From c481fc13270a83fad1ddfa7864669ac86d223343 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Fri, 6 Nov 2020 15:47:01 +0100
Subject: [PATCH] nodes/htz.ex42-1048908: add php

---
 bundles/php/files/7.3/fpm.conf | 23 ++++++++
 bundles/php/files/7.3/php.ini  | 99 ++++++++++++++++++++++++++++++++++
 nodes/htz/ex42-1048908.py      | 19 ++++++-
 3 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 bundles/php/files/7.3/fpm.conf
 create mode 100644 bundles/php/files/7.3/php.ini

diff --git a/bundles/php/files/7.3/fpm.conf b/bundles/php/files/7.3/fpm.conf
new file mode 100644
index 0000000..bc745f5
--- /dev/null
+++ b/bundles/php/files/7.3/fpm.conf
@@ -0,0 +1,23 @@
+[global]
+pid=/run/php/php7.4-fpm.pid
+; We're using journal, put logs there
+error_log=/var/log/php7.4-fpm.log
+daemonize=yes
+
+; The one and only worker pool we have
+[www]
+user=www-data
+group=www-data
+listen=/run/php/php7.4-fpm.sock
+listen.owner=www-data
+listen.group=www-data
+listen.mode=0600
+
+; Process Manager Settings
+pm=dynamic
+pm.max_children=${num_cpus*4}
+pm.start_servers=${num_cpus}
+pm.max_spare_servers=${num_cpus*2}
+pm.min_spare_servers=${num_cpus}
+pm.process_idle_timeout=30s
+pm.max_requests=1024
diff --git a/bundles/php/files/7.3/php.ini b/bundles/php/files/7.3/php.ini
new file mode 100644
index 0000000..45b78bf
--- /dev/null
+++ b/bundles/php/files/7.3/php.ini
@@ -0,0 +1,99 @@
+[PHP]
+; Only needed for libapache2-mod-php?
+engine = On
+short_open_tag = Off
+precision = 14
+output_buffering = 4096
+zlib.output_compression = Off
+implicit_flush = Off
+serialize_precision = -1
+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals
+ignore_user_abort = Off
+zend.enable_gc = On
+expose_php = Off
+
+max_execution_time = 30
+max_input_time = 60
+memory_limit = 256M
+
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+html_errors = On
+error_log = syslog
+syslog.ident = php7.4
+syslog.filter = ascii
+
+arg_separator.output = "&amp;"
+variables_order = "GPCS"
+request_order = "GP"
+register_argc_argv = Off
+auto_globals_jit = On
+post_max_size = ${post_max_size}M
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+
+enable_dl = Off
+file_uploads = On
+upload_max_filesize = ${post_max_size}M
+max_file_uploads = 20
+
+allow_url_fopen = On
+allow_url_include = Off
+default_socket_timeout = 10
+
+[CLI Server]
+cli_server.color = On
+
+[mail function]
+mail.add_x_header = Off
+
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[Session]
+session.save_handler = files
+session.use_strict_mode = 0
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.cookie_samesite =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.sid_length = 32
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+session.sid_bits_per_character = 6
+
+[Assertion]
+zend.assertions = -1
diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py
index d9f5700..4984381 100644
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@@ -7,6 +7,7 @@ nodes['htz.ex42-1048908'] = {
         'miniflux',
         'mx-puppet-discord',
         'nodejs',
+        'php',
         'riot-web',
         'postgresql',
         'radicale',
@@ -33,6 +34,8 @@ nodes['htz.ex42-1048908'] = {
         },
         'apt': {
             'packages': {
+                'php-imagick': {},
+
                 # No need to create a bundle just to install packages,
                 # configs will be managed by users nevertheless. Maybe
                 # this will be a FIXME once we start managing backups
@@ -192,7 +195,7 @@ nodes['htz.ex42-1048908'] = {
                 },
                 'postfixadmin.mx0.kunbox.net': {
                     'webroot': '/srv/postfixadmin/public/',
-                    'php': True, # FIXME this assumes php 7.3 is installed and configured already
+                    'php': True,
                 },
                 'rspamd.mx0.kunbox.net': {
                     'proxy': {
@@ -229,6 +232,20 @@ nodes['htz.ex42-1048908'] = {
             },
             'worker_processes': 4,
         },
+        'php': {
+            'version': '7.3',
+            'packages': {
+                'gd',
+                'imap',
+                'intl',
+                'json',
+                'mbstring',
+                'opcache',
+                'pgsql',
+                'readline',
+                'xml',
+            },
+        },
         'radicale': {
             'users': {
                 'kunsi': vault.decrypt('encrypt$gAAAAABfktUcN5dAS1IP0bQr8Qe54F8UCKLWI3RXscI0xE5he1hx-faiR5grtW4p25mvgxJRw_kDs_dmpahpRztcAjnD8uNEOlFcQefqeVCxyJKsPYiVjN6WsRjAHFd7PoES9gcWln1O'),