-define php::config($order = '20', $value, $ensure = 'present', $sapi = 'apache2') {
- file { "${::php::folder}/${sapi}/conf.d/${order}-${name}.ini":
+define php::config($series = '5', $order = '20', $value, $ensure = 'present', $sapi = 'apache2') {
+ if $series == '5' {
+ $folder = $::php::series5::folder
+ }
+ else {
+ $folder = $::php::series7::folder
+ }
+
+ file { "${folder}/${sapi}/conf.d/${order}-${name}.ini":
ensure => $ensure,
owner => root,
group => root,
mode => '0644',
content => "${name}=${value}\n",
- require => File["${::php::folder}/${sapi}/conf.d"],
+ require => File["${folder}/${sapi}/conf.d"],
notify => $sapi ? {
'apache2' => Service['apache2'],
default => undef,
+++ /dev/null
-class php::ffmpeg {
- package { 'php-ffmpeg':
- ensure => present,
- }
-}
-class php::imap inherits php {
- package { 'php5-imap':
+class php::imap {
+ $pack = $::php::series ? {
+ '5' => 'php5-imap',
+ default => 'php-imap',
+ }
+
+ package { "${pack"}:
ensure => installed,
}
}
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-class php($hardened = true) {
- case $::lsbdistcodename {
- 'xenial': {
- include php::packages::ppa
- }
- 'stretch': {
- include php::packages::dpa
- }
- default: {
- include php::packages::default
- }
- }
-
- $folder = $::lsbdistcodename ? {
- 'xenial' => '/etc/php/5.6',
- 'stretch' => '/etc/php/5.6',
- default => '/etc/php5',
- }
-
- file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
- ensure => directory,
- owner => root,
- group => root,
- mode => '0755',
- require => Package['php5'],
- }
-
- #file { "${folder}/cli/php.ini":
- # ensure => present,
- # owner => root,
- # group => root,
- # mode => '0644',
- # source => [ "puppet:///modules/site_php/cli/${::fqdn}/php.ini",
- # "puppet:///modules/site_php/cli/${::domain}/php.ini",
- # "puppet:///modules/php/cli/php.${::operatingsystem}_${::lsbdistcodename}.ini",
- # "puppet:///modules/php/cli/php.${::operatingsystem}.ini",
- # "puppet:///modules/php/cli/php.ini" ],
- # require => [ Package['php5'], File["${folder}/cli"] ],
- #}
-
- #file { "${folder}/apache2/php.ini":
- # ensure => present,
- # owner => root,
- # group => root,
- # mode => '0644',
- # source => [ "puppet:///modules/site_php/apache2/${::fqdn}/php.ini",
- # "puppet:///modules/site_php/apache2/${::domain}/php.ini",
- # "puppet:///modules/php/apache2/php.${::operatingsystem}_${::lsbdistcodename}.ini",
- # "puppet:///modules/php/apache2/php.${::operatingsystem}.ini",
- # "puppet:///modules/php/apache2/php.ini" ],
- # notify => Service['apache2'],
- # require => [ Package['php5'], File["${folder}/apache2"] ],
- #}
-
- include php::resources
- include php::defaults
-
- if $hardened == true {
- include php::hardened
+class php(
+ $series = '5',
+ $hardened = true,
+){
+ class { "php::series${series}":
+ hardened => $hardened,
}
}
--- /dev/null
+class php::series5($hardened = true) {
+ case $::lsbdistcodename {
+ 'xenial': {
+ include php::series5::packages::ppa
+ }
+ 'stretch': {
+ include php::series5::packages::dpa
+ }
+ default: {
+ include php::series5::packages::default
+ }
+ }
+
+ $folder = $::lsbdistcodename ? {
+ 'xenial' => '/etc/php/5.6',
+ 'stretch' => '/etc/php/5.6',
+ default => '/etc/php5',
+ }
+
+ file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => '0755',
+ require => Package['php5'],
+ }
+
+ #file { "${folder}/cli/php.ini":
+ # ensure => present,
+ # owner => root,
+ # group => root,
+ # mode => '0644',
+ # source => [ "puppet:///modules/site_php/cli/${::fqdn}/php.ini",
+ # "puppet:///modules/site_php/cli/${::domain}/php.ini",
+ # "puppet:///modules/php/cli/php.${::operatingsystem}_${::lsbdistcodename}.ini",
+ # "puppet:///modules/php/cli/php.${::operatingsystem}.ini",
+ # "puppet:///modules/php/cli/php.ini" ],
+ # require => [ Package['php5'], File["${folder}/cli"] ],
+ #}
+
+ #file { "${folder}/apache2/php.ini":
+ # ensure => present,
+ # owner => root,
+ # group => root,
+ # mode => '0644',
+ # source => [ "puppet:///modules/site_php/apache2/${::fqdn}/php.ini",
+ # "puppet:///modules/site_php/apache2/${::domain}/php.ini",
+ # "puppet:///modules/php/apache2/php.${::operatingsystem}_${::lsbdistcodename}.ini",
+ # "puppet:///modules/php/apache2/php.${::operatingsystem}.ini",
+ # "puppet:///modules/php/apache2/php.ini" ],
+ # notify => Service['apache2'],
+ # require => [ Package['php5'], File["${folder}/apache2"] ],
+ #}
+
+ include php::resources
+ include php::series5::defaults
+
+ if $hardened == true {
+ include php::series5::hardened
+ }
+}
-class php::defaults {
+class php::series5::defaults {
php::config {
'error_reporting' : value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
'post_max_size' : value => '100M';
-class php::hardened {
+class php::series5::hardened {
php::config {
'allow_url_fopen' : value => 'Off';
'allow_url_include' : value => 'Off';
-class php::packages::default {
+class php::series5::packages::default {
# The needed packages: we could also try libapache2-mod-php5filter
package { [ 'php5', 'php5-mysql', 'php5-sqlite', 'php5-cli', 'php5-curl', 'php5-gmp', 'libapache2-mod-php5' ]:
ensure => installed,
-class php::packages::dpa {
+class php::series5::packages::dpa {
file { '/etc/apt/trusted.gpg.d/deb.sury.org-php.gpg':
ensure => present,
owner => "root",
-class php::packages::ppa {
+class php::series5::packages::ppa {
#package { 'python-software-properties':
# ensure => present,
#}
--- /dev/null
+class php::series7($hardened = true) {
+ $folder = '/etc/php/7.0'
+
+ package { [ 'php', 'php-mysql', 'php-sqlite3', 'php-cli', 'php-curl', 'php-gmp', 'libapache2-mod-php7.0' ]:
+ ensure => installed,
+ }
+
+ # Optional packages
+ package { [ "php-gd", "php-imagick" ]:
+ ensure => installed,
+ }
+
+ # The needed apache modules
+ #apache::module { 'php':
+ # ensure => present,
+ # require => Package['libapache2-mod-php7.0'],
+ #}
+
+ include php::resources
+ include php::series7::defaults
+
+ if $hardened == true {
+ include php::series7::hardened
+ }
+}
--- /dev/null
+class php::series7::defaults {
+ php::config {
+ 'error_reporting' : series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size' : series => '7', value => '100M';
+ 'upload_max_filesize' : series => '7', value => '100M';
+ }
+}
--- /dev/null
+class php::series7::hardened {
+ php::config {
+ 'allow_url_fopen' : series => '7', value => 'Off';
+ 'allow_url_include' : series => '7', value => 'Off';
+ 'disable_functions' : series => '7', value => 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec';
+ #series => '7', value => 'disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+ }
+}
projects / puppet-php.git / commitdiff