Jimadine/Vagrantfile

## build_atom.sh
#!/usr/bin/env bash
set -x
# Assign args to shell variables
for ARGUMENT in "$@"
do
    KEY=$(echo "$ARGUMENT" | cut -f1 -d=)
    VALUE=$(echo "$ARGUMENT" | cut -f2 -d=)
    case "$KEY" in
            --root-mysql-pwd)           ROOT_MYSQL_PWD=${VALUE} ;;
            --atom-mysql-user)          ATOM_MYSQL_USER=${VALUE} ;;
            --atom-mysql-db)            ATOM_MYSQL_DB=${VALUE} ;;
            --atom-mysql-pwd)           ATOM_MYSQL_PWD=${VALUE} ;;
            --atom-admin-email)         ATOM_ADMIN_EMAIL=${VALUE} ;;
            --atom-admin-username)      ATOM_ADMIN_USERNAME=${VALUE} ;;
            --atom-admin-pwd)           ATOM_ADMIN_PWD=${VALUE} ;;
            --download-url)             DOWNLOAD_URL=${VALUE} ;;
            --github-branch)            GITHUB_BRANCH=${VALUE} ;;
            *)
    esac
done

# Set some default variables, where the corresponding parameters haven't been supplied
if [ -z "$ROOT_MYSQL_PWD" ]; then
  ROOT_MYSQL_PWD=changemeDEFAULT
fi
if [ -z "$ATOM_MYSQL_USER" ]; then
  ATOM_MYSQL_USER=atomDEFAULT
fi
if [ -z "$ATOM_MYSQL_DB" ]; then
  ATOM_MYSQL_USER=atomDEFAULT
fi
if [ -z "$ATOM_MYSQL_PWD" ]; then
  ATOM_MYSQL_PWD=12345DEFAULT
fi
if [ -z "$ATOM_ADMIN_EMAIL" ]; then
  ATOM_ADMIN_EMAIL=boaty_mcboatface@domain.orgDEFAULT
fi
if [ -z "$ATOM_ADMIN_USERNAME" ]; then
  ATOM_ADMIN_USERNAME=boaty_mcboatfaceDEFAULT
fi
if [ -z "$ATOM_ADMIN_PWD" ]; then
  ATOM_ADMIN_PWD=changemeDEFAULT
fi
if [ -z "$DOWNLOAD_URL" ]; then
  DOWNLOAD_URL=https://storage.accesstomemory.org/releases/atom-2.7.1.tar.gz
fi
if [ -z "$GITHUB_BRANCH" ]; then
  GITHUB_BRANCH=stable/2.7.x
fi

apt install -y software-properties-common apt-transport-https

version=$(lsb_release -cs)
case $version in
 focal)
  echo No PPA for PHP 7.4 needed!
  ;;
 jammy)
  add-apt-repository -y ppa:ondrej/php
  ;;
esac

curl -L -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor > /usr/share/keyrings/elasticsearch-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/elasticsearch-archive-keyring.gpg] https://artifacts.elastic.co/packages/5.x/apt stable main" > /etc/apt/sources.list.d/elastic-5.x.list
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
apt update
apt install -y debconf-utils
debconf-set-selections <<< "mysql-server-8.0        mysql-server/root_password      password $ROOT_MYSQL_PWD"
debconf-set-selections <<< "mysql-server-8.0        mysql-server/root_password_again        password $ROOT_MYSQL_PWD"
DEBIAN_FRONTEND=noninteractive apt install -y mysql-server

cat <<'MYSQLDCNF' > /etc/mysql/conf.d/mysqld.cnf
[mysqld]
sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
optimizer_switch='block_nested_loop=off'
MYSQLDCNF

systemctl restart mysql
apt install -y openjdk-8-jre-headless \
elasticsearch \
nginx \
php-common \
php7.4-apcu \
php7.4-apcu-bc \
php7.4-common \
php7.4-cli \
php7.4-curl \
php7.4-fpm \
php7.4-json \
php7.4-ldap \
php7.4-memcache \
php7.4-mbstring \
php7.4-mysql \
php7.4-opcache \
php7.4-readline \
php7.4-xml \
php7.4-xsl \
php7.4-zip \
gearman-job-server \
imagemagick \
ghostscript \
poppler-utils \
ffmpeg \
git \
make \
nodejs

update-alternatives --set php /usr/bin/php7.4
apt install -y --no-install-recommends fop libsaxon-java
systemctl enable elasticsearch
systemctl start elasticsearch
touch /etc/nginx/sites-available/atom
ln -sf /etc/nginx/sites-available/atom /etc/nginx/sites-enabled/atom
rm /etc/nginx/sites-enabled/default

cat <<'ATOMNGINX' > /etc/nginx/sites-available/atom
upstream atom {
  server unix:/run/php7.4-fpm.atom.sock;
}

server {

  listen 80;
  root /usr/share/nginx/atom;

  # http://wiki.nginx.org/HttpCoreModule#server_name
  # _ means catch any, but it's better if you replace this with your server
  # name, e.g. archives.foobar.com
  server_name _;

  client_max_body_size 72M;

  location ~* ^/(css|dist|js|images|plugins|vendor)/.*\.(css|png|jpg|js|svg|ico|gif|pdf|woff|ttf)$ {
  }

  location ~* ^/(downloads)/.*\.(pdf|xml|html|csv|zip)$ {
  }

  location ~ ^/(ead.dtd|favicon.ico|robots.txt|sitemap.*)$ {
  }

  location / {
    try_files $uri /index.php?$args;
    if (-f $request_filename) {
       return 403;
    }
  }

  location ~* /uploads/r/(.*)/conf/ {
  }

  location ~* ^/uploads/r/(.*)$ {
    include /etc/nginx/fastcgi_params;
    set $index /index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$index;
    fastcgi_param SCRIPT_NAME $index;
    fastcgi_pass atom;
  }

  location ~ ^/private/(.*)$ {
    internal;
    alias /usr/share/nginx/atom/$1;
  }

  location ~ ^/(index|qubit_dev)\.php(/|$) {
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_pass atom;
  }

}
ATOMNGINX

systemctl enable nginx
systemctl reload nginx

cat <<'PHPFPM' > /etc/php/7.4/fpm/pool.d/atom.conf
[atom]

; The user running the application
user = www-data
group = www-data

; Use UNIX sockets if Nginx and PHP-FPM are running in the same machine
listen = /run/php7.4-fpm.atom.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0600

; The following directives should be tweaked based in your hardware resources
pm = dynamic
pm.max_children = 30
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 10
pm.max_requests = 200

chdir = /

; Some defaults for your PHP production environment
; A full list here: http://www.php.net/manual/en/ini.list.php
php_admin_value[expose_php] = off
php_admin_value[allow_url_fopen] = on
php_admin_value[memory_limit] = 512M
php_admin_value[max_execution_time] = 120
php_admin_value[post_max_size] = 72M
php_admin_value[upload_max_filesize] = 64M
php_admin_value[max_file_uploads] = 10
php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[display_errors] = off
php_admin_value[display_startup_errors] = off
php_admin_value[html_errors] = off
php_admin_value[session.use_only_cookies] = 0

; APC
php_admin_value[apc.enabled] = 1
php_admin_value[apc.shm_size] = 64M
php_admin_value[apc.num_files_hint] = 5000
php_admin_value[apc.stat] = 0

; Zend OPcache
php_admin_value[opcache.enable] = 1
php_admin_value[opcache.memory_consumption] = 192
php_admin_value[opcache.interned_strings_buffer] = 16
php_admin_value[opcache.max_accelerated_files] = 4000
php_admin_value[opcache.validate_timestamps] = 0
php_admin_value[opcache.fast_shutdown] = 1

; This is a good place to define some environment variables, e.g. use
; ATOM_DEBUG_IP to define a list of IP addresses with full access to the
; debug frontend or ATOM_READ_ONLY if you want AtoM to prevent
; authenticated users
env[ATOM_DEBUG_IP] = "10.10.10.10,127.0.0.1"
env[ATOM_READ_ONLY] = "off"
PHPFPM

systemctl enable php7.4-fpm
systemctl start php7.4-fpm
php-fpm7.4 --test
systemctl status php7.4-fpm
systemctl status nginx
rm /etc/php/7.4/fpm/pool.d/www.conf
systemctl restart php7.4-fpm

cat <<'GEARMAN' > /usr/lib/systemd/system/atom-worker.service
[Unit]
Description=AtoM worker
After=network.target
# High interval and low restart limit to increase the possibility
# of hitting the rate limits in long running recurrent jobs.
StartLimitIntervalSec=24h
StartLimitBurst=3

[Install]
WantedBy=multi-user.target

[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/usr/share/nginx/atom
ExecStart=/usr/bin/php7.4 -d memory_limit=-1 -d error_reporting="E_ALL" symfony jobs:worker
KillSignal=SIGTERM
Restart=on-failure
RestartSec=30
GEARMAN

systemctl daemon-reload
systemctl enable atom-worker
systemctl start atom-worker

mkdir -p /usr/share/nginx/atom && cd "$_" || exit

if [[ "$DOWNLOAD_URL" =~ \.git$ ]]; then
  git clone -b "${GITHUB_BRANCH}" --depth 1 "${DOWNLOAD_URL}" /usr/share/nginx/atom
  git config --global --add safe.directory /usr/share/nginx/atom
  curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && apt install -y nodejs
  npm install -g "less@<4.0.0"
  make -C /usr/share/nginx/atom/plugins/arDominionPlugin
  make -C /usr/share/nginx/atom/plugins/arArchivesCanadaPlugin
  php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
  php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
  php composer-setup.php
  php -r "unlink('composer-setup.php');"
  php composer.phar install --no-dev
else
  wget -nv "${DOWNLOAD_URL}" -O atom.tar.gz
  tar xzf atom.tar.gz -C /usr/share/nginx/atom --strip 1 --no-same-owner
  rm atom.tar.gz
  # Download files necessary for tarball install to compile BS5 themes
  ATOM_VERSION=$(echo $DOWNLOAD_URL | grep -oP "\/atom-(\d\.\d\.\d)\.tar\.gz$" | grep -oP "\d\.\d\.\d")
  wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/package.json"
  wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/package-lock.json"
  wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/webpack.config.js"
fi

mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "CREATE DATABASE ""${ATOM_MYSQL_DB}"" CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;"
mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "CREATE USER '""${ATOM_MYSQL_USER}""'@'localhost' IDENTIFIED BY '""${ATOM_MYSQL_PWD}""';"
mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "GRANT ALL PRIVILEGES ON ""${ATOM_MYSQL_USER}"".* TO '""${ATOM_MYSQL_USER}""'@'localhost';"

# This is required because of a peculiar problem affecting .tar.gz installs where the 'php symfony tools:install' command that follows fails due to an 'Elasticsearch connection failure: Can't connect to the server (Failed to connect to localhost port 9200 after 0 ms: Connection refused)'
# 30 seconds is a completely arbitrary delay! I'm unsure if the problem is particular to my environment.
sleep 30

# Use --demo option?
php symfony tools:install \
--database-host="localhost" \
--database-port="3306" \
--database-name="${ATOM_MYSQL_DB}" \
--database-user="${ATOM_MYSQL_USER}" \
--database-password="${ATOM_MYSQL_PWD}" \
--search-host="localhost" \
--search-port="9200" \
--search-index="atom" \
--site-title="AtoM" \
--site-description="Access to Memory" \
--site-base-url="http://127.0.0.1" \
--admin-email="${ATOM_ADMIN_EMAIL}" \
--admin-username="${ATOM_ADMIN_USERNAME}" \
--admin-password="${ATOM_ADMIN_PWD}" \
--no-confirmation

chown -R www-data:www-data /usr/share/nginx/atom
chmod o= /usr/share/nginx/atom

# Make the BS5 theme work! Without the following, you will see an error: 'The template "_layout_start.php" does not exist or is unreadable in ""' when the Dominion BS5 theme is chosen (GitHub install). Note this may be irrelevant beyond 2.7.0.
if [[ "$DOWNLOAD_URL" =~ \.git$ ]]; then
  # The following command is required for NodeJS 18.x (LTS), to avoid a 'Cypress cannot write to the cache directory due to file permissions' error. NodeJS 19.x seemingly unaffected.
  HOME="$(echo ~www-data)" CYPRESS_CACHE_FOLDER="cypress_cache" npm install
  # Fix 'sh: 1: webpack: Permission denied'
  chmod +x /usr/share/nginx/atom/node_modules/webpack/bin/webpack.js
  HOME="$(echo ~www-data)" CYPRESS_CACHE_FOLDER="cypress_cache" npm run build
  rm -rf node_modules
fi

## Vagrantfile
Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/jammy64"
  config.vm.network "forwarded_port", guest: 80, host: 9001, host_ip: "127.0.0.1", auto_correct: true
  config.vm.provider "virtualbox" do |vb|
    vb.name = "_vanillaatom2"
    vb.memory = 4096
    vb.cpus = 2
    # Set a Null file handler for the serial console per https://bugs.launchpad.net/cloud-images/+bug/1890942
    vb.customize [ "modifyvm", :id, "--uartmode1", "file", File::NULL ]
  end
  # Download URLs are e.g. https://github.com/artefactual/atom.git & https://storage.accesstomemory.org/releases/atom-2.7.1.tar.gz
  config.vm.provision :shell, path: './build_atom.sh', args: ['--root-mysql-pwd=something',
                                                              '--atom-mysql-user=atom',
                                                              '--atom-mysql-db=atom',
                                                              '--atom-mysql-pwd=12345',
                                                              '--atom-admin-email=boaty_mcboatface@domain.org',
                                                              '--atom-admin-username=boaty_mcboatface',
                                                              '--atom-admin-pwd=changeme',
                                                              '--download-url=https://github.com/artefactual/atom.git',
                                                              '--github-branch=stable/2.7.x'
                                                             ]
  end
	#!/usr/bin/env bash
	set -x
	# Assign args to shell variables
	for ARGUMENT in "$@"
	do
	KEY=$(echo "$ARGUMENT" \| cut -f1 -d=)
	VALUE=$(echo "$ARGUMENT" \| cut -f2 -d=)
	case "$KEY" in
	--root-mysql-pwd) ROOT_MYSQL_PWD=${VALUE} ;;
	--atom-mysql-user) ATOM_MYSQL_USER=${VALUE} ;;
	--atom-mysql-db) ATOM_MYSQL_DB=${VALUE} ;;
	--atom-mysql-pwd) ATOM_MYSQL_PWD=${VALUE} ;;
	--atom-admin-email) ATOM_ADMIN_EMAIL=${VALUE} ;;
	--atom-admin-username) ATOM_ADMIN_USERNAME=${VALUE} ;;
	--atom-admin-pwd) ATOM_ADMIN_PWD=${VALUE} ;;
	--download-url) DOWNLOAD_URL=${VALUE} ;;
	--github-branch) GITHUB_BRANCH=${VALUE} ;;
	*)
	esac
	done

	# Set some default variables, where the corresponding parameters haven't been supplied
	if [ -z "$ROOT_MYSQL_PWD" ]; then
	ROOT_MYSQL_PWD=changemeDEFAULT
	fi
	if [ -z "$ATOM_MYSQL_USER" ]; then
	ATOM_MYSQL_USER=atomDEFAULT
	fi
	if [ -z "$ATOM_MYSQL_DB" ]; then
	ATOM_MYSQL_USER=atomDEFAULT
	fi
	if [ -z "$ATOM_MYSQL_PWD" ]; then
	ATOM_MYSQL_PWD=12345DEFAULT
	fi
	if [ -z "$ATOM_ADMIN_EMAIL" ]; then
	ATOM_ADMIN_EMAIL=boaty_mcboatface@domain.orgDEFAULT
	fi
	if [ -z "$ATOM_ADMIN_USERNAME" ]; then
	ATOM_ADMIN_USERNAME=boaty_mcboatfaceDEFAULT
	fi
	if [ -z "$ATOM_ADMIN_PWD" ]; then
	ATOM_ADMIN_PWD=changemeDEFAULT
	fi
	if [ -z "$DOWNLOAD_URL" ]; then
	DOWNLOAD_URL=https://storage.accesstomemory.org/releases/atom-2.7.1.tar.gz
	fi
	if [ -z "$GITHUB_BRANCH" ]; then
	GITHUB_BRANCH=stable/2.7.x
	fi

	apt install -y software-properties-common apt-transport-https

	version=$(lsb_release -cs)
	case $version in
	focal)
	echo No PPA for PHP 7.4 needed!
	;;
	jammy)
	add-apt-repository -y ppa:ondrej/php
	;;
	esac

	curl -L -s https://artifacts.elastic.co/GPG-KEY-elasticsearch \| gpg --dearmor > /usr/share/keyrings/elasticsearch-archive-keyring.gpg
	echo "deb [arch=amd64 signed-by=/usr/share/keyrings/elasticsearch-archive-keyring.gpg] https://artifacts.elastic.co/packages/5.x/apt stable main" > /etc/apt/sources.list.d/elastic-5.x.list
	curl -fsSL https://deb.nodesource.com/setup_20.x \| sudo -E bash -
	apt update
	apt install -y debconf-utils
	debconf-set-selections <<< "mysql-server-8.0 mysql-server/root_password password $ROOT_MYSQL_PWD"
	debconf-set-selections <<< "mysql-server-8.0 mysql-server/root_password_again password $ROOT_MYSQL_PWD"
	DEBIAN_FRONTEND=noninteractive apt install -y mysql-server

	cat <<'MYSQLDCNF' > /etc/mysql/conf.d/mysqld.cnf
	[mysqld]
	sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
	optimizer_switch='block_nested_loop=off'
	MYSQLDCNF

	systemctl restart mysql
	apt install -y openjdk-8-jre-headless \
	elasticsearch \
	nginx \
	php-common \
	php7.4-apcu \
	php7.4-apcu-bc \
	php7.4-common \
	php7.4-cli \
	php7.4-curl \
	php7.4-fpm \
	php7.4-json \
	php7.4-ldap \
	php7.4-memcache \
	php7.4-mbstring \
	php7.4-mysql \
	php7.4-opcache \
	php7.4-readline \
	php7.4-xml \
	php7.4-xsl \
	php7.4-zip \
	gearman-job-server \
	imagemagick \
	ghostscript \
	poppler-utils \
	ffmpeg \
	git \
	make \
	nodejs

	update-alternatives --set php /usr/bin/php7.4
	apt install -y --no-install-recommends fop libsaxon-java
	systemctl enable elasticsearch
	systemctl start elasticsearch
	touch /etc/nginx/sites-available/atom
	ln -sf /etc/nginx/sites-available/atom /etc/nginx/sites-enabled/atom
	rm /etc/nginx/sites-enabled/default

	cat <<'ATOMNGINX' > /etc/nginx/sites-available/atom
	upstream atom {
	server unix:/run/php7.4-fpm.atom.sock;
	}

	server {

	listen 80;
	root /usr/share/nginx/atom;

	# http://wiki.nginx.org/HttpCoreModule#server_name
	# _ means catch any, but it's better if you replace this with your server
	# name, e.g. archives.foobar.com
	server_name _;

	client_max_body_size 72M;

	location ~* ^/(css\|dist\|js\|images\|plugins\|vendor)/.*\.(css\|png\|jpg\|js\|svg\|ico\|gif\|pdf\|woff\|ttf)$ {
	}

	location ~* ^/(downloads)/.*\.(pdf\|xml\|html\|csv\|zip)$ {
	}

	location ~ ^/(ead.dtd\|favicon.ico\|robots.txt\|sitemap.*)$ {
	}

	location / {
	try_files $uri /index.php?$args;
	if (-f $request_filename) {
	return 403;
	}
	}

	location ~* /uploads/r/(.*)/conf/ {
	}

	location ~* ^/uploads/r/(.*)$ {
	include /etc/nginx/fastcgi_params;
	set $index /index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$index;
	fastcgi_param SCRIPT_NAME $index;
	fastcgi_pass atom;
	}

	location ~ ^/private/(.*)$ {
	internal;
	alias /usr/share/nginx/atom/$1;
	}

	location ~ ^/(index\|qubit_dev)\.php(/\|$) {
	include /etc/nginx/fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_split_path_info ^(.+\.php)(/.*)$;
	fastcgi_pass atom;
	}

	}
	ATOMNGINX

	systemctl enable nginx
	systemctl reload nginx

	cat <<'PHPFPM' > /etc/php/7.4/fpm/pool.d/atom.conf
	[atom]

	; The user running the application
	user = www-data
	group = www-data

	; Use UNIX sockets if Nginx and PHP-FPM are running in the same machine
	listen = /run/php7.4-fpm.atom.sock
	listen.owner = www-data
	listen.group = www-data
	listen.mode = 0600

	; The following directives should be tweaked based in your hardware resources
	pm = dynamic
	pm.max_children = 30
	pm.start_servers = 10
	pm.min_spare_servers = 10
	pm.max_spare_servers = 10
	pm.max_requests = 200

	chdir = /

	; Some defaults for your PHP production environment
	; A full list here: http://www.php.net/manual/en/ini.list.php
	php_admin_value[expose_php] = off
	php_admin_value[allow_url_fopen] = on
	php_admin_value[memory_limit] = 512M
	php_admin_value[max_execution_time] = 120
	php_admin_value[post_max_size] = 72M
	php_admin_value[upload_max_filesize] = 64M
	php_admin_value[max_file_uploads] = 10
	php_admin_value[cgi.fix_pathinfo] = 0
	php_admin_value[display_errors] = off
	php_admin_value[display_startup_errors] = off
	php_admin_value[html_errors] = off
	php_admin_value[session.use_only_cookies] = 0

	; APC
	php_admin_value[apc.enabled] = 1
	php_admin_value[apc.shm_size] = 64M
	php_admin_value[apc.num_files_hint] = 5000
	php_admin_value[apc.stat] = 0

	; Zend OPcache
	php_admin_value[opcache.enable] = 1
	php_admin_value[opcache.memory_consumption] = 192
	php_admin_value[opcache.interned_strings_buffer] = 16
	php_admin_value[opcache.max_accelerated_files] = 4000
	php_admin_value[opcache.validate_timestamps] = 0
	php_admin_value[opcache.fast_shutdown] = 1

	; This is a good place to define some environment variables, e.g. use
	; ATOM_DEBUG_IP to define a list of IP addresses with full access to the
	; debug frontend or ATOM_READ_ONLY if you want AtoM to prevent
	; authenticated users
	env[ATOM_DEBUG_IP] = "10.10.10.10,127.0.0.1"
	env[ATOM_READ_ONLY] = "off"
	PHPFPM

	systemctl enable php7.4-fpm
	systemctl start php7.4-fpm
	php-fpm7.4 --test
	systemctl status php7.4-fpm
	systemctl status nginx
	rm /etc/php/7.4/fpm/pool.d/www.conf
	systemctl restart php7.4-fpm

	cat <<'GEARMAN' > /usr/lib/systemd/system/atom-worker.service
	[Unit]
	Description=AtoM worker
	After=network.target
	# High interval and low restart limit to increase the possibility
	# of hitting the rate limits in long running recurrent jobs.
	StartLimitIntervalSec=24h
	StartLimitBurst=3

	[Install]
	WantedBy=multi-user.target

	[Service]
	Type=simple
	User=www-data
	Group=www-data
	WorkingDirectory=/usr/share/nginx/atom
	ExecStart=/usr/bin/php7.4 -d memory_limit=-1 -d error_reporting="E_ALL" symfony jobs:worker
	KillSignal=SIGTERM
	Restart=on-failure
	RestartSec=30
	GEARMAN

	systemctl daemon-reload
	systemctl enable atom-worker
	systemctl start atom-worker

	mkdir -p /usr/share/nginx/atom && cd "$_" \|\| exit

	if [[ "$DOWNLOAD_URL" =~ \.git$ ]]; then
	git clone -b "${GITHUB_BRANCH}" --depth 1 "${DOWNLOAD_URL}" /usr/share/nginx/atom
	git config --global --add safe.directory /usr/share/nginx/atom
	curl -fsSL https://deb.nodesource.com/setup_18.x \| bash - && apt install -y nodejs
	npm install -g "less@<4.0.0"
	make -C /usr/share/nginx/atom/plugins/arDominionPlugin
	make -C /usr/share/nginx/atom/plugins/arArchivesCanadaPlugin
	php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
	php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
	php composer-setup.php
	php -r "unlink('composer-setup.php');"
	php composer.phar install --no-dev
	else
	wget -nv "${DOWNLOAD_URL}" -O atom.tar.gz
	tar xzf atom.tar.gz -C /usr/share/nginx/atom --strip 1 --no-same-owner
	rm atom.tar.gz
	# Download files necessary for tarball install to compile BS5 themes
	ATOM_VERSION=$(echo $DOWNLOAD_URL \| grep -oP "\/atom-(\d\.\d\.\d)\.tar\.gz$" \| grep -oP "\d\.\d\.\d")
	wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/package.json"
	wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/package-lock.json"
	wget "https://raw.githubusercontent.com/artefactual/atom/v${ATOM_VERSION}/webpack.config.js"
	fi

	mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "CREATE DATABASE ""${ATOM_MYSQL_DB}"" CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;"
	mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "CREATE USER '""${ATOM_MYSQL_USER}""'@'localhost' IDENTIFIED BY '""${ATOM_MYSQL_PWD}""';"
	mysql -h localhost -u root -p"${ROOT_MYSQL_PWD}" -e "GRANT ALL PRIVILEGES ON ""${ATOM_MYSQL_USER}"".* TO '""${ATOM_MYSQL_USER}""'@'localhost';"

	# This is required because of a peculiar problem affecting .tar.gz installs where the 'php symfony tools:install' command that follows fails due to an 'Elasticsearch connection failure: Can't connect to the server (Failed to connect to localhost port 9200 after 0 ms: Connection refused)'
	# 30 seconds is a completely arbitrary delay! I'm unsure if the problem is particular to my environment.
	sleep 30

	# Use --demo option?
	php symfony tools:install \
	--database-host="localhost" \
	--database-port="3306" \
	--database-name="${ATOM_MYSQL_DB}" \
	--database-user="${ATOM_MYSQL_USER}" \
	--database-password="${ATOM_MYSQL_PWD}" \
	--search-host="localhost" \
	--search-port="9200" \
	--search-index="atom" \
	--site-title="AtoM" \
	--site-description="Access to Memory" \
	--site-base-url="http://127.0.0.1" \
	--admin-email="${ATOM_ADMIN_EMAIL}" \
	--admin-username="${ATOM_ADMIN_USERNAME}" \
	--admin-password="${ATOM_ADMIN_PWD}" \
	--no-confirmation

	chown -R www-data:www-data /usr/share/nginx/atom
	chmod o= /usr/share/nginx/atom

	# Make the BS5 theme work! Without the following, you will see an error: 'The template "_layout_start.php" does not exist or is unreadable in ""' when the Dominion BS5 theme is chosen (GitHub install). Note this may be irrelevant beyond 2.7.0.
	if [[ "$DOWNLOAD_URL" =~ \.git$ ]]; then
	# The following command is required for NodeJS 18.x (LTS), to avoid a 'Cypress cannot write to the cache directory due to file permissions' error. NodeJS 19.x seemingly unaffected.
	HOME="$(echo ~www-data)" CYPRESS_CACHE_FOLDER="cypress_cache" npm install
	# Fix 'sh: 1: webpack: Permission denied'
	chmod +x /usr/share/nginx/atom/node_modules/webpack/bin/webpack.js
	HOME="$(echo ~www-data)" CYPRESS_CACHE_FOLDER="cypress_cache" npm run build
	rm -rf node_modules
	fi
	Vagrant.configure("2") do \|config\|
	config.vm.box = "ubuntu/jammy64"
	config.vm.network "forwarded_port", guest: 80, host: 9001, host_ip: "127.0.0.1", auto_correct: true
	config.vm.provider "virtualbox" do \|vb\|
	vb.name = "_vanillaatom2"
	vb.memory = 4096
	vb.cpus = 2
	# Set a Null file handler for the serial console per https://bugs.launchpad.net/cloud-images/+bug/1890942
	vb.customize [ "modifyvm", :id, "--uartmode1", "file", File::NULL ]
	end
	# Download URLs are e.g. https://github.com/artefactual/atom.git & https://storage.accesstomemory.org/releases/atom-2.7.1.tar.gz
	config.vm.provision :shell, path: './build_atom.sh', args: ['--root-mysql-pwd=something',
	'--atom-mysql-user=atom',
	'--atom-mysql-db=atom',
	'--atom-mysql-pwd=12345',
	'--atom-admin-email=boaty_mcboatface@domain.org',
	'--atom-admin-username=boaty_mcboatface',
	'--atom-admin-pwd=changeme',
	'--download-url=https://github.com/artefactual/atom.git',
	'--github-branch=stable/2.7.x'
	]
	end