diff --git a/bundles/pleroma/files/pleroma.config.exs b/bundles/pleroma/files/pleroma.config.exs
index 27564a8..f58705f 100644
--- a/bundles/pleroma/files/pleroma.config.exs
+++ b/bundles/pleroma/files/pleroma.config.exs
@@ -40,5 +40,4 @@ config :pleroma, Pleroma.Repo,
   database: "pleroma",
   hostname: "localhost",
   pool_size: 10,
-  timeout: 60000,
-  pool_timeout: 60000
+  timeout: 60000
diff --git a/bundles/pleroma/files/pleroma.service b/bundles/pleroma/files/pleroma.service
new file mode 100644
index 0000000..1fc7c0b
--- /dev/null
+++ b/bundles/pleroma/files/pleroma.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Pleroma social network
+After=network.target
+Requires=postgresql.service
+
+[Service]
+User=pleroma
+WorkingDirectory=/opt/pleroma
+Environment="HOME=/opt/pleroma"
+Environment="PLEROMA_CONFIG_PATH=/opt/pleroma/pleroma.config.exs"
+Environment="PLUG_TMPDIR=/tmp/pleroma"
+ExecStart=/opt/pleroma/release/bin/pleroma start
+ExecStop=/opt/pleroma/release/bin/pleroma stop
+Restart=on-failure
+
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bundles/pleroma/items.py b/bundles/pleroma/items.py
index dac7c34..a03b973 100644
--- a/bundles/pleroma/items.py
+++ b/bundles/pleroma/items.py
@@ -31,25 +31,58 @@ actions = {
     'pleroma_download_release': {
         'command': \
             'cd /opt/pleroma/ && '\
-            f'wget -O/opt/pleroma/pleroma.zip https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=amd64 && '\
+            f'wget -O/opt/pleroma/pleroma.zip https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/release/{version}/download?job=amd64 && '\
             'rm -rf release && '\
-            'unzip /opt/pleroma/pleroma.zip',
+            'unzip /opt/pleroma/pleroma.zip && '\
+            'chown -R pleroma:pleroma /opt/pleroma/release && '\
+            f'echo -n "{version}" > /opt/pleroma/.bundlewrap_installed_version',
         'unless': f'[ "$(cat /opt/pleroma/.bundlewrap_installed_version)" = "{version}" ]',
         'needs': {
             'directory:/opt/pleroma',
         },
+        'preceded_by': {
+            'svc_systemd:pleroma:stop',
+        },
+        'triggers': {
+            'action:pleroma_migrate_database',
+            'svc_systemd:pleroma:restart',
+        },
     },
-    'pleroma_create_schema': {
+    'pleroma_migrate_database': {
         'triggered': True,
-        'command': 'sudo -u pleroma /opt/pleroma/src/rel/files/bin/pleroma_ctl create',
-        'triggered_by': {
+        'command': \
+            'echo "CREATE EXTENSION IF NOT EXISTS citext;" | psql pleroma && '\
+            'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm;" | psql pleroma && '\
+            'echo "CREATE EXTENSION IF NOT EXISTS \\\"uuid-ossp\\\";" | psql pleroma && '\
+            'sudo -u pleroma PLEROMA_CONFIG_PATH=/opt/pleroma/pleroma.config.exs /opt/pleroma/release/bin/pleroma_ctl create',
+        'needs': {
             'postgres_db:pleroma',
         },
-    }.
+    },
 }
 
 files = {
+    '/etc/systemd/system/pleroma.service': {
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:pleroma:restart',
+        },
+    },
     '/opt/pleroma/pleroma.config.exs': {
         'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:pleroma:restart',
+        },
+    },
+}
+
+svc_systemd = {
+    'pleroma': {
+        'needs': {
+            'action:pleroma_download_release',
+            'action:pleroma_migrate_database',
+            'file:/etc/systemd/system/pleroma.service',
+            'file:/opt/pleroma/pleroma.config.exs',
+        },
     },
 }
diff --git a/bundles/pleroma/metadata.py b/bundles/pleroma/metadata.py
index d60250f..1cf5a74 100644
--- a/bundles/pleroma/metadata.py
+++ b/bundles/pleroma/metadata.py
@@ -29,3 +29,27 @@ defaults = {
         },
     },
 }
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts/pleroma',
+)
+def nginx(metadata):
+    if not node.has_bundle('nginx'):
+        raise DoNotRunAgain
+
+    return {
+        'nginx': {
+            'vhosts': {
+                'pleroma': {
+                    'domain': metadata.get('pleroma/url'),
+                    'proxy': {
+                        '/': {
+                            'target': 'http://127.0.0.1:21000',
+                            'websockets': True,
+                        },
+                    },
+                },
+            },
+        },
+    }
diff --git a/data/nginx/files/extras/htz-cloud.pleroma/pleroma b/data/nginx/files/extras/htz-cloud.pleroma/pleroma
new file mode 100644
index 0000000..05771c4
--- /dev/null
+++ b/data/nginx/files/extras/htz-cloud.pleroma/pleroma
@@ -0,0 +1 @@
+    client_max_body_size 16m;
diff --git a/nodes/htz-cloud/pleroma.py b/nodes/htz-cloud/pleroma.py
index 118b4d7..a4d2afc 100644
--- a/nodes/htz-cloud/pleroma.py
+++ b/nodes/htz-cloud/pleroma.py
@@ -25,7 +25,7 @@ nodes['htz-cloud.pleroma'] = {
         'nginx': {
             'vhosts': {
                 'pleroma': {
-                    'domain': 'cybert-media.net',
+                    'extras': True,
                 },
             },
         },
@@ -34,7 +34,7 @@ nodes['htz-cloud.pleroma'] = {
             'url': 'cybert-media.net',
             'title': 'CYBERt Media',
             'description': '',
-            'secret_key': vault.decrypt('encrypt$gAAAAABgMSibWavxv69eNmzAtQRSeFMtaXdkc1K2fklFMDsBJk2Rcmhak5tAVVqkemtnc96Q-Ad_FrdQM9wyuqUQnUEkIr1zScInJZsbf-QCoD02yX7Gktizmlc0aUjF1HO3rdtX9TeW'),
+            'secret_key': vault.decrypt('encrypt$gAAAAABgMVXXclfxVY022fM0Fdf94Oh3sxVlK0lYyBO_CsQFEbZcMua3w1oJY8_9d1JcrCJSSeBRTDnt-ZkRCQ6xKoALo8Rl7s9DPxa7J0vHdkggeZ3IHaOyXBcBPdx8vILyKDLHRXacaynOUBOjy6RIl6Qf2wH1ASbphCcjD-Njricg4PG6Rcixm87fF60rLBjAAkRoz5ZQnXlut1rhjLj-z-7UpA68fkeyPVJXbroWBJdmvCUt92dwjuGARsku2XI22mVvjtJJ'),
         },
         'vm': {
             'cpu': 1,