init

LICENSE

@@ -0,0 +1,15 @@
+autonomic.php: Installs a specific version of PHP
+Copyright (C) 2022  Autonomic Co-operative <helo@autonomic.zone>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.

README.md

@@ -0,0 +1 @@
+# autonomic.php

defaults/main.yml

@@ -0,0 +1,60 @@
+---
+php_ver: 7.3
+
+php_composer_version: "2.0.11"
+php_composer_install: false
+php_composer_update: false
+php_composer_install_file: /tmp/composer-installer.php
+php_composer_checksum: sha384:756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3
+
+php_extensions_default:
+  - { "name": "php{{ php_ver }}-cli", "state": "present" }
+  - { "name": "php{{ php_ver }}-common", "state": "present" }
+  - { "name": "php{{ php_ver }}-curl", "state": "present" }
+  - { "name": "php{{ php_ver }}-dev", "state": "present" }
+  - { "name": "php{{ php_ver }}-fpm", "state": "present" }
+  - { "name": "php{{ php_ver }}-gd", "state": "present" }
+  - { "name": "php{{ php_ver }}-mbstring", "state": "present" }
+  - { "name": "php{{ php_ver }}-mysql", "state": "present" }
+  - { "name": "php{{ php_ver }}-opcache", "state": "present" }
+  - { "name": "php{{ php_ver }}-xml", "state": "present" }
+  - { "name": "php{{ php_ver }}-xmlrpc", "state": "present" }
+  - { "name": "php{{ php_ver }}-zip", "state": "present" }
+
+php_extensions_custom: []
+
+php_extensions: "{{ php_extensions_default + php_extensions_custom }}"
+
+php_short_open_tag: "Off"
+php_output_buffering: 4096
+php_disable_functions: >
+  pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,
+  pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,
+  pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,
+  pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,
+  pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,
+  pcntl_setpriority,pcntl_async_signals
+php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT"
+php_log_errors: "Off"
+php_error_log: ""
+php_display_errors: "Off"
+php_display_startup_errors: "Off"
+php_max_execution_time: 30
+php_max_input_time: 300
+php_max_input_vars: 1000
+php_memory_limit: 128M
+php_mysqlnd_collect_memory_statistics: "Off"
+php_post_max_size: 25M
+php_session_cookie_httponly: "On"
+php_session_cookie_secure: "Off"
+php_upload_max_filesize: 25M
+php_track_errors: "Off"
+php_timezone: '{{ ntp_timezone | default("Etc/UTC") }}'
+
+php_opcache_enable: 1
+php_opcache_enable_cli: 1
+php_opcache_fast_shutdown: 1
+php_opcache_interned_strings_buffer: 8
+php_opcache_max_accelerated_files: 4000
+php_opcache_memory_consumption: 128
+php_opcache_revalidate_freq: 60

handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Reload php-fpm
+  service:
+    name: "php{{ php_ver }}-fpm"
+    state: reloaded

meta/main.yml

@@ -0,0 +1,16 @@
+---
+
+dependencies: []
+
+galaxy_info:
+  author: autonomic
+  description: |
+    Installs a specific version of PHP using the popular and reliable
+    deb.sury.org repositories. See https://deb.sury.org/ for more.
+  company: Autonomic
+  license: GPLv3
+  min_ansible_version: 2.8
+  platforms:
+    - name: Debian
+      versions:
+        - stretch

molecule/default/converge.yml

@@ -0,0 +1,11 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    - php_ver: "7.3"
+    - php_debian_distro: buster
+    - php_composer_install: true
+  tasks:
+    - name: "Include autonomic.php"
+      include_role:
+        name: "autonomic.php"

molecule/default/molecule.yml

@@ -0,0 +1,15 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: hetznercloud
+platforms:
+  - name: "autonomic.php-${INSTANCE_UUID}"
+    server_type: "cx11"
+    image: "debian-10"
+provisioner:
+  name: ansible
+lint: |
+  set -e
+  yamllint -c ../../.yamllint.yml .
+  ansible-lint -c ../../.ansible-lint.yml .

tasks/composer.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Check if Composer is installed
+  tags: composer
+  stat:
+    path: /usr/local/bin/composer
+  register: composer_bin
+
+- block:
+    - name: Download Composer into tmp directory
+      get_url:
+        url: https://getcomposer.org/installer
+        dest: "{{ php_composer_install_file }}"
+        checksum: "{{ php_composer_checksum }}"
+
+    - name: Run Composer installer
+      command: "
+        php {{ php_composer_install_file }}
+        --install-dir=/usr/local/bin
+        --filename=composer
+        --version={{ php_composer_version }}
+      "
+
+    - name: Delete composer installer
+      file:
+        path: "{{ php_composer_install_file }}"
+        state: absent
+  tags: composer
+  when: not composer_bin.stat.exists
+
+- name: Update composer if necessary
+  tags: composer
+  shell: composer selfupdate
+  register: composer_update_output
+  changed_when: "'Updating to version' in composer_update_output.stdout"
+  when: php_composer_update | bool

tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- import_tasks: php.yml
+
+- import_tasks: composer.yml
+  when: php_composer_install | bool
+  tags: php-composer

tasks/php.yml

@@ -0,0 +1,43 @@
+---
+
+- name: Install APT HTTPS support
+  package:
+    name: apt-transport-https
+    state: present
+
+- name: Install signed GPG key for sury.org PHP packages
+  apt_key:
+    url: https://packages.sury.org/php/apt.gpg
+    id: 15058500A0235D97F5D10063B188E2B695BD4743
+    state: present
+
+- name: Install APT repository for sury.org PHP packages
+  apt_repository:
+    repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
+    state: present
+
+- name: Refresh the APT cache
+  apt:
+    update_cache: true
+  retries: 3
+  delay: 10
+  tags:
+    - molecule-idempotence-notest
+
+- name: "Install PHP {{ php_ver }}"
+  apt:
+    name: "{{ item.name }}"
+    state: "{{ item.state }}"
+  with_items: "{{ php_extensions }}"
+
+- name: "Start php{{ php_ver }}-fpm service"
+  service:
+    name: "php{{ php_ver }}-fpm"
+    state: started
+    enabled: true
+
+- name: Install PHP configuration file
+  template:
+    src: php.ini.j2
+    dest: "/etc/php/{{ php_ver }}/fpm/php.ini"
+  notify: Reload php-fpm

templates/php.ini.j2

@@ -0,0 +1,42 @@
+; {{ ansible_managed }}
+
+[PHP]
+short_open_tag = {{ php_short_open_tag }}
+output_buffering = {{ php_output_buffering }}
+disable_functions = {{ php_disable_functions }}
+expose_php = Off
+max_execution_time = {{ php_max_execution_time }}
+max_input_time = {{ php_max_input_time }}
+max_input_vars = {{ php_max_input_vars }}
+memory_limit = {{ php_memory_limit }}
+error_reporting = {{ php_error_reporting }}
+display_errors = {{ php_display_errors }}
+display_startup_errors = {{ php_display_startup_errors }}
+log_errors = {{ php_log_errors }}
+log_errors_max_len = 1024
+error_log = {{ php_error_log }}
+track_errors = {{ php_track_errors }}
+variables_order = "GPCS"
+request_order = "GP"
+register_argc_argv = Off
+post_max_size = {{ php_post_max_size }}
+enable_dl = Off
+upload_max_filesize = {{ php_upload_max_filesize }}
+session.cookie_httponly = {{ php_session_cookie_httponly }}
+session.cookie_secure = {{ php_session_cookie_secure }}
+date.timezone = {{ php_timezone }}
+{% if php_sendmail_path is defined %}
+sendmail_path = {{ php_sendmail_path }}
+{% endif %}
+
+[mysqlnd]
+mysqlnd.collect_memory_statistics = {{ php_mysqlnd_collect_memory_statistics }}
+
+[opcache]
+opcache.enable = {{ php_opcache_enable }}
+opcache.enable_cli = {{ php_opcache_enable_cli }}
+opcache.memory_consumption = {{ php_opcache_memory_consumption }}
+opcache.interned_strings_buffer = {{ php_opcache_interned_strings_buffer }}
+opcache.max_accelerated_files = {{ php_opcache_max_accelerated_files }}
+opcache.revalidate_freq = {{ php_opcache_revalidate_freq }}
+opcache.fast_shutdown = {{ php_opcache_fast_shutdown }}