3 files changed, 50 insertions, 0 deletions

diff --git a/manifests/series8/defaults.pp b/manifests/series8/defaults.pp
new file mode 100644
index 0000000..2f3958c
--- /dev/null
+++ b/manifests/series8/defaults.pp
@@ -0,0 +1,7 @@
+class php::series8::defaults {
+  php::config {
+    'error_reporting_8'     : param => 'error_reporting',     series => '8', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+    'post_max_size_8'       : param => 'post_max_size',       series => '8', value => '100M';
+    'upload_max_filesize_8' : param => 'upload_max_filesize', series => '8', value => '100M';
+  }
+}
diff --git a/manifests/series8/hardened.pp b/manifests/series8/hardened.pp
new file mode 100644
index 0000000..74b81f8
--- /dev/null
+++ b/manifests/series8/hardened.pp
@@ -0,0 +1,19 @@
+class php::series8::hardened {
+  $fpm               = $::php::fpm
+  $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
+  #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
+
+  if $fpm == 'present' {
+    php::config {
+      'allow_url_fopen_8_fpm'   : param => 'allow_url_fopen',   series => '8', sapi => 'fpm', value => 'Off';
+      'allow_url_include_8_fpm' : param => 'allow_url_include', series => '8', sapi => 'fpm', value => 'Off';
+      'disable_functions_8_fpm' : param => 'disable_functions', series => '8', sapi => 'fpm', value => $disable_functions;
+    }
+  }
+
+  php::config {
+    'allow_url_fopen_8'   : param => 'allow_url_fopen',   series => '8', value => 'Off';
+    'allow_url_include_8' : param => 'allow_url_include', series => '8', value => 'Off';
+    'disable_functions_8' : param => 'disable_functions', series => '8', value => $disable_functions;
+  }
+}
diff --git a/manifests/series8/packages.pp b/manifests/series8/packages.pp
new file mode 100644
index 0000000..e3356e9
--- /dev/null
+++ b/manifests/series8/packages.pp
@@ -0,0 +1,24 @@
+class php::series8::packages inherits php::packages {
+  $version = $::php::params::version8
+
+  package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", "php${version}-gmp", "php${version}-xml", "php${version}-mbstring", "libapache2-mod-php${version}" ]:
+    ensure  => installed,
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  # Optional packages
+  package { [ "php${version}-gd" ]:
+    ensure  => installed,
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  # Default alternative
+  if $::php::default_cli == '8' {
+    file { "/etc/alternatives/php":
+      ensure  => "/usr/bin/php${version}",
+      owner   => root,
+      group   => root,
+      require => Package["php${version}-cli"],
+    }
+  }
+}