mysql_install/mysql_install.sh

#!/usr/bin/env bash
set -Eeuo pipefail

# ============================================================
# Arch Linux: MariaDB + Apache + PHP + phpMyAdmin installer
# Includes:
#  - Apache prefork fix for mod_php
#  - ServerName fix
# ============================================================

DB_ROOT_PASSWORD="${DB_ROOT_PASSWORD:-}"
HTTPD_CONF="/etc/httpd/conf/httpd.conf"
PHP_INI="/etc/php/php.ini"
PHPMYADMIN_APACHE_CONF="/etc/httpd/conf/extra/phpmyadmin.conf"
PHPMYADMIN_MAIN_CONF="/etc/webapps/phpmyadmin/config.inc.php"
MARIADB_DATA_DIR="/var/lib/mysql"
WEBROOT="/srv/http"
INFO_FILE="${WEBROOT}/info.php"

log() {
  echo
  echo "============================================================"
  echo "[INFO] $*"
  echo "============================================================"
}

warn() {
  echo
  echo "[WARN] $*" >&2
}

die() {
  echo
  echo "[ERROR] $*" >&2
  exit 1
}

require_root() {
  if [[ "${EUID}" -ne 0 ]]; then
    die "Run this script as root: sudo bash $0"
  fi
}

backup_file() {
  local file="$1"
  if [[ -f "$file" ]]; then
    cp -an "$file" "${file}.bak.$(date +%Y%m%d%H%M%S)"
  fi
}

append_if_missing() {
  local file="$1"
  local line="$2"
  grep -Fqx "$line" "$file" 2>/dev/null || echo "$line" >> "$file"
}

# ============================================================
# FIX 1: Apache MPM (required for mod_php)
# ============================================================
configure_apache_mpm_for_php() {
  log "Switching Apache from threaded MPM to prefork for mod_php"

  backup_file "$HTTPD_CONF"

  sed -i 's|^LoadModule mpm_event_module modules/mod_mpm_event.so|#LoadModule mpm_event_module modules/mod_mpm_event.so|' "$HTTPD_CONF" || true
  sed -i 's|^#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so|LoadModule mpm_prefork_module modules/mod_mpm_prefork.so|' "$HTTPD_CONF" || true

  if ! grep -q "mpm_prefork_module" "$HTTPD_CONF"; then
    echo 'LoadModule mpm_prefork_module modules/mod_mpm_prefork.so' >> "$HTTPD_CONF"
  fi
}

# ============================================================
# FIX 2: ServerName warning
# ============================================================
configure_server_name() {
  log "Setting Apache ServerName"

  if ! grep -q "^ServerName" "$HTTPD_CONF"; then
    echo "ServerName localhost" >> "$HTTPD_CONF"
  fi
}

enable_php_module_httpd() {
  log "Configuring Apache for PHP"

  backup_file "$HTTPD_CONF"

  sed -i 's|^#LoadModule php_module modules/libphp.so|LoadModule php_module modules/libphp.so|' "$HTTPD_CONF" || true

  append_if_missing "$HTTPD_CONF" "AddHandler php-script .php"
  append_if_missing "$HTTPD_CONF" "Include conf/extra/php_module.conf"
  append_if_missing "$HTTPD_CONF" "Include conf/extra/phpmyadmin.conf"
}

configure_php() {
  log "Configuring PHP extensions for MariaDB"

  backup_file "$PHP_INI"

  sed -i 's|^;*extension=mysqli|extension=mysqli|' "$PHP_INI" || true
  sed -i 's|^;*extension=pdo_mysql|extension=pdo_mysql|' "$PHP_INI" || true
}

configure_phpmyadmin_apache() {
  log "Writing Apache config for phpMyAdmin"

  mkdir -p "$(dirname "$PHPMYADMIN_APACHE_CONF")"

  cat > "$PHPMYADMIN_APACHE_CONF" <<'EOF'
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"

<Directory "/usr/share/webapps/phpMyAdmin">
    DirectoryIndex index.php
    AllowOverride All
    Options FollowSymLinks
    Require all granted
</Directory>
EOF
}

generate_blowfish_secret() {
  openssl rand -base64 32 | tr -d '\n'
}

configure_phpmyadmin_main() {
  log "Configuring phpMyAdmin"

  backup_file "$PHPMYADMIN_MAIN_CONF"

  local blowfish
  blowfish="$(generate_blowfish_secret)"

  echo "\$cfg['blowfish_secret'] = '${blowfish}';" >> "$PHPMYADMIN_MAIN_CONF"
  echo "\$cfg['Servers'][\$i]['auth_type'] = 'cookie';" >> "$PHPMYADMIN_MAIN_CONF"
}

initialize_mariadb() {
  log "Initializing MariaDB if needed"

  if [[ ! -d "$MARIADB_DATA_DIR/mysql" ]]; then
    mariadb-install-db --user=mysql --basedir=/usr --datadir="$MARIADB_DATA_DIR"
  else
    warn "MariaDB already initialized"
  fi
}

test_httpd_config() {
  log "Testing Apache configuration"
  httpd -t
}

start_enable_services() {
  log "Enabling and starting services"
  systemctl enable --now mariadb
  systemctl enable --now httpd
}

secure_mariadb() {
  log "Securing MariaDB"

  if [[ -z "$DB_ROOT_PASSWORD" ]]; then
    DB_ROOT_PASSWORD="$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 20)"
    warn "Generated DB password: $DB_ROOT_PASSWORD"
  fi

  mariadb <<SQL
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}';
FLUSH PRIVILEGES;
SQL
}

write_php_test_page() {
  log "Creating PHP test file"

  mkdir -p "$WEBROOT"
  echo "<?php phpinfo(); ?>" > "$INFO_FILE"
}

install_packages() {
  log "Installing packages"
  pacman -Sy --needed --noconfirm mariadb apache php php-apache phpmyadmin openssl
}

main() {
  require_root
  install_packages
  configure_apache_mpm_for_php
  configure_server_name
  enable_php_module_httpd
  configure_php
  configure_phpmyadmin_apache
  configure_phpmyadmin_main
  initialize_mariadb
  test_httpd_config
  start_enable_services
  secure_mariadb
  write_php_test_page
}

main "$@"