From 8c72a7de8e28f9da9f32c72d73c86618b66d95d0 Mon Sep 17 00:00:00 2001
From: Eric Morino <emorino+git@evolix.fr>
Date: Thu, 24 Aug 2023 15:23:32 +0200
Subject: [PATCH] New container lcx php82 in bookworm

---
 lxc-php/defaults/main.yml                     |  2 +-
 lxc-php/tasks/php82.yml                       | 63 ++++---------------
 lxc-php/templates/bookworm_basics.sources.j2  |  8 +++
 .../templates/bookworm_security.sources.j2    |  8 +++
 4 files changed, 30 insertions(+), 51 deletions(-)
 create mode 100644 lxc-php/templates/bookworm_basics.sources.j2
 create mode 100644 lxc-php/templates/bookworm_security.sources.j2

diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml
index 17af05cf..578cfd2b 100644
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@@ -21,7 +21,7 @@ lxc_php_container_releases:
   php74: "bullseye"
   php80: "bullseye"
   php81: "bullseye"
-  php82: "bullseye"
+  php82: "bookworm"
 
 lxc_php_services:
   php56: 'php5-fpm.service'
diff --git a/lxc-php/tasks/php82.yml b/lxc-php/tasks/php82.yml
index acb47f76..c0f623c3 100644
--- a/lxc-php/tasks/php82.yml
+++ b/lxc-php/tasks/php82.yml
@@ -1,46 +1,23 @@
 ---
 
-- name: set APT keyring (Debian <12)
-  ansible.builtin.set_fact:
-    lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
-  when: ansible_distribution_major_version is version('12', '<')
-
-- name: set APT keyring (Debian >=12)
-  ansible.builtin.set_fact:
-    lxc_apt_keyring_dir: /etc/apt/keyrings
-  when: ansible_distribution_major_version is version('12', '>=')
-
-- name: "{{ lxc_php_version }} - Install dependency packages"
+- name: "{{ lxc_php_version }} - Install PHP packages"
   community.general.lxc_container:
     name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
 
-- name: "{{ lxc_php_version }} - fix bullseye repository"
-  ansible.builtin.replace:
-    dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
-    regexp: 'bullseye/updates'
-    replace: 'bullseye-security'
-
-- name: "{{ lxc_php_version }} - Add sury repo (Debian >=12)"
+- name: "{{ lxc_php_version }} - system bookworm repository"
   ansible.builtin.template:
-    src: sury.sources.j2
-    dest: /etc/apt/sources.list.d/sury.sources
-    mode: "0644"
+    src: bookworm_basics.sources.j2
+    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
+    force: true
+    mode: "0644"
+
+- name: "{{ lxc_php_version }} - security bookworm repository"
+  ansible.builtin.template:
+    src: bookworm_security.sources.j2
+    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
     force: true
-  register: sury_sources
-  when: ansible_distribution_major_version is version('12', '>=')
-
-- name: "{{ lxc_php_version }} - Add sury repo (Debian <12)"
-  ansible.builtin.lineinfile:
-    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
-    line: "{{ item }}"
-    state: present
-    create: yes
     mode: "0644"
-  loop:
-    - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
-    - "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php82 main"
-  when: ansible_distribution_major_version is version('12', '<')
 
 - name: "Ensure {{ lxc_rootfs }}{{ apt_keyring_dir }} directory exists"
   file:
@@ -53,16 +30,7 @@
 - name: copy pub.evolix.org GPG key
   ansible.builtin.copy:
     src: pub_evolix.asc
-    dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/pub_evolix.asc
-    mode: "0644"
-    owner: root
-    group: root
-  when: ansible_distribution_major_version is version('12', '<')
-
-- name: copy packages.sury.org GPG Key
-  ansible.builtin.copy:
-    src: sury.gpg
-    dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
+    dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc"
     mode: "0644"
     owner: root
     group: root
@@ -72,11 +40,6 @@
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt update"
 
-- name: "{{ lxc_php_version }} - Install PHP packages"
-  community.general.lxc_container:
-    name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
-
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
diff --git a/lxc-php/templates/bookworm_basics.sources.j2 b/lxc-php/templates/bookworm_basics.sources.j2
new file mode 100644
index 00000000..948c4adf
--- /dev/null
+++ b/lxc-php/templates/bookworm_basics.sources.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: http://mirror.evolix.org/debian
+Suites: bookworm bookworm-updates
+Components: {{ apt_basics_components | mandatory }} 
+Enabled: yes
+Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
diff --git a/lxc-php/templates/bookworm_security.sources.j2 b/lxc-php/templates/bookworm_security.sources.j2
new file mode 100644
index 00000000..07f1345b
--- /dev/null
+++ b/lxc-php/templates/bookworm_security.sources.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: https://security.debian.org/debian-security
+Suites: bookworm-security
+Components: {{ apt_basics_components | mandatory }} 
+Enabled: yes
+Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg
\ No newline at end of file