From 5f3ed06fc85c3c9cb8d80c03d157bcc29bf75798 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 2 Nov 2017 13:01:00 -0200
Subject: Support both PHP 5 and 7, defaults to 5

---
 manifests/series5/defaults.pp         |  7 ++++
 manifests/series5/hardened.pp         |  8 +++++
 manifests/series5/packages/default.pp | 22 ++++++++++++
 manifests/series5/packages/dpa.pp     | 67 +++++++++++++++++++++++++++++++++++
 manifests/series5/packages/ppa.pp     | 55 ++++++++++++++++++++++++++++
 5 files changed, 159 insertions(+)
 create mode 100644 manifests/series5/defaults.pp
 create mode 100644 manifests/series5/hardened.pp
 create mode 100644 manifests/series5/packages/default.pp
 create mode 100644 manifests/series5/packages/dpa.pp
 create mode 100644 manifests/series5/packages/ppa.pp

(limited to 'manifests/series5')

diff --git a/manifests/series5/defaults.pp b/manifests/series5/defaults.pp
new file mode 100644
index 0000000..15cb8a2
--- /dev/null
+++ b/manifests/series5/defaults.pp
@@ -0,0 +1,7 @@
+class php::series5::defaults {
+  php::config {
+    'error_reporting'     : value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+    'post_max_size'       : value => '100M';
+    'upload_max_filesize' : value => '100M';
+  }
+}
diff --git a/manifests/series5/hardened.pp b/manifests/series5/hardened.pp
new file mode 100644
index 0000000..e512402
--- /dev/null
+++ b/manifests/series5/hardened.pp
@@ -0,0 +1,8 @@
+class php::series5::hardened {
+  php::config {
+    'allow_url_fopen'   : value => 'Off';
+    'allow_url_include' : value => 'Off';
+    'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec';
+    #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+  }
+}
diff --git a/manifests/series5/packages/default.pp b/manifests/series5/packages/default.pp
new file mode 100644
index 0000000..f16e03e
--- /dev/null
+++ b/manifests/series5/packages/default.pp
@@ -0,0 +1,22 @@
+class php::series5::packages::default {
+  # The needed packages: we could also try libapache2-mod-php5filter
+  package { [ 'php5', 'php5-mysql', 'php5-sqlite', 'php5-cli', 'php5-curl', 'php5-gmp', 'libapache2-mod-php5' ]:
+    ensure => installed,
+  }
+
+  # Optional packages
+  package { [ "php5-gd", "php5-imagick" ]:
+    ensure => installed,
+  }
+
+  # Not available anymore
+  package { 'php5-suhosin':
+    ensure => absent,
+  }
+
+  # The needed apache modules
+  apache::module { 'php5':
+    ensure  => present,
+    require => Package['libapache2-mod-php5'],
+  }
+}
diff --git a/manifests/series5/packages/dpa.pp b/manifests/series5/packages/dpa.pp
new file mode 100644
index 0000000..f9fad94
--- /dev/null
+++ b/manifests/series5/packages/dpa.pp
@@ -0,0 +1,67 @@
+class php::series5::packages::dpa {
+  file { '/etc/apt/trusted.gpg.d/deb.sury.org-php.gpg':
+    ensure  => present,
+    owner   => "root",
+    group   => "root",
+    mode    => "0644",
+    source  => 'puppet:///modules/php/deb.sury.org.gpg',
+  }
+
+  file { '/etc/apt/sources.list.d/php.list' :
+    ensure  => present,
+    owner   => "root",
+    group   => "root",
+    mode    => "0644",
+    content => "deb https://packages.sury.org/php/ ${::lsbdistcodename} main\n",
+    require => File['/etc/apt/trusted.gpg.d/deb.sury.org-php.gpg'],
+    notify  => Exec['php-apt-auto-update'],
+  }
+
+  exec { 'php-apt-auto-update':
+    command     => "/usr/bin/apt-get update",
+    user        => "root",
+    refreshonly => true,
+  }
+
+  # The needed packages: we could also try libapache2-mod-php5.6filter
+  package { 'php5':
+    name    => 'php5.6',
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  package { 'php5-cli':
+    name    => 'php5.6-cli',
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]:
+    ensure  => installed,
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  # Optional packages
+  package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]:
+    ensure  => installed,
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  # Not available anymore
+  package { 'php5.6-suhosin':
+    ensure  => absent,
+    require => File['/etc/apt/sources.list.d/php.list'],
+  }
+
+  # The needed apache modules
+  apache::module { 'php5.6':
+    ensure  => present,
+    require => Package['libapache2-mod-php5.6'],
+  }
+
+  # Default alternative
+  file { "/etc/alternatives/php":
+    ensure  => "/usr/bin/php5.6",
+    owner   => root,
+    group   => root,
+    require => Package['php5'],
+  }
+}
diff --git a/manifests/series5/packages/ppa.pp b/manifests/series5/packages/ppa.pp
new file mode 100644
index 0000000..f821ab4
--- /dev/null
+++ b/manifests/series5/packages/ppa.pp
@@ -0,0 +1,55 @@
+class php::series5::packages::ppa {
+  #package { 'python-software-properties':
+  #  ensure => present,
+  #}
+
+  ## TODO: check repository key!
+  #exec { 'add-apt-repository-ondrej-php':
+  #  command => '/usr/bin/add-apt-repository -y ppa:ondrej/php && apt-get update',
+  #  user    => 'root',
+  #  creates => '/etc/apt/sources.list.d/ondrej-ubuntu-php-xenial.list',
+  #  require => Package['python-software-properties'],
+  #}
+
+  # The needed packages: we could also try libapache2-mod-php5.6filter
+  package { 'php5':
+    name    => 'php5.6',
+    #require => Exec['add-apt-repository-ondrej-php'],
+  }
+
+  package { 'php5-cli':
+    name    => 'php5.6-cli',
+    #require => Exec['add-apt-repository-ondrej-php'],
+  }
+
+  package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]:
+    ensure  => installed,
+    #require => Exec['add-apt-repository-ondrej-php'],
+  }
+
+  # Optional packages
+  package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]:
+    ensure  => installed,
+    #require => Exec['add-apt-repository-ondrej-php'],
+  }
+
+  # Not available anymore
+  package { 'php5.6-suhosin':
+    ensure  => absent,
+    #require => Exec['add-apt-repository-ondrej-php'],
+  }
+
+  # The needed apache modules
+  apache::module { 'php5.6':
+    ensure  => present,
+    require => Package['libapache2-mod-php5.6'],
+  }
+
+  # Default alternative
+  file { "/etc/alternatives/php":
+    ensure  => "/usr/bin/php5.6",
+    owner   => root,
+    group   => root,
+    require => Package['php5'],
+  }
+}
-- 
cgit v1.2.3