblate-docker
@@ -6,29 +6,29 @@ set -e
 . /etc/weblate-bootstrap
 
 if [ "$1" = "--nocert" ]; then
-    CERT=0
-    shift
+	CERT=0
+	shift
 else
-    CERT=1
+	CERT=1
 fi
 
 if [ "$1" = "--nomail" ]; then
-    IGNORE_CHECKS=,weblate.E003
-    shift
+	IGNORE_CHECKS=,weblate.E003
+	shift
 else
-    IGNORE_CHECKS=""
+	IGNORE_CHECKS=""
 fi
 
 if [ "$1" = "--migrate" ]; then
-    MIGRATE=1
-    CERT=0
-    shift
+	MIGRATE=1
+	CERT=0
+	shift
 else
-    MIGRATE=0
+	MIGRATE=0
 fi
 
 if [ "$MIGRATE" -eq 0 ]; then
-    adduser weblate --disabled-password --gecos Weblate
+	adduser weblate --disabled-password --gecos Weblate
 fi
 usermod --append --groups adm weblate
 usermod --append --groups docker weblate
@@ -39,32 +39,32 @@ WEBLATE_DOCKER="$WEBLATE_HOME/weblate"
 cd /tmp
 apt-get update
 apt-get install --no-install-recommends -y fail2ban python3-pyinotify python3-systemd \
-    systemd-timesyncd \
-    rsyslog \
-    nginx \
-    openssh-client \
-    python3-certbot-nginx \
-    git
+	systemd-timesyncd \
+	rsyslog \
+	nginx \
+	openssh-client \
+	python3-certbot-nginx \
+	git
 
 # Legal stuff
 sudo -u weblate git clone https://github.com/WeblateOrg/wllegal.git $WEBLATE_HOME/wllegal
 
 # SSL cert
 if [ "$CERT" -eq 1 ]; then
-    certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
+	certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
 fi
 
 # Enable http/2
 sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
 if [ "$MIGRATE" -eq 0 ]; then
-    # Enable status locally
-    sed -i '/server_name _/a location = /nginx_status {\n    stub_status;\n}' /etc/nginx/sites-available/default
+	# Enable status locally
+	sed -i '/server_name _/a location = /nginx_status {\n    stub_status;\n}' /etc/nginx/sites-available/default
 fi
 # Hide server version
 sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
 
 # Weblate nginx snippet
-cat > /etc/nginx/snippets/weblate.conf << EOT
+cat >/etc/nginx/snippets/weblate.conf <<EOT
     location / {
         proxy_pass http://127.0.0.1:8080;
         proxy_read_timeout 3600s;
@@ -89,20 +89,20 @@ cat > /etc/nginx/snippets/weblate.conf << EOT
 EOT
 
 if [ "$MIGRATE" -eq 0 ]; then
-    # Insert include after first server_name stanza
-    sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
-    # Delete default location, replaced by snippet
-    sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
+	# Insert include after first server_name stanza
+	sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
+	# Delete default location, replaced by snippet
+	sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
 fi
 systemctl enable nginx.service
 systemctl restart nginx.service
 
 # Fail2ban
 if [ ! -d "$WEBLATE_HOME/fail2ban" ]; then
-    sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
-    ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
-    ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
-    systemctl restart fail2ban.service
+	sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
+	ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
+	ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
+	systemctl restart fail2ban.service
 fi
 
 # Install Weblate dirs
@@ -111,9 +111,9 @@ mkdir -p "$WEBLATE_DOCKER" "$WEBLATE_HOME/cache" "$WEBLATE_HOME/data" "$WEBLATE_
 # Go to the docker dir
 cd "$WEBLATE_DOCKER"
 
-curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/docker-compose.yml > docker-compose.yml
-curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/environment > environment
-cat > docker-compose.override.yml << EOT
+curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/docker-compose.yml >docker-compose.yml
+curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/environment >environment
+cat >docker-compose.override.yml <<EOT
 services:
   weblate:
     image: weblate/weblate:latest
@@ -153,7 +153,7 @@ volumes:
       device: '$WEBLATE_HOME/redis'
 EOT
 
-cat >> environment << EOT
+cat >>environment <<EOT
 
 # E-mail setup
 WEBLATE_EMAIL_HOST=172.16.0.84
@@ -200,7 +200,7 @@ chown -R weblate:weblate $WEBLATE_HOME
 sudo -u weblate docker compose pull
 
 if [ "$MIGRATE" -eq 1 ]; then
-    exit 0
+	exit 0
 fi
 
 # Start Weblate
@@ -211,18 +211,18 @@ sudo -u weblate docker compose logs
 
 # Track deploy to Sentry
 if [ -n "$WEBLATE_SENTRY_TOKEN" ]; then
-    sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy || true
+	sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy || true
 fi
 
 # Create admin user
 if [ -n "$WEBLATE_PASSWORD" ]; then
-    sudo -u weblate docker compose exec --user weblate weblate weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD" --update
+	sudo -u weblate docker compose exec --user weblate weblate weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD" --update
 fi
 
 # Machinery configuration
 if [ "$CERT" -eq 1 ]; then
-    sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service libretranslate --configuration '{"key": "", "url": "http://172.16.0.9:5000/"}'
-    sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service apertium-apy --configuration '{"url": "http://172.16.0.9:2737/"}'
+	sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service libretranslate --configuration '{"key": "", "url": "http://172.16.0.9:5000/"}'
+	sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service apertium-apy --configuration '{"url": "http://172.16.0.9:2737/"}'
 fi
 
 # Check
diff --git a/migrate-docker b/migrate-docker
index 7b605be..3639e4e 100755
--- a/migrate-docker
+++ b/migrate-docker
@@ -22,7 +22,7 @@ install-docker
 # Stop services, wait for empty queue
 systemctl stop uwsgi
 while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]'; do
-    sleep 1
+	sleep 1
 done
 systemctl stop celery-weblate
 systemctl disable celery-weblate
@@ -33,13 +33,13 @@ install-weblate-docker "$@" --migrate
 
 # Dump PostgreSQL and load it to Docker
 # shellcheck disable=SC2024
-sudo -u "postgres" pg_dump --no-privileges --no-owner --clean --if-exists weblate > "$WEBLATE_HOME/weblate.sql"
+sudo -u "postgres" pg_dump --no-privileges --no-owner --clean --if-exists weblate >"$WEBLATE_HOME/weblate.sql"
 systemctl stop postgresql
 
 cd "$WEBLATE_DOCKER"
 docker compose up -d database --wait
 sleep 60
-docker compose exec -T database psql --username weblate --dbname weblate < "$WEBLATE_HOME/weblate.sql"
+docker compose exec -T database psql --username weblate --dbname weblate <"$WEBLATE_HOME/weblate.sql"
 
 # Move redis data
 cp /var/lib/redis/dump.rdb "$WEBLATE_HOME/redis"
@@ -50,9 +50,9 @@ chown -R 1000:1000 "$WEBLATE_HOME/data"
 
 # Cleanup system packages
 apt-get purge -y \
-    redis-server \
-    uwsgi \
-    postgresql
+	redis-server \
+	uwsgi \
+	postgresql
 
 # Start Weblate
 sudo -u weblate docker compose up -d --wait
@@ -62,7 +62,7 @@ sudo -u weblate docker compose logs
 
 # Track deploy to Sentry
 if [ -n "$WEBLATE_SENTRY_TOKEN" ]; then
-    sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy
+	sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy
 fi
 
 # Check
diff --git a/upgrade-nginx-ssl b/upgrade-nginx-ssl
index 36f4013..3e1a882 100755
--- a/upgrade-nginx-ssl
+++ b/upgrade-nginx-ssl
@@ -9,7 +9,7 @@ sed -i '/\/etc\/letsencrypt\/options-ssl-nginx.conf/ D' /etc/nginx/sites-availab
 sed -i -e '/ssl_protocols/D' -e '/ssl_prefer_server_ciphers/D' /etc/nginx/nginx.conf
 
 # Update SSL config
-cat > /etc/nginx/conf.d/ssl.conf << EOT
+cat >/etc/nginx/conf.d/ssl.conf <<EOT
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;
@@ -26,7 +26,7 @@ EOT
 
 # Update DH params
 if [ ! -f /etc/nginx/ffdhe4096.pem ]; then
-    curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ffdhe4096.pem
+	curl https://ssl-config.mozilla.org/ffdhe2048.txt >/etc/nginx/ffdhe4096.pem
 fi
 
 # Reload ngxin
diff --git a/upgrade-weblate b/upgrade-weblate
index 10a4e01..2827467 100755
--- a/upgrade-weblate
+++ b/upgrade-weblate
@@ -5,73 +5,73 @@ set -e
 cd /tmp
 
 if [ -f /etc/weblate-bootstrap ]; then
-    # shellcheck disable=SC1091
-    . /etc/weblate-bootstrap
+	# shellcheck disable=SC1091
+	. /etc/weblate-bootstrap
 fi
 
 DO_DIFF=1
 LAZY_RESTART=0
 
 usage() {
-    echo "Usage: upgrade-weblate [--no-diff] [--lazy-restart]"
+	echo "Usage: upgrade-weblate [--no-diff] [--lazy-restart]"
 }
 
 PARSED_ARGUMENTS=$(getopt -a -n upgrade-weblate -o drh --long help,nodiff,no-diff,lazy-restart -- "$@")
 VALID_ARGUMENTS=$?
 if [ "$VALID_ARGUMENTS" != "0" ]; then
-    echo "Invalid arguments"
-    usage
-    exit 1
+	echo "Invalid arguments"
+	usage
+	exit 1
 fi
 eval set -- "$PARSED_ARGUMENTS"
 while :; do
-    case "$1" in
-    -d | --nodiff | --no-diff)
-        DO_DIFF=0
-        shift
-        ;;
-    -r | --lazy-restart)
-        LAZY_RESTART=1
-        shift
-        ;;
-    -h | --help)
-        usage
-        exit
-        ;;
-    --)
-        shift
-        break
-        ;;
-    *)
-        echo "Unexpected option: $1 - this should not happen."
-        usage
-        exit 1
-        ;;
-    esac
+	case "$1" in
+	-d | --nodiff | --no-diff)
+		DO_DIFF=0
+		shift
+		;;
+	-r | --lazy-restart)
+		LAZY_RESTART=1
+		shift
+		;;
+	-h | --help)
+		usage
+		exit
+		;;
+	--)
+		shift
+		break
+		;;
+	*)
+		echo "Unexpected option: $1 - this should not happen."
+		usage
+		exit 1
+		;;
+	esac
 done
 
 # Detect user
 if [ -n "$WEBLATE_USERNAME" ]; then
-    USERNAME=$WEBLATE_USERNAME
+	USERNAME=$WEBLATE_USERNAME
 else
-    for u in weblate ec2-user apache; do
-        if id $u > /dev/null 2>&1; then
-            USERNAME=$u
-            break
-        fi
-    done
+	for u in weblate ec2-user apache; do
+		if id $u >/dev/null 2>&1; then
+			USERNAME=$u
+			break
+		fi
+	done
 fi
 if [ -z "$USERNAME" ]; then
-    echo "Could not detect username!"
-    exit 1
+	echo "Could not detect username!"
+	exit 1
 fi
 
 if [ "$USERNAME" = root ] && [ -d /opt/weblate ]; then
-    WEBLATE_HOME=/opt/weblate
-    WEBLATE_USERNAME=apache
+	WEBLATE_HOME=/opt/weblate
+	WEBLATE_USERNAME=apache
 else
-    WEBLATE_HOME=$(getent passwd "$USERNAME" | cut -d: -f 6)
-    WEBLATE_USERNAME=$USERNAME
+	WEBLATE_HOME=$(getent passwd "$USERNAME" | cut -d: -f 6)
+	WEBLATE_USERNAME=$USERNAME
 fi
 
 # At this point:
@@ -79,173 +79,173 @@ fi
 # USERNAME is user owning Weblate sources
 
 if [ -f "$WEBLATE_HOME/weblate/docker-compose.override.yml" ]; then
-    # Docker based upgrade
-    cd "$WEBLATE_HOME/weblate"
-    sudo -u weblate docker compose pull
-    sudo -u weblate docker compose up -d --wait
-    sudo -u weblate docker compose logs
-    sudo -u weblate docker image prune --all --force
-    sudo -u weblate docker compose exec --user weblate weblate weblate check --deploy || true
-    sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy || true
+	# Docker based upgrade
+	cd "$WEBLATE_HOME/weblate"
+	sudo -u weblate docker compose pull
+	sudo -u weblate docker compose up -d --wait
+	sudo -u weblate docker compose logs
+	sudo -u weblate docker image prune --all --force
+	sudo -u weblate docker compose exec --user weblate weblate weblate check --deploy || true
+	sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy || true
 
 else
 
-    # Detect web service
-    for service in gunicorn.service uwsgi.service httpd.service; do
-        if systemctl cat -- $service > /dev/null 2>&1; then
-            SERVICE=$service
-            break
-        fi
-    done
-    if [ -z "$SERVICE" ]; then
-        echo "Could not detect web service!"
-        exit 1
-    fi
+	# Detect web service
+	for service in gunicorn.service uwsgi.service httpd.service; do
+		if systemctl cat -- $service >/dev/null 2>&1; then
+			SERVICE=$service
+			break
+		fi
+	done
+	if [ -z "$SERVICE" ]; then
+		echo "Could not detect web service!"
+		exit 1
+	fi
 
-    if [ "$WEBLATE_HOME" = /opt/weblate ]; then
-        WEBLATE_ENV="/opt/weblate"
-    else
-        WEBLATE_ENV="$WEBLATE_HOME/weblate-env"
-    fi
+	if [ "$WEBLATE_HOME" = /opt/weblate ]; then
+		WEBLATE_ENV="/opt/weblate"
+	else
+		WEBLATE_ENV="$WEBLATE_HOME/weblate-env"
+	fi
 
-    PYVER="$("$WEBLATE_ENV/bin/python" -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')"
+	PYVER="$("$WEBLATE_ENV/bin/python" -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')"
 
-    if [ -d "$WEBLATE_HOME/weblate-src" ]; then
-        WEBLATE_DIR="$WEBLATE_HOME/weblate-src"
-        WEBLATE_PKG="$WEBLATE_DIR"
-        PIP_ARGS="--editable"
-    elif [ -d "$WEBLATE_HOME/weblate" ]; then
-        WEBLATE_DIR="$WEBLATE_HOME/weblate"
-        WEBLATE_PKG="$WEBLATE_DIR"
-        PIP_ARGS="--editable"
-    else
-        WEBLATE_DIR="$WEBLATE_ENV/lib/python$PYVER/site-packages"
-        WEBLATE_PKG="Weblate"
-        PIP_ARGS=""
-    fi
-    WEBLATE_FLAGS="all,zxcvbn,wllegal"
-    if [ -d "$WEBLATE_HOME/hosted" ]; then
-        PIP_ARGS="--editable $WEBLATE_HOME/hosted $PIP_ARGS"
-        WEBLATE_FLAGS="$WEBLATE_FLAGS,mysql,saml2idp"
-    fi
+	if [ -d "$WEBLATE_HOME/weblate-src" ]; then
+		WEBLATE_DIR="$WEBLATE_HOME/weblate-src"
+		WEBLATE_PKG="$WEBLATE_DIR"
+		PIP_ARGS="--editable"
+	elif [ -d "$WEBLATE_HOME/weblate" ]; then
+		WEBLATE_DIR="$WEBLATE_HOME/weblate"
+		WEBLATE_PKG="$WEBLATE_DIR"
+		PIP_ARGS="--editable"
+	else
+		WEBLATE_DIR="$WEBLATE_ENV/lib/python$PYVER/site-packages"
+		WEBLATE_PKG="Weblate"
+		PIP_ARGS=""
+	fi
+	WEBLATE_FLAGS="all,zxcvbn,wllegal"
+	if [ -d "$WEBLATE_HOME/hosted" ]; then
+		PIP_ARGS="--editable $WEBLATE_HOME/hosted $PIP_ARGS"
+		WEBLATE_FLAGS="$WEBLATE_FLAGS,mysql,saml2idp"
+	fi
 
-    # Backup settings
-    cp "$WEBLATE_DIR/weblate/settings.py" "/root/weblate-settings-$(date -I).py"
+	# Backup settings
+	cp "$WEBLATE_DIR/weblate/settings.py" "/root/weblate-settings-$(date -I).py"
 
-    # Upgrade pip
-    sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" install -U pip wheel
+	# Upgrade pip
+	sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" install -U pip wheel
 
-    # Prebuild wheels, they are stored in the cache
-    WHEELS=$(mktemp -d)
-    chown "$USERNAME" "$WHEELS"
-    sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" wheel --wheel-dir "$WHEELS" "Weblate[${WEBLATE_FLAGS}]" 'pygobject<3.52'
-    rm -rf "$WHEELS"
+	# Prebuild wheels, they are stored in the cache
+	WHEELS=$(mktemp -d)
+	chown "$USERNAME" "$WHEELS"
+	sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" wheel --wheel-dir "$WHEELS" "Weblate[${WEBLATE_FLAGS}]" 'pygobject<3.52'
+	rm -rf "$WHEELS"
 
-    if [ $LAZY_RESTART -eq 0 ]; then
-        # Stop web
-        if [ "$SERVICE" = gunicorn.service ]; then
-            systemctl disable gunicorn.socket
-        fi
-        systemctl stop "$SERVICE"
-        # Wait for celery to process all jobs
-        while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]'; do
-            sleep 1
-        done
+	if [ $LAZY_RESTART -eq 0 ]; then
+		# Stop web
+		if [ "$SERVICE" = gunicorn.service ]; then
+			systemctl disable gunicorn.socket
+		fi
+		systemctl stop "$SERVICE"
+		# Wait for celery to process all jobs
+		while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]'; do
+			sleep 1
+		done
 
-        # Stop celery
-        systemctl stop celery-weblate.service
-        for WORKER in $WEBLATE_WORKERS; do
-            ssh "root@$WORKER" systemctl stop celery-weblate.service
-        done
-    fi
+		# Stop celery
+		systemctl stop celery-weblate.service
+		for WORKER in $WEBLATE_WORKERS; do
+			ssh "root@$WORKER" systemctl stop celery-weblate.service
+		done
+	fi
 
-    # Upgrade modules
-    if [ "$WEBLATE_PKG" != "Weblate" ]; then
-        OLD_DIR=$PWD
-        cd "$WEBLATE_DIR"
-        git config --global safe.directory "$WEBLATE_DIR"
-        OLD_HEAD=$(git log -n1 --format=%H)
-        sudo -u "$USERNAME" sh -c "cd $WEBLATE_DIR; git pull"
-        if [ -d "$WEBLATE_HOME/hosted" ]; then
-            sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; git pull -q"
-        fi
-        if [ "$DO_DIFF" -eq 1 ] && git diff --exit-code "$OLD_HEAD".. -- weblate/settings_example.py > /dev/null; then
-            DO_DIFF="0"
-        fi
-        cd "$OLD_DIR"
-    fi
-    # shellcheck disable=SC2086
-    sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" install 'pygobject<3.52' --upgrade-strategy eager --upgrade $PIP_ARGS "${WEBLATE_PKG}[${WEBLATE_FLAGS}]"
+	# Upgrade modules
+	if [ "$WEBLATE_PKG" != "Weblate" ]; then
+		OLD_DIR=$PWD
+		cd "$WEBLATE_DIR"
+		git config --global safe.directory "$WEBLATE_DIR"
+		OLD_HEAD=$(git log -n1 --format=%H)
+		sudo -u "$USERNAME" sh -c "cd $WEBLATE_DIR; git pull"
+		if [ -d "$WEBLATE_HOME/hosted" ]; then
+			sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; git pull -q"
+		fi
+		if [ "$DO_DIFF" -eq 1 ] && git diff --exit-code "$OLD_HEAD".. -- weblate/settings_example.py >/dev/null; then
+			DO_DIFF="0"
+		fi
+		cd "$OLD_DIR"
+	fi
+	# shellcheck disable=SC2086
+	sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" install 'pygobject<3.52' --upgrade-strategy eager --upgrade $PIP_ARGS "${WEBLATE_PKG}[${WEBLATE_FLAGS}]"
 
-    # Adjust configuration
-    if [ "$DO_DIFF" -eq 1 ]; then
-        vimdiff "$WEBLATE_DIR/weblate/settings_example.py" "$WEBLATE_DIR/weblate/settings.py"
-    fi
-    if [ -z "$WEBLATE_WORKERS" ]; then
-        sed "s@/home/weblate/weblate-env@$WEBLATE_ENV@" "$WEBLATE_DIR/weblate/examples/celery-weblate.conf" > /etc/default/celery-weblate
-    fi
+	# Adjust configuration
+	if [ "$DO_DIFF" -eq 1 ]; then
+		vimdiff "$WEBLATE_DIR/weblate/settings_example.py" "$WEBLATE_DIR/weblate/settings.py"
+	fi
+	if [ -z "$WEBLATE_WORKERS" ]; then
+		sed "s@/home/weblate/weblate-env@$WEBLATE_ENV@" "$WEBLATE_DIR/weblate/examples/celery-weblate.conf" >/etc/default/celery-weblate
+	fi
 
-    # Migrate database, compile gettext and collect static files
-    sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" migrate
-    sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" ensure_stats
-    sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" collectstatic --noinput
-    sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" compress --force
-    if ! grep -q UPDATE_LANGUAGES "$WEBLATE_DIR/weblate/settings.py"; then
-        sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" setuplang
-    fi
-    if [ "$WEBLATE_DIR" = "$WEBLATE_HOME/weblate" ]; then
-        sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_DIR; $WEBLATE_ENV/bin/weblate compilemessages"
-        if [ -d "$WEBLATE_HOME/hosted" ]; then
-            sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; $WEBLATE_ENV/bin/weblate compilemessages"
-        fi
-    fi
-    # Track deploy at Sentry
-    if ! grep -q "SENTRY_TOKEN = ''" "$WEBLATE_DIR/weblate/settings.py"; then
-        sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" sentry_deploy
-    fi
+	# Migrate database, compile gettext and collect static files
+	sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" migrate
+	sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" ensure_stats
+	sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" collectstatic --noinput
+	sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" compress --force
+	if ! grep -q UPDATE_LANGUAGES "$WEBLATE_DIR/weblate/settings.py"; then
+		sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" setuplang
+	fi
+	if [ "$WEBLATE_DIR" = "$WEBLATE_HOME/weblate" ]; then
+		sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_DIR; $WEBLATE_ENV/bin/weblate compilemessages"
+		if [ -d "$WEBLATE_HOME/hosted" ]; then
+			sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; $WEBLATE_ENV/bin/weblate compilemessages"
+		fi
+	fi
+	# Track deploy at Sentry
+	if ! grep -q "SENTRY_TOKEN = ''" "$WEBLATE_DIR/weblate/settings.py"; then
+		sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" sentry_deploy
+	fi
 
-    # Start the services
-    if [ $LAZY_RESTART -eq 0 ]; then
-        systemctl start celery-weblate.service
-        for WORKER in $WEBLATE_WORKERS; do
-            ssh "root@$WORKER" systemctl start celery-weblate.service
-        done
-        systemctl start "$SERVICE"
-        if [ "$SERVICE" = gunicorn.service ]; then
-            systemctl enable gunicorn.socket
-        fi
-    else
-        systemctl restart celery-weblate.service &
-        for WORKER in $WEBLATE_WORKERS; do
-            ssh "root@$WORKER" systemctl restart celery-weblate.service &
-        done
-        systemctl restart "$SERVICE"
-    fi
+	# Start the services
+	if [ $LAZY_RESTART -eq 0 ]; then
+		systemctl start celery-weblate.service
+		for WORKER in $WEBLATE_WORKERS; do
+			ssh "root@$WORKER" systemctl start celery-weblate.service
+		done
+		systemctl start "$SERVICE"
+		if [ "$SERVICE" = gunicorn.service ]; then
+			systemctl enable gunicorn.socket
+		fi
+	else
+		systemctl restart celery-weblate.service &
+		for WORKER in $WEBLATE_WORKERS; do
+			ssh "root@$WORKER" systemctl restart celery-weblate.service &
+		done
+		systemctl restart "$SERVICE"
+	fi
 fi
 
 # Upgrade legal
 if [ -d "$WEBLATE_HOME/wllegal" ]; then
-    sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/wllegal && git pull"
+	sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/wllegal && git pull"
 fi
 
 # Upgrade munin plugin
 if [ -d /usr/share/munin/plugins ]; then
-    wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/weblate > /usr/share/munin/plugins/weblate
-    wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/ksm > /usr/share/munin/plugins/ksm
+	wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/weblate >/usr/share/munin/plugins/weblate
+	wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/ksm >/usr/share/munin/plugins/ksm
 fi
 
 # Upgrade fail2ban
 if [ -d "$WEBLATE_HOME/fail2ban" ]; then
-    sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/fail2ban && git pull"
-    # shellcheck disable=SC2086
-    ln -sf $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
-    # shellcheck disable=SC2086
-    ln -sf $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
-    # shellcheck disable=SC2086
-    ln -sf $WEBLATE_HOME/fail2ban/action.d/* /etc/fail2ban/action.d/
-    systemctl reload fail2ban.service
+	sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/fail2ban && git pull"
+	# shellcheck disable=SC2086
+	ln -sf $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
+	# shellcheck disable=SC2086
+	ln -sf $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
+	# shellcheck disable=SC2086
+	ln -sf $WEBLATE_HOME/fail2ban/action.d/* /etc/fail2ban/action.d/
+	systemctl reload fail2ban.service
 fi
 
 if [ -n "$WEBLATE_WORKERS" ]; then
-    echo "Celery configuration not updated, using remote workers!"
+	echo "Celery configuration not updated, using remote workers!"
 fi