From 9b80db377269e1d8609174be7ff4f8887397901a Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 14 Nov 2019 15:44:40 +0100
Subject: [PATCH 01/21] lxc: Don't stop the container if it already exists

---
 CHANGELOG.md                   | 1 +
 lxc/tasks/create-container.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 20bbf06e..8a8866d3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -90,6 +90,7 @@ The **patch** part changes incrementally at each release.
 ### Fixed
 * etc-git: fix warnings ansible-lint
 * evoadmin-web: Put the php config at the right place for Buster
+* lxc: Don't stop the container if it already exists
 * lxc-php: Don't remove the default pool
 * minifirewall: fix warnings ansible-lint
 * nginx: fix munin fcgi not working (missing chmod 660 on logs)
diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml
index 8c4fbe0c..7b47768f 100644
--- a/lxc/tasks/create-container.yml
+++ b/lxc/tasks/create-container.yml
@@ -11,6 +11,7 @@
     template: debian
     state: stopped
     template_options: "--arch amd64 --release {{release}}"
+  when: container_exists.stdout_lines == []
 
 - name: "Disable network configuration inside container {{ name }}"
   replace:

From 8ef94a97989113196b28609e7296ebee6eac95c1 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 14 Nov 2019 16:28:09 +0100
Subject: [PATCH 02/21] lxc: Allow this role to be called multiple times

---
 lxc/meta/main.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 lxc/meta/main.yml

diff --git a/lxc/meta/main.yml b/lxc/meta/main.yml
new file mode 100644
index 00000000..f6af051d
--- /dev/null
+++ b/lxc/meta/main.yml
@@ -0,0 +1,17 @@
+galaxy_info:
+  author: Evolix
+  description: Creation of LXC Containers 
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - stretch
+    - buster
+
+allow_duplicates: yes

From e6f2bbb3312af67a13b4dcc932d002551dfd3d0d Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 14 Nov 2019 16:36:44 +0100
Subject: [PATCH 03/21] lxc-php: An almost complete rewrite ** BREAKING **

This is a breaking change as lxc-php should now be called for *each* php
containers we want, with the correct lxc_php_version variable.

Current valid values are :
- php56
- php70
- php73

Other changes includes :
- LXC Containers are created by calling lxc as a dependency of the role.
- Relying on lxc_container module to do commands into the container
(instead of the command module)
- PHP 7.3 container is now a Debian Buster container
- All containers will have opensmtpd to relay emails to postfix on the
host system.
---
 lxc-php/defaults/main.yml       |  7 +++++++
 lxc-php/handlers/main.yml       | 21 ++++++++++++++++-----
 lxc-php/meta/main.yml           | 23 +++++++++++++++++++++++
 lxc-php/tasks/main.yml          | 25 ++++++++++++++-----------
 lxc-php/tasks/misc.yml          | 30 ++++++++++++++++--------------
 lxc-php/tasks/php56.yml         | 14 ++++++++------
 lxc-php/tasks/php70.yml         | 14 ++++++++------
 lxc-php/tasks/php73.yml         | 29 ++++++++---------------------
 lxc-php/templates/smtpd.conf.j2 | 14 ++++++++++++++
 9 files changed, 114 insertions(+), 63 deletions(-)
 create mode 100644 lxc-php/meta/main.yml
 create mode 100644 lxc-php/templates/smtpd.conf.j2

diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml
index 24342068..ef564b2a 100644
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@@ -6,3 +6,10 @@ php_conf_log_errors: "On"
 php_conf_html_errors: "Off"
 php_conf_allow_url_fopen: "Off"
 php_conf_disable_functions: "exec,shell-exec,system,passthru,putenv,popen"
+
+lxc_php_version: Null
+
+lxc_php_container_releases:
+  php56: "jessie"
+  php70: "stretch"
+  php73: "buster"
diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml
index 365179ea..29ace623 100644
--- a/lxc-php/handlers/main.yml
+++ b/lxc-php/handlers/main.yml
@@ -1,9 +1,20 @@
 ---
-- name: Reload php56-fpm
-  command: "lxc-attach -n php56 -- systemctl reload php5-fpm"
+- name: Reload php73-fpm
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php7.3-fpm"
 
 - name: Reload php70-fpm
-  command: "lxc-attach -n php70 -- systemctl reload php7.0-fpm"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php7.0-fpm"
 
-- name: Reload php73-fpm
-  command: "lxc-attach -n php73 -- systemctl reload php7.3-fpm"
+- name: Reload php70-fpm
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php5-fpm"
+
+- name: Restart opensmtpd
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl restart opensmtpd"
diff --git a/lxc-php/meta/main.yml b/lxc-php/meta/main.yml
new file mode 100644
index 00000000..7a04f85d
--- /dev/null
+++ b/lxc-php/meta/main.yml
@@ -0,0 +1,23 @@
+galaxy_info:
+  author: Evolix
+  description: Creation of LXC Containers & Setting up PHP-FPM for a multiphp setup
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - stretch
+    - buster
+
+allow_duplicates: yes
+
+dependencies:
+  - { role: lxc,
+      lxc_containers: [ { name: "{{ lxc_php_version }}", release: "{{ lxc_php_container_releases[lxc_php_version] }}" } ],
+      when: lxc_php_version is defined
+    }
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
index 8fb9f0a9..cc0bf11a 100644
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@@ -1,24 +1,27 @@
 ---
+<<<<<<< HEAD
 - name: LXC configuration      
   include_role:
     name: evolix/lxc
+=======
+- name: "Ensure that lxc_php_version is defined"
+  fail:
+    msg: Please configure var lxc_php_version
+  when: lxc_php_version is none
+>>>>>>> lxc-php: An almost complete rewrite ** BREAKING **
 
-- name: Update APT cache
-  command: "lxc-attach -n {{name}} -- apt-get update"
+- name: "Update APT cache in container {{lxc_php_version}}"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "apt-get update"
 
 - include: "php56.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php56"
+  when: lxc_php_version == "php56"
 
 - include: "php70.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php70"
+  when: lxc_php_version == "php70"
 
 - include: "php73.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php73"
+  when: lxc_php_version == "php73"
 
 - include: "misc.yml"
diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml
index fb4e5f2a..cfa78db0 100644
--- a/lxc-php/tasks/misc.yml
+++ b/lxc-php/tasks/misc.yml
@@ -1,24 +1,26 @@
 ---
 
-- name: Configure ssmtp
-  replace:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf"
-    regexp: "{{ item.regexp }}"
-    replace: "{{ item.replace }}"
-  with_dict:
-    - { regexp: "^mailhub=.*$", replace: "mailhub=127.0.0.1"}
-    - { regexp: "^#FromLineOverride=.*$", replace: "FromLineOverride=YES"}
-    - { regexp: "^hostname=.*", replace: "hostname={{ansible_fqdn}}"}
+- name: Configure opensmtpd
+  template:
+    src: smtpd.conf.j2
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf"
+    mode: "0644"
+  notify: "Restart opensmtpd"
+
+- name: Copy using inline content
+  copy:
+    content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname"
+  notify: "Restart opensmtpd"
 
 - name: Configure timezone
   copy:
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/timezone"
-    content: "Europe/Paris\n"
+    remote_src: yes
+    src: "/etc/timezone"
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone"
 
 - name: Ensure containers root directory is 755
   file:
-    path: "/var/lib/lxc/{{ item.name }}/rootfs"
+    path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
     state: directory
     mode: '0755'
-  with_items:
-    - "{{ lxc_containers }}"
diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml
index ab7595ae..d3e8556a 100644
--- a/lxc-php/tasks/php56.yml
+++ b/lxc-php/tasks/php56.yml
@@ -1,16 +1,18 @@
 ---
 
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 php5-zip php5-mbstring libphp-phpmailer opensmtpd git zip unzip"
 
-- name: Copy evolinux PHP 5.6 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml
index 1f5eb181..932758f2 100644
--- a/lxc-php/tasks/php70.yml
+++ b/lxc-php/tasks/php70.yml
@@ -1,16 +1,18 @@
 ---
 
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer ssmtp git zip unzip php-zip"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip"
 
-- name: Copy evolinux PHP 7.0 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml
index ac0007d8..ac6a9fea 100644
--- a/lxc-php/tasks/php73.yml
+++ b/lxc-php/tasks/php73.yml
@@ -1,31 +1,18 @@
 ---
 
-- name: Install requirements for sury repository
-  command: "lxc-attach -n {{name}} -- apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip"
 
-- name: Add sury APT repository
-  copy:
-    content: "deb https://packages.sury.org/php/ stretch main"
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/apt/sources.list.d/sury.list"
-    mode: "0644"
-
-- name: Add sury GPG key
-  shell: "wget -O- https://packages.sury.org/php/apt.gpg |lxc-attach -n {{name}} -- apt-key add -"
-
-- name: Update APT cache
-  command: "lxc-attach -n {{name}} -- apt-get update"
-
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip"
-
-- name: Copy evolinux PHP 7.3 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
diff --git a/lxc-php/templates/smtpd.conf.j2 b/lxc-php/templates/smtpd.conf.j2
new file mode 100644
index 00000000..8458d4b4
--- /dev/null
+++ b/lxc-php/templates/smtpd.conf.j2
@@ -0,0 +1,14 @@
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+# To accept external mail, replace with: listen on all
+#listen on localhost
+
+# If you edit the file, you have to run "smtpctl update table aliases"
+table aliases file:/etc/aliases
+
+# Uncomment the following to accept external mail for domain "example.org"
+#accept from any for domain "example.org" alias <aliases> deliver to mbox
+
+accept for local alias <aliases> deliver to mbox
+accept for any relay via "smtp://127.0.0.1"

From 0f416388105db5b9b923a29a9b216df53f2f7585 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 14 Nov 2019 17:15:38 +0100
Subject: [PATCH 04/21] webapps/evoadmin-web: Replace evoadmin_multi_php (bool)
 by evoadmin_multiphp_versions (list) ** breaking **

Instead of having evoadmin_multi_php as a boolean, and outputing all
versions possible PHP version in evoadmin, we now have
evoadmin_multiphp_versions.

It's supposed to be a
---
 webapps/evoadmin-web/defaults/main.yml             | 2 +-
 webapps/evoadmin-web/templates/config.local.php.j2 | 6 ++++--
 webapps/evoadmin-web/templates/web-add.conf.j2     | 5 +++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/webapps/evoadmin-web/defaults/main.yml b/webapps/evoadmin-web/defaults/main.yml
index 2d174718..5b28a67c 100644
--- a/webapps/evoadmin-web/defaults/main.yml
+++ b/webapps/evoadmin-web/defaults/main.yml
@@ -10,7 +10,7 @@ evoadmin_scripts_dir: /usr/share/scripts/evoadmin
 evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
 evoadmin_username: evoadmin
 
-evoadmin_multi_php: False
+evoadmin_multiphp_versions: []
 evoadmin_enable_vhost: True
 
 evoadmin_force_vhost: False
diff --git a/webapps/evoadmin-web/templates/config.local.php.j2 b/webapps/evoadmin-web/templates/config.local.php.j2
index 6be9ffca..dceddbda 100644
--- a/webapps/evoadmin-web/templates/config.local.php.j2
+++ b/webapps/evoadmin-web/templates/config.local.php.j2
@@ -7,9 +7,11 @@ $localconf['superadmin'] = array();
 $localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
 $localconf['cluster'] = FALSE;
 // auth (sha256 hashs) / echo -n YourPass | sha256sum
+
 $oriconf['logins'] = array();
 //$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
 //$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
-{% if evoadmin_multi_php %}
-$localconf['php_versions'] = array(56, 70, 73);
+
+{% if evoadmin_multiphp_versions != [] %}
+$localconf['php_versions'] = array( {{ evoadmin_multiphp_versions.join(', ') | replace('php', '') }} );
 {% endif %}
diff --git a/webapps/evoadmin-web/templates/web-add.conf.j2 b/webapps/evoadmin-web/templates/web-add.conf.j2
index 04335c13..a5f76b25 100644
--- a/webapps/evoadmin-web/templates/web-add.conf.j2
+++ b/webapps/evoadmin-web/templates/web-add.conf.j2
@@ -1,5 +1,6 @@
 CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
 WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
-{% if evoadmin_multi_php %}
-PHP_VERSIONS=(56 70 73)
+
+{% if evoadmin_multiphp_versions != [] %}
+PHP_VERSIONS={{ evoadmin_multiphp_versions.join(' ') | replace('php', '') }} );
 {% endif %}

From 9c420eec4fa57c8c8ce5f3732e634ac37110c077 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 14 Nov 2019 17:25:59 +0100
Subject: [PATCH 05/21] packweb-apache: Automagically bootstrap the multiphp
 containers

Introducing a new variable `packweb_multiphp_versions: []`.
While set empty, packweb-apache will setup a regular packweb.
When filled with PHP Versions, it will handle :
- LXC Container setup and config (as a dependencie of lxc-php role)
- Ensure evoadmin-web will set the rights versions in the config files
  by setting evoadmin_multiphp_versions

Exemple value :  `packweb_multiphp_versions: ['php70', 'php73']`
That will call lxc-php to create both PHP 7.0 and PHP 7.3 containers.
---
 packweb-apache/defaults/main.yml | 2 ++
 packweb-apache/meta/main.yml     | 8 +++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/packweb-apache/defaults/main.yml b/packweb-apache/defaults/main.yml
index fa7a701a..0c6b41f7 100644
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@@ -11,3 +11,5 @@ packweb_phpmyadmin_suffix: ""
 packweb_phpmyadmin_suffix_file: "/etc/evolinux/phpmyadmin_suffix"
 
 packweb_mysql_variant: "debian"
+
+packweb_multiphp_versions: []
diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml
index a276c53e..97cf077f 100644
--- a/packweb-apache/meta/main.yml
+++ b/packweb-apache/meta/main.yml
@@ -13,12 +13,18 @@ galaxy_info:
     versions:
     - jessie
     - stretch
+    - buster
+
+allow_duplicates: true
 
 dependencies:
   - { role: evolix/apache }
   - { role: evolix/php, php_apache_enable: True, when: packweb_apache_modphp }
   - { role: evolix/php, php_fpm_enable: True, when: packweb_apache_fpm }
+  - { role: evolix/lxc-php, lxc_php_version: php56, when: "'php56' in packweb_multiphp_versions" }
+  - { role: evolix/lxc-php, lxc_php_version: php70, when: "'php70' in packweb_multiphp_versions" }
+  - { role: evolix/lxc-php, lxc_php_version: php73, when: "'php73' in packweb_multiphp_versions" }
   - { role: evolix/squid, squid_localproxy_enable: True }
   - { role: evolix/mysql,        when: packweb_mysql_variant == "debian" }
   - { role: evolix/mysql-oracle, when: packweb_mysql_variant == "oracle" }
-  - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}" }
+  - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}", evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}" }

From 47b263e4116683b4a0d13fde60288e08c8699dcc Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 3 Dec 2019 15:07:57 +0100
Subject: [PATCH 06/21] lxc-php: fix php56-fpm handler name

---
 lxc-php/handlers/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml
index 29ace623..06953b4f 100644
--- a/lxc-php/handlers/main.yml
+++ b/lxc-php/handlers/main.yml
@@ -9,7 +9,7 @@
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php7.0-fpm"
 
-- name: Reload php70-fpm
+- name: Reload php56-fpm
   lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php5-fpm"

From 3601e802d6d4a42c1a50e281fe48e1d08774b262 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 3 Dec 2019 15:25:23 +0100
Subject: [PATCH 07/21] evoadmin-web: fix typo in join filter

---
 webapps/evoadmin-web/templates/config.local.php.j2 | 2 +-
 webapps/evoadmin-web/templates/web-add.conf.j2     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/webapps/evoadmin-web/templates/config.local.php.j2 b/webapps/evoadmin-web/templates/config.local.php.j2
index dceddbda..d4cd4903 100644
--- a/webapps/evoadmin-web/templates/config.local.php.j2
+++ b/webapps/evoadmin-web/templates/config.local.php.j2
@@ -13,5 +13,5 @@ $oriconf['logins'] = array();
 //$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
 
 {% if evoadmin_multiphp_versions != [] %}
-$localconf['php_versions'] = array( {{ evoadmin_multiphp_versions.join(', ') | replace('php', '') }} );
+$localconf['php_versions'] = array( {{ evoadmin_multiphp_versions | join(', ') | replace('php', '') }} );
 {% endif %}
diff --git a/webapps/evoadmin-web/templates/web-add.conf.j2 b/webapps/evoadmin-web/templates/web-add.conf.j2
index a5f76b25..46d9e28e 100644
--- a/webapps/evoadmin-web/templates/web-add.conf.j2
+++ b/webapps/evoadmin-web/templates/web-add.conf.j2
@@ -2,5 +2,5 @@ CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
 WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
 
 {% if evoadmin_multiphp_versions != [] %}
-PHP_VERSIONS={{ evoadmin_multiphp_versions.join(' ') | replace('php', '') }} );
+PHP_VERSIONS={{ evoadmin_multiphp_versions | join(' ') | replace('php', '') }} );
 {% endif %}

From 84ec361270d78f5bb0dc9c52a3eea3725de00dc3 Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Tue, 10 Dec 2019 16:07:58 +0100
Subject: [PATCH 08/21] evoadmin-web: fix missing bracket in web-add.conf
 template

---
 webapps/evoadmin-web/templates/web-add.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/evoadmin-web/templates/web-add.conf.j2 b/webapps/evoadmin-web/templates/web-add.conf.j2
index 46d9e28e..30b6fb9d 100644
--- a/webapps/evoadmin-web/templates/web-add.conf.j2
+++ b/webapps/evoadmin-web/templates/web-add.conf.j2
@@ -2,5 +2,5 @@ CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
 WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
 
 {% if evoadmin_multiphp_versions != [] %}
-PHP_VERSIONS={{ evoadmin_multiphp_versions | join(' ') | replace('php', '') }} );
+PHP_VERSIONS=({{ evoadmin_multiphp_versions | join(' ') | replace('php', '') }});
 {% endif %}

From 8bc4ff4adaca8bf19dbd5a51bd54bd35d9489bb8 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 26 Feb 2020 16:18:38 +0100
Subject: [PATCH 09/21] lxc-php & webapps/evoadmin-web: Commit missing fixes

---
 lxc-php/meta/main.yml                     | 2 +-
 lxc-php/tasks/main.yml                    | 6 ------
 lxc-php/tasks/php56.yml                   | 2 +-
 webapps/evoadmin-web/tasks/config.yml     | 2 +-
 webapps/evoadmin-web/tasks/user.yml       | 2 +-
 webapps/evoadmin-web/tasks/web.yml        | 2 +-
 webapps/evoadmin-web/templates/sudoers.j2 | 2 +-
 7 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/lxc-php/meta/main.yml b/lxc-php/meta/main.yml
index 7a04f85d..3c965d43 100644
--- a/lxc-php/meta/main.yml
+++ b/lxc-php/meta/main.yml
@@ -17,7 +17,7 @@ galaxy_info:
 allow_duplicates: yes
 
 dependencies:
-  - { role: lxc,
+  - { role: evolix/lxc,
       lxc_containers: [ { name: "{{ lxc_php_version }}", release: "{{ lxc_php_container_releases[lxc_php_version] }}" } ],
       when: lxc_php_version is defined
     }
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
index cc0bf11a..d3fcad4a 100644
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@@ -1,14 +1,8 @@
 ---
-<<<<<<< HEAD
-- name: LXC configuration      
-  include_role:
-    name: evolix/lxc
-=======
 - name: "Ensure that lxc_php_version is defined"
   fail:
     msg: Please configure var lxc_php_version
   when: lxc_php_version is none
->>>>>>> lxc-php: An almost complete rewrite ** BREAKING **
 
 - name: "Update APT cache in container {{lxc_php_version}}"
   lxc_container:
diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml
index d3e8556a..369495df 100644
--- a/lxc-php/tasks/php56.yml
+++ b/lxc-php/tasks/php56.yml
@@ -3,7 +3,7 @@
 - name: "{{ lxc_php_version }} - Install PHP packages"
   lxc_container:
     name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 php5-zip php5-mbstring libphp-phpmailer opensmtpd git zip unzip"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
diff --git a/webapps/evoadmin-web/tasks/config.yml b/webapps/evoadmin-web/tasks/config.yml
index 52a7fcdb..b6384f3b 100644
--- a/webapps/evoadmin-web/tasks/config.yml
+++ b/webapps/evoadmin-web/tasks/config.yml
@@ -35,4 +35,4 @@
     src: phpContainer
     dest: /usr/local/bin/phpContainer
     mode: 0700
-  when: evoadmin_multi_php
+  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/tasks/user.yml b/webapps/evoadmin-web/tasks/user.yml
index 32b0d488..f12a4feb 100644
--- a/webapps/evoadmin-web/tasks/user.yml
+++ b/webapps/evoadmin-web/tasks/user.yml
@@ -121,4 +121,4 @@
   lineinfile:
     dest: /etc/skel/.bashrc
     line: "alias php='sudo /usr/local/bin/phpContainer'"
-  when: evoadmin_multi_php
+  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/tasks/web.yml b/webapps/evoadmin-web/tasks/web.yml
index ef360340..e756fde2 100644
--- a/webapps/evoadmin-web/tasks/web.yml
+++ b/webapps/evoadmin-web/tasks/web.yml
@@ -90,4 +90,4 @@
     state: present
     name: proxy_fcgi
   notify: restart apache2
-  when: evoadmin_multi_php
+  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/templates/sudoers.j2 b/webapps/evoadmin-web/templates/sudoers.j2
index 6a02ed50..9b7cfa54 100644
--- a/webapps/evoadmin-web/templates/sudoers.j2
+++ b/webapps/evoadmin-web/templates/sudoers.j2
@@ -1,7 +1,7 @@
 User_Alias EVOADMIN = www-evoadmin
 Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh, {{ evoadmin_scripts_dir | mandatory }}/dbadmin.sh
 EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
-{% if evoadmin_multi_php %}
+{% if packweb_multiphp_versions is defined %}
 Defaults        env_keep += "LOGNAME PWD"
 ALL ALL = NOPASSWD: /usr/local/bin/phpContainer
 {% endif %}

From a680399608d0665a9315ae8d8f5e5653de2a0fce Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 11 Mar 2020 16:48:55 +0100
Subject: [PATCH 10/21] packweb-apache: Add missing dependency to evoacme role

---
 CHANGELOG.md                 | 1 +
 packweb-apache/meta/main.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a8866d3..23c3fdc5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -103,6 +103,7 @@ The **patch** part changes incrementally at each release.
 * webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
 * minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
 * minifirewall: Properly detect alert5.sh to turn on firewall at boot
+* packweb-apache: Add missing dependency to evoacme role
 
 ### Removed
 * clamav : do not install the zoo package anymore
diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml
index 97cf077f..c8981b6e 100644
--- a/packweb-apache/meta/main.yml
+++ b/packweb-apache/meta/main.yml
@@ -28,3 +28,4 @@ dependencies:
   - { role: evolix/mysql,        when: packweb_mysql_variant == "debian" }
   - { role: evolix/mysql-oracle, when: packweb_mysql_variant == "oracle" }
   - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}", evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}" }
+  - { role: evolix/evoacme }

From a21fcaf6635032a38f5894699ac5737f627c71a7 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 1 Apr 2020 15:42:45 +0200
Subject: [PATCH 11/21] (fix) php: Chose the debian version repo archive for
 packages.sury.org

---
 CHANGELOG.md           | 1 +
 php/tasks/sury_pre.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 23c3fdc5..3d843efe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -104,6 +104,7 @@ The **patch** part changes incrementally at each release.
 * minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
 * minifirewall: Properly detect alert5.sh to turn on firewall at boot
 * packweb-apache: Add missing dependency to evoacme role
+* php: Chose the debian version repo archive for packages.sury.org
 
 ### Removed
 * clamav : do not install the zoo package anymore
diff --git a/php/tasks/sury_pre.yml b/php/tasks/sury_pre.yml
index 9ab816ab..45d5d005 100644
--- a/php/tasks/sury_pre.yml
+++ b/php/tasks/sury_pre.yml
@@ -18,7 +18,7 @@
 
 - name: Setup deb.sury.org repository - Add source list
   apt_repository:
-    repo: "deb https://packages.sury.org/php/ stretch main"
+    repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
     filename: sury
     state: present
 

From 135a089341f00a00cdb6a722c5808a1bbacc3be7 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 1 Apr 2020 15:56:32 +0200
Subject: [PATCH 12/21] (change) lxc-php: Use OpenSMTPD for Stretch/Buster
 containers, and ssmtp for Jessie containers

---
 CHANGELOG.md                     |  1 +
 lxc-php/tasks/mail_opensmtpd.yml |  8 ++++++++
 lxc-php/tasks/mail_ssmtp.yml     |  7 +++++++
 lxc-php/tasks/misc.yml           | 23 ++++++++---------------
 lxc-php/tasks/php56.yml          |  2 ++
 lxc-php/tasks/php70.yml          |  2 ++
 lxc-php/tasks/php73.yml          |  2 ++
 lxc-php/templates/ssmtp.conf.j2  | 21 +++++++++++++++++++++
 8 files changed, 51 insertions(+), 15 deletions(-)
 create mode 100644 lxc-php/tasks/mail_opensmtpd.yml
 create mode 100644 lxc-php/tasks/mail_ssmtp.yml
 create mode 100644 lxc-php/templates/ssmtp.conf.j2

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d843efe..61843e07 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,6 +68,7 @@ The **patch** part changes incrementally at each release.
 * lxc: remove useless loop in apt execution
 * lxc: update our default template to be compatible with Debian 10
 * lxc-php: refactor tasks for better maintainability
+* lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
 * lxc-solr: changed default Solr version to 8.4.1
 * minifirewall: better alert5 activation
 * minifirewall: no http filtering by default
diff --git a/lxc-php/tasks/mail_opensmtpd.yml b/lxc-php/tasks/mail_opensmtpd.yml
new file mode 100644
index 00000000..5ed07082
--- /dev/null
+++ b/lxc-php/tasks/mail_opensmtpd.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Configure opensmtpd (in the container)
+  template:
+    src: smtpd.conf.j2
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf"
+    mode: "0644"
+  notify: "Restart opensmtpd"
diff --git a/lxc-php/tasks/mail_ssmtp.yml b/lxc-php/tasks/mail_ssmtp.yml
new file mode 100644
index 00000000..9e0465b7
--- /dev/null
+++ b/lxc-php/tasks/mail_ssmtp.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Configure ssmtp (in the container)
+  template:
+    src: ssmtp.conf.j2
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/ssmtp/ssmtp.conf"
+    mode: "0644"
diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml
index cfa78db0..96cd365d 100644
--- a/lxc-php/tasks/misc.yml
+++ b/lxc-php/tasks/misc.yml
@@ -1,26 +1,19 @@
 ---
 
-- name: Configure opensmtpd
-  template:
-    src: smtpd.conf.j2
-    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf"
-    mode: "0644"
-  notify: "Restart opensmtpd"
-
-- name: Copy using inline content
-  copy:
-    content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
-    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname"
-  notify: "Restart opensmtpd"
-
-- name: Configure timezone
+- name: Configure timezone for the container
   copy:
     remote_src: yes
     src: "/etc/timezone"
     dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone"
 
-- name: Ensure containers root directory is 755
+- name: Ensure container's root directory is 755
   file:
     path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
     state: directory
     mode: '0755'
+
+- name: Configure mailname for the container
+  copy:
+    content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname"
+  notify: "Restart opensmtpd"
diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml
index 369495df..06220acf 100644
--- a/lxc-php/tasks/php56.yml
+++ b/lxc-php/tasks/php56.yml
@@ -16,3 +16,5 @@
     - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_ssmtp.yml"
diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml
index 932758f2..e049cf0c 100644
--- a/lxc-php/tasks/php70.yml
+++ b/lxc-php/tasks/php70.yml
@@ -16,3 +16,5 @@
     - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_opensmtd.yml"
diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml
index ac6a9fea..b50460f3 100644
--- a/lxc-php/tasks/php73.yml
+++ b/lxc-php/tasks/php73.yml
@@ -16,3 +16,5 @@
     - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_opensmtd.yml"
diff --git a/lxc-php/templates/ssmtp.conf.j2 b/lxc-php/templates/ssmtp.conf.j2
new file mode 100644
index 00000000..dafba814
--- /dev/null
+++ b/lxc-php/templates/ssmtp.conf.j2
@@ -0,0 +1,21 @@
+#
+# Config file for sSMTP sendmail
+#
+# The person who gets all mail for userids < 1000
+# Make this empty to disable rewriting.
+root=postmaster
+
+# The place where the mail goes. The actual machine name is required no
+# MX records are consulted. Commonly mailhosts are named mail.domain.com
+mailhub=127.0.0.1
+
+# Where will the mail seem to come from?
+#rewriteDomain=
+
+# The full hostname
+hostname={{ ansible_fqdn }}
+
+# Are users allowed to set their own From: address?
+# YES - Allow the user to specify their own From: address
+# NO - Use the system generated From: address
+FromLineOverride=YES

From f442239cecfe2b3a278c30773b135640f51bbf7c Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 1 Apr 2020 18:05:20 +0200
Subject: [PATCH 13/21] (fix) packweb-apache: Don't try to install PHPMyAdmin
 on Buster as it's not available

---
 CHANGELOG.md                  | 1 +
 packweb-apache/tasks/main.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61843e07..1adcc0fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -106,6 +106,7 @@ The **patch** part changes incrementally at each release.
 * minifirewall: Properly detect alert5.sh to turn on firewall at boot
 * packweb-apache: Add missing dependency to evoacme role
 * php: Chose the debian version repo archive for packages.sury.org
+* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
 
 ### Removed
 * clamav : do not install the zoo package anymore
diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml
index 6fb47e0b..575c885d 100644
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@@ -78,6 +78,7 @@
 - include: apache.yml
 
 - include: phpmyadmin.yml
+  when: ansible_distribution_release != "buster"
 
 - include: awstats.yml
 

From 7fc260a17b8a6f0ca275ba3ac636114faf694d54 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 1 Apr 2020 18:08:57 +0200
Subject: [PATCH 14/21] (fix) php: update surry_post.yml to match current
 latest PHP release

---
 CHANGELOG.md            |  1 +
 php/tasks/sury_post.yml | 34 +++++++++++++++++-----------------
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1adcc0fe..8236c283 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -106,6 +106,7 @@ The **patch** part changes incrementally at each release.
 * minifirewall: Properly detect alert5.sh to turn on firewall at boot
 * packweb-apache: Add missing dependency to evoacme role
 * php: Chose the debian version repo archive for packages.sury.org
+* php: update surry_post.yml to match current latest PHP release
 * packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
 
 ### Removed
diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml
index e26fbf8d..ecfb13dc 100644
--- a/php/tasks/sury_post.yml
+++ b/php/tasks/sury_post.yml
@@ -1,52 +1,52 @@
 ---
 
-- name: Symlink Evolix CLI config files from 7.3 to 7.0
+- name: Symlink Evolix CLI config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/cli
+    dest: /etc/php/7.4/cli
     mode: "0755"
 
-- name: Symlink Evolix Apache config files from 7.3 to 7.0
+- name: Symlink Evolix Apache config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
   when: php_apache_enable
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/apache2
+    dest: /etc/php/7.4/apache2
     mode: "0755"
   when: php_apache_enable
 
-- name: Symlink Evolix FPM config files from 7.3 to 7.0
+- name: Symlink Evolix FPM config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/zzz-evolinux-custom.ini" }
-    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/z-evolinux-defaults.conf" }
-    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/zzz-evolinux-custom.conf" }
+    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }
+    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/zzz-evolinux-custom.conf" }
   when: php_fpm_enable
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/fpm
+    dest: /etc/php/7.4/fpm
     mode: "0755"
   when: php_fpm_enable

From bd63e7037f6cc5d38e5335dac5856432e513f4ba Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 8 Apr 2020 17:54:16 +0200
Subject: [PATCH 15/21] packweb-apache: Do the install & conffigure
 phpContainer script (instead of evoadmin-web role)

---
 CHANGELOG.md                              |  1 +
 packweb-apache/files/multiphp-sudoers     |  3 ++
 packweb-apache/files/phpContainer         | 18 ++++++++++++
 packweb-apache/tasks/main.yml             |  3 ++
 packweb-apache/tasks/multiphp.yml         | 34 +++++++++++++++++++++++
 webapps/evoadmin-web/files/phpContainer   | 10 -------
 webapps/evoadmin-web/tasks/config.yml     |  7 -----
 webapps/evoadmin-web/tasks/user.yml       |  6 ----
 webapps/evoadmin-web/tasks/web.yml        |  7 -----
 webapps/evoadmin-web/templates/sudoers.j2 |  4 ---
 10 files changed, 59 insertions(+), 34 deletions(-)
 create mode 100644 packweb-apache/files/multiphp-sudoers
 create mode 100644 packweb-apache/files/phpContainer
 create mode 100644 packweb-apache/tasks/multiphp.yml
 delete mode 100644 webapps/evoadmin-web/files/phpContainer

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8236c283..f39a886e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -76,6 +76,7 @@ The **patch** part changes incrementally at each release.
 * nagios-nrpe: change default haproxy socket path
 * nagios-nrpe: check_mode per cpu dynamically
 * nodejs: change default version to 12 (new LTS)
+* packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
 * php: By default, allow 128M for OpCache (instead of 64M)
 * php: Don't set a chroot for the default fpm pool
 * php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
diff --git a/packweb-apache/files/multiphp-sudoers b/packweb-apache/files/multiphp-sudoers
new file mode 100644
index 00000000..8bd0f446
--- /dev/null
+++ b/packweb-apache/files/multiphp-sudoers
@@ -0,0 +1,3 @@
+
+Defaults        env_keep += "LOGNAME PWD"
+ALL ALL = NOPASSWD: /usr/local/bin/phpContainer
diff --git a/packweb-apache/files/phpContainer b/packweb-apache/files/phpContainer
new file mode 100644
index 00000000..9c9425c1
--- /dev/null
+++ b/packweb-apache/files/phpContainer
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# If this script isn't run as root, then, re-run it with sudo.
+if [ "$EUID" -ne 0 ]; then
+  sudo $(readlink -f  ${BASH_SOURCE[0]}) ${*@Q}
+  exit 0;
+fi;
+
+PHPVersion=$(grep SetHandler /etc/apache2/sites-enabled/$LOGNAME.conf 2>/dev/null | grep -m 1 -o 'fpm[0-9][0-9]' | head -n 1 | sed 's/php//g' | sed 's/fpm//g')
+
+if [ "$PHPVersion" != "" ]; then
+    lxc-attach -n php$PHPVersion -- su - $LOGNAME -c "cd \"${PWD@E}\" && php ${*@Q}"
+else
+    # TODO: fallback?
+    # command php $*
+    echo "ERROR - Could not determine \$PHPVersion - Are you a web account ?"
+    exit 1
+fi
diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml
index 575c885d..9c36c888 100644
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@@ -90,3 +90,6 @@
     name: "ProFTPd directory size caching"
     special_time: daily
     job: "/usr/share/scripts/evoadmin/stats.sh"
+
+- include: multiphp.yml
+  when: packweb_multiphp_versions | length > 0
diff --git a/packweb-apache/tasks/multiphp.yml b/packweb-apache/tasks/multiphp.yml
new file mode 100644
index 00000000..9d290450
--- /dev/null
+++ b/packweb-apache/tasks/multiphp.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Enable proxy_fcgi
+  apache2_module:
+    state: present
+    name: proxy_fcgi
+  notify: restart apache2
+
+- include_role:
+    name: remount-usr
+
+- name: Copy phpContainer script
+  copy:
+    src: phpContainer
+    dest: /usr/local/bin/phpContainer
+    mode: 0700
+
+# - name: Copy php shim to call phpContainer when the user is a web user
+#   copy:
+#     src: multiphp-shim
+#     dest: /usr/local/bin/php
+#     mode: 0755
+
+# - name: Modify bashrc skel file
+#   lineinfile:
+#     dest: /etc/skel/.bashrc
+#     line: "alias php='sudo /usr/local/bin/phpContainer'"
+
+- name: Add multiphp sudoers file
+  copy:
+    src: multiphp-sudoers
+    dest: /etc/sudoers.d/multiphp
+    mode: "0600"
+    validate: "visudo -cf %s"
diff --git a/webapps/evoadmin-web/files/phpContainer b/webapps/evoadmin-web/files/phpContainer
deleted file mode 100644
index 9d8a6e28..00000000
--- a/webapps/evoadmin-web/files/phpContainer
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-evolixContainerVersion=$(grep SetHandler /etc/apache2/sites-enabled/$LOGNAME.conf 2>/dev/null | grep -m 1 -o 'fpm[0-9][0-9]' | head -n 1 | sed 's/php//g' | sed 's/fpm//g')                                                                                                                                                  
-if [ "$evolixContainerVersion" != "" ]; then
-    lxc-attach -n php$evolixContainerVersion -- su - $LOGNAME -c "cd \"${PWD@E}\" && php ${*@Q}"
-else
-    # TODO: fallback?
-    # command php $*
-    echo "could not determine \$evolixContainerVersion"
-    exit 1
-fi
diff --git a/webapps/evoadmin-web/tasks/config.yml b/webapps/evoadmin-web/tasks/config.yml
index b6384f3b..689a217e 100644
--- a/webapps/evoadmin-web/tasks/config.yml
+++ b/webapps/evoadmin-web/tasks/config.yml
@@ -29,10 +29,3 @@
     - "templates/evoadmin-web/web-mail.tpl.j2"
     - "web-mail.tpl.j2"
   register: evoadmin_mail_tpl_template
-
-- name: Copy multi php-cli script
-  copy:
-    src: phpContainer
-    dest: /usr/local/bin/phpContainer
-    mode: 0700
-  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/tasks/user.yml b/webapps/evoadmin-web/tasks/user.yml
index f12a4feb..5aa6c29c 100644
--- a/webapps/evoadmin-web/tasks/user.yml
+++ b/webapps/evoadmin-web/tasks/user.yml
@@ -116,9 +116,3 @@
     - "templates/evoadmin-web/sudoers.j2"
     - "sudoers.j2"
   register: evoadmin_sudoers_conf
-
-- name: Modify bashrc skel file
-  lineinfile:
-    dest: /etc/skel/.bashrc
-    line: "alias php='sudo /usr/local/bin/phpContainer'"
-  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/tasks/web.yml b/webapps/evoadmin-web/tasks/web.yml
index e756fde2..cafccc72 100644
--- a/webapps/evoadmin-web/tasks/web.yml
+++ b/webapps/evoadmin-web/tasks/web.yml
@@ -84,10 +84,3 @@
     - "templates/evoadmin-web/config.local.php.j2"
     - "config.local.php.j2"
   register: evoadmin_config_local_php_template
-
-- name: Enable proxy_fcgi
-  apache2_module:
-    state: present
-    name: proxy_fcgi
-  notify: restart apache2
-  when: packweb_multiphp_versions is defined
diff --git a/webapps/evoadmin-web/templates/sudoers.j2 b/webapps/evoadmin-web/templates/sudoers.j2
index 9b7cfa54..7926b5f3 100644
--- a/webapps/evoadmin-web/templates/sudoers.j2
+++ b/webapps/evoadmin-web/templates/sudoers.j2
@@ -1,7 +1,3 @@
 User_Alias EVOADMIN = www-evoadmin
 Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh, {{ evoadmin_scripts_dir | mandatory }}/dbadmin.sh
 EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
-{% if packweb_multiphp_versions is defined %}
-Defaults        env_keep += "LOGNAME PWD"
-ALL ALL = NOPASSWD: /usr/local/bin/phpContainer
-{% endif %}

From 93c043c8e001cb0f0bfe99593b2521045bf18f50 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 8 Apr 2020 17:57:46 +0200
Subject: [PATCH 16/21] (fix) lxc: Fix container existance check to be able to
 run in check_mode

---
 CHANGELOG.md                   | 2 ++
 lxc/tasks/create-container.yml | 1 +
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f39a886e..def29043 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -93,6 +93,7 @@ The **patch** part changes incrementally at each release.
 * etc-git: fix warnings ansible-lint
 * evoadmin-web: Put the php config at the right place for Buster
 * lxc: Don't stop the container if it already exists
+* lxc: Fix container existance check to be able to run in check_mode
 * lxc-php: Don't remove the default pool
 * minifirewall: fix warnings ansible-lint
 * nginx: fix munin fcgi not working (missing chmod 660 on logs)
@@ -109,6 +110,7 @@ The **patch** part changes incrementally at each release.
 * php: Chose the debian version repo archive for packages.sury.org
 * php: update surry_post.yml to match current latest PHP release
 * packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
+*
 
 ### Removed
 * clamav : do not install the zoo package anymore
diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml
index 7b47768f..937cd936 100644
--- a/lxc/tasks/create-container.yml
+++ b/lxc/tasks/create-container.yml
@@ -2,6 +2,7 @@
 - name: "Check if container {{ name }} exists"
   command: "lxc-ls {{name}}"
   changed_when: false
+  check_mode: no
   register: container_exists
 
 - name: "Create container {{ name }}"

From bd201e8791a7e497b18958a783e2bffbbe971985 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 8 Apr 2020 17:58:42 +0200
Subject: [PATCH 17/21] (change) lxc-php: refactor tasks for better
 maintainability (again)

---
 lxc-php/tasks/mail_opensmtpd.yml |  7 ++++++-
 lxc-php/tasks/mail_ssmtp.yml     |  7 ++++++-
 lxc-php/tasks/misc.yml           | 12 +++++++++---
 lxc-php/tasks/php56.yml          |  2 +-
 lxc-php/tasks/php70.yml          |  4 ++--
 lxc-php/tasks/php73.yml          |  4 ++--
 6 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/lxc-php/tasks/mail_opensmtpd.yml b/lxc-php/tasks/mail_opensmtpd.yml
index 5ed07082..20fe91e3 100644
--- a/lxc-php/tasks/mail_opensmtpd.yml
+++ b/lxc-php/tasks/mail_opensmtpd.yml
@@ -1,6 +1,11 @@
 ---
 
-- name: Configure opensmtpd (in the container)
+- name: "{{ lxc_php_version }} - Install opensmtpd"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y ssmtp"
+
+- name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)"
   template:
     src: smtpd.conf.j2
     dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf"
diff --git a/lxc-php/tasks/mail_ssmtp.yml b/lxc-php/tasks/mail_ssmtp.yml
index 9e0465b7..01e8216a 100644
--- a/lxc-php/tasks/mail_ssmtp.yml
+++ b/lxc-php/tasks/mail_ssmtp.yml
@@ -1,6 +1,11 @@
 ---
 
-- name: Configure ssmtp (in the container)
+- name: "{{ lxc_php_version }} - Install ssmtp"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y ssmtp"
+
+- name: "{{ lxc_php_version }} - Configure ssmtp"
   template:
     src: ssmtp.conf.j2
     dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/ssmtp/ssmtp.conf"
diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml
index 96cd365d..af848213 100644
--- a/lxc-php/tasks/misc.yml
+++ b/lxc-php/tasks/misc.yml
@@ -1,19 +1,25 @@
 ---
 
-- name: Configure timezone for the container
+- name: "{{ lxc_php_version }} - Configure timezone for the container"
   copy:
     remote_src: yes
     src: "/etc/timezone"
     dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone"
 
-- name: Ensure container's root directory is 755
+- name: "{{ lxc_php_version }} - Ensure container's root directory is 755"
   file:
     path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
     state: directory
     mode: '0755'
 
-- name: Configure mailname for the container
+- name: "{{ lxc_php_version }} - Configure mailname for the container"
   copy:
     content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
     dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname"
   notify: "Restart opensmtpd"
+
+
+- name: "{{ lxc_php_version }} - Install misc packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y cron logrotate git zip unzip"
diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml
index 06220acf..1f254b35 100644
--- a/lxc-php/tasks/php56.yml
+++ b/lxc-php/tasks/php56.yml
@@ -3,7 +3,7 @@
 - name: "{{ lxc_php_version }} - Install PHP packages"
   lxc_container:
     name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml
index e049cf0c..2e45890d 100644
--- a/lxc-php/tasks/php70.yml
+++ b/lxc-php/tasks/php70.yml
@@ -3,7 +3,7 @@
 - name: "{{ lxc_php_version }} - Install PHP packages"
   lxc_container:
     name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtd.yml"
+- include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml
index b50460f3..0149d6ee 100644
--- a/lxc-php/tasks/php73.yml
+++ b/lxc-php/tasks/php73.yml
@@ -3,7 +3,7 @@
 - name: "{{ lxc_php_version }} - Install PHP packages"
   lxc_container:
     name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-gettext php-curl php-ssh2 php-zip php-mbstring php-zip composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtd.yml"
+- include: "mail_opensmtpd.yml"

From 472032908473ef3c0941942549b3e5e111b4d56c Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 8 Apr 2020 18:10:54 +0200
Subject: [PATCH 18/21] (fix) packweb-apache: Fix a regression introduced by
 bd63e7037f6cc5d38e5335dac5856432e513f4ba

---
 packweb-apache/files/phpContainer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packweb-apache/files/phpContainer b/packweb-apache/files/phpContainer
index 9c9425c1..0f634d6a 100644
--- a/packweb-apache/files/phpContainer
+++ b/packweb-apache/files/phpContainer
@@ -2,7 +2,7 @@
 
 # If this script isn't run as root, then, re-run it with sudo.
 if [ "$EUID" -ne 0 ]; then
-  sudo $(readlink -f  ${BASH_SOURCE[0]}) ${*@Q}
+  sudo $(readlink -f  ${BASH_SOURCE[0]}) "$@"
   exit 0;
 fi;
 

From 6cf62aec11696aa4c8f2155ffbce20af507e0ec3 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 8 Apr 2020 18:12:50 +0200
Subject: [PATCH 19/21] (fix) packweb-apache : phpContainer can be run by
 anyone, set the chmod accordingly to 0755

---
 packweb-apache/tasks/multiphp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packweb-apache/tasks/multiphp.yml b/packweb-apache/tasks/multiphp.yml
index 9d290450..01f0b130 100644
--- a/packweb-apache/tasks/multiphp.yml
+++ b/packweb-apache/tasks/multiphp.yml
@@ -13,7 +13,7 @@
   copy:
     src: phpContainer
     dest: /usr/local/bin/phpContainer
-    mode: 0700
+    mode: 0755
 
 # - name: Copy php shim to call phpContainer when the user is a web user
 #   copy:

From 968973d1f46fab16cf381544c59652a101c513ab Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 17 Apr 2020 15:56:54 +0200
Subject: [PATCH 20/21] whitespaces and syntax

---
 lxc/tasks/create-container.yml | 24 ++++++++++++------------
 lxc/tasks/main.yml             |  4 ++--
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml
index 937cd936..8b8a68e3 100644
--- a/lxc/tasks/create-container.yml
+++ b/lxc/tasks/create-container.yml
@@ -1,36 +1,36 @@
 ---
 - name: "Check if container {{ name }} exists"
-  command: "lxc-ls {{name}}"
+  command: "lxc-ls {{ name }}"
   changed_when: false
   check_mode: no
   register: container_exists
 
 - name: "Create container {{ name }}"
   lxc_container:
-    name: "{{name}}"
+    name: "{{ name }}"
     container_log: true
     template: debian
     state: stopped
-    template_options: "--arch amd64 --release {{release}}"
+    template_options: "--arch amd64 --release {{ release }}"
   when: container_exists.stdout_lines == []
 
 - name: "Disable network configuration inside container {{ name }}"
   replace:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/default/networking"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
     regexp: "^#CONFIGURE_INTERFACES=yes"
     replace: CONFIGURE_INTERFACES=no
   when: lxc_network_type == "none"
 
 - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
     line: "NETDOWN=no"
   when: lxc_network_type == "none" and release == "jessie"
 
 - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
   file:
     src: /lib/systemd/system/poweroff.target
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/systemd/system/sigpwr.target"
+    dest: "/var/lib/lxc/{{ name }}/rootfs/etc/systemd/system/sigpwr.target"
     state: link
   when: release == 'jessie'
 
@@ -38,21 +38,21 @@
   copy:
     remote_src: yes
     src: /etc/resolv.conf
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/"
+    dest: "/var/lib/lxc/{{ name }}/rootfs/etc/"
 
 - name: "Add hostname in /etc/hosts for container {{ name }}"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
-    line: "127.0.0.1 {{name}}"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
+    line: "127.0.0.1 {{ name }}"
 
 - name: "Fix permission on /dev for container {{ name }}"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
     line: "chmod 755 /dev"
     insertbefore: "^exit 0$"
   when: release == 'jessie'
 
-- name: "Ensure that {{name}} container is running"
+- name: "Ensure that {{ name }} container is running"
   lxc_container:
-    name: "{{name}}"
+    name: "{{ name }}"
     state: started
diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml
index 982a6898..765ff868 100644
--- a/lxc/tasks/main.yml
+++ b/lxc/tasks/main.yml
@@ -34,5 +34,5 @@
   include: create-container.yml
   vars:
     name: "{{ item.name }}"
-    release: "{{item.release}}"
-  with_items: "{{lxc_containers}}"
+    release: "{{ item.release }}"
+  loop: "{{ lxc_containers }}"

From 7a3e6cf61a1ac263f30e8affa1ca7eb5c55c33d1 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 17 Apr 2020 15:57:22 +0200
Subject: [PATCH 21/21] lxc: install apparmor on Debian 10

---
 lxc/tasks/main.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml
index 765ff868..df8dc86f 100644
--- a/lxc/tasks/main.yml
+++ b/lxc/tasks/main.yml
@@ -7,9 +7,11 @@
       - xz-utils
       - python-lxc
 
-- name: Install lxc-templates on Buster
+- name: Install additional packages on Buster
   apt:
-    name: lxc-templates
+    name:
+      - apparmor
+      - lxc-templates
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: Copy LXC default containers configuration