From 3dc5962627e9f592403122028e97411d9642f139 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 31 Oct 2020 13:01:15 +0100
Subject: [PATCH] nodes/htz-cloud.luther: add needed config and packages for
 drupal

---
 .../files/extras/htz-cloud.luther/luther-ps   | 47 +++++++++++++++++++
 nodes/htz-cloud/luther.py                     | 22 +++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 data/nginx/files/extras/htz-cloud.luther/luther-ps

diff --git a/data/nginx/files/extras/htz-cloud.luther/luther-ps b/data/nginx/files/extras/htz-cloud.luther/luther-ps
new file mode 100644
index 0000000..6cba438
--- /dev/null
+++ b/data/nginx/files/extras/htz-cloud.luther/luther-ps
@@ -0,0 +1,47 @@
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+
+    location ~ (^|/)\. {
+        return 403;
+    }
+
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location @rewrite {
+        rewrite ^ /index.php;
+    }
+
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }
+
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+        try_files $uri @rewrite;
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ ^/sites/.*/files/styles/ {
+        try_files $uri @rewrite;
+    }
+
+    location ~ ^(/[a-z\-]+)?/system/files/ {
+        try_files $uri /index.php?$query_string;
+    }
+
+    if ($request_uri ~* "^(.*/)index\.php/(.*)") {
+        return 307 $1$2;
+    }
diff --git a/nodes/htz-cloud/luther.py b/nodes/htz-cloud/luther.py
index 5229872..bed9b1c 100644
--- a/nodes/htz-cloud/luther.py
+++ b/nodes/htz-cloud/luther.py
@@ -1,5 +1,6 @@
 nodes['htz-cloud.luther'] = {
     'bundles': {
+        'php',
         'postgresql',
         'zfs',
     },
@@ -19,14 +20,35 @@ nodes['htz-cloud.luther'] = {
                 'gateway6': 'fe80::1',
             },
         },
+        'apt': {
+            'packages': {
+                'php-apcu': {},
+                'php-uploadprogress': {},
+            },
+        },
+        'cron': {
+            'luther-ps': vault.decrypt('encrypt$gAAAAABfnUqTXXpUYCA2DxllTKgbKg6YguCBbguJ0rerFGi9UNxEuTO6eqReqraS9FzNmLl81S_20bYwXM5W8pNwV5I5i6BVz1M37TxdsMCAxMG-9G0ZHFXeE4K5a4MWxuyYkrVPtK_hNFOciwxDDwPYT8tH_Jahdqmr8fZcCcsICzsSOxycn89VEm2ODnfH24Azrj6mVq5cPMc_xkdWnn-dSMCvPXpjjg==').format_into('*/10 * * * *    www-data    /usr/bin/curl -s {}'),
+        },
         'nginx': {
             'vhosts': {
                 'luther-ps': {
                     'domain': 'luther-ps.kunsmann.eu',
                     'php': True,
+                    'extras': True,
                 },
             },
         },
+        'php': {
+            'version': '7.4',
+            'packages': {
+                'curl',
+                'gd',
+                'json',
+                'mbstring',
+                'pgsql',
+                'xml',
+            },
+        },
         'postgresql': {
             'users': {
                 'luther-ps': {