# Arrange things to run inside a pseudo-container, since
# I do not want to actually install PHP5.
[Service]
User=alloc
Group=www-data
RootImage=/srv/alloc/uwsgi-plugin-php-chroot.squashfs
MountAPIVFS=yes

# systemd/bullseye-backports (v251) Just Works, but
# systemd/bullseye (v247) lacks this bugfix:
# https://github.com/systemd/systemd/blob/v248/NEWS#L145-L148
# Therefore try to workaround it by a shitty evil broken backdoor.
# UPDATE: this feature missing in v247 also causes this error:
#           [ERROR] Unable to create the PID file (/run/php5-fpm.pid).: Permission denied (13)
# FIXME: remove this!
#TemporaryFileSystem=/run,size=8M
BindPaths=/run

# Get mariadb mysql socket in (uwsgi-plugin-php --socket--> mariadb-server)
# (File is /run/mysqld/mysqld.sock)
# FIXME: use default socket path once systemd is v248+?
BindPaths=/run/mysqld/mysqld.sock

# Get the actual web app visible to php5-fpm.
# We'll do something like
#     git clone --branch=v189 https://github.com/cyberitsolutions/alloc /srv/alloc/www/alloc
BindReadOnlyPaths=/srv/alloc/www:/var/www
BindReadOnlyPaths=/etc/alloc/alloc_config.php:/var/www/alloc/alloc_config.php
BindReadOnlyPaths=/etc/alloc:/etc/uwsgi/apps-available
BindReadOnlyPaths=/etc/alloc/alloc.php.ini:/etc/php5/embed/php.ini

# This is where alloc writes out e.g. email attachments.
# UPDATE: the old alloc_config.php looked in /srv/alloc.
# The new one should look in /var/lib/alloc which is automatically set up due to StateDirectory=alloc.
# UPDATE: we can't do that because RootImage= is read only, so systemd can't "mkdir /var/lib/alloc" to mount on top of that.
# So we'll store data in /srv/alloc/data/alloc which will appear as /srv/alloc to the PHP code.
BindPaths=/srv/alloc/data:/srv

# php7.4-fpm.conf has "chdir = /var/www".
# php5-fpm.conf has "chdir = /".
# Setting WorkingDirectory=/var/www should make php5 better there.
WorkingDirectory=/var/www/alloc