add various stuff

ansible.cfg

@@ -1,7 +1,7 @@
 # config file for ansible -- http://ansible.com/
 # ==============================================
 
-# nearly all parameters can be overridden in ansible-playbook
+# nearly all parameters can be overridden in ansible-playbook 
 # or with command line flags. ansible will read ANSIBLE_CONFIG,
 # ansible.cfg in the current working directory, .ansible.cfg in
 # the home directory or /etc/ansible/ansible.cfg, whichever it
@@ -71,22 +71,22 @@ timeout = 10
 # list any Jinja2 extensions to enable here:
 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
 
-# if set, always use this private key file for authentication, same as
+# if set, always use this private key file for authentication, same as 
 # if passing --private-key to ansible or ansible-playbook
 #private_key_file = /path/to/file
 
-# format of string {{ ansible_managed }} available within Jinja2
+# format of string {{ ansible_managed }} available within Jinja2 
 # templates indicates to users editing templates files will be replaced.
 # replacing {file}, {host} and {uid} and strftime codes with proper values.
 ansible_managed = Ansible managed: {file} modified by {uid} on {host}
 
 # by default, ansible-playbook will display "Skipping [host]" if it determines a task
-# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping"
+# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping" 
-# messages. NOTE: the task header will still be shown regardless of whether or not the
+# messages. NOTE: the task header will still be shown regardless of whether or not the 
 # task is skipped.
 #display_skipped_hosts = True
 
-# by default (as of 1.3), Ansible will raise errors when attempting to dereference
+# by default (as of 1.3), Ansible will raise errors when attempting to dereference 
 # Jinja2 variables that are not set in templates or action lines. Uncomment this line
 # to revert the behavior to pre-1.3.
 #error_on_undefined_vars = False
@@ -126,28 +126,28 @@ filter_plugins     = /usr/share/ansible_plugins/filter_plugins
 
 
 # don't like cows?  that's unfortunate.
-# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
+# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 
 #nocows = 1
 
 # don't like colors either?
 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
 #nocolor = 1
 
-# the CA certificate path used for validating SSL certs. This path
+# the CA certificate path used for validating SSL certs. This path 
 # should exist on the controlling node, not the target nodes
 # common locations:
 # RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
 # Fedora     : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 # Ubuntu     : /usr/share/ca-certificates/cacert.org/cacert.org.crt
-#ca_file_path =
+#ca_file_path = 
 
 # the http user-agent string to use when fetching urls. Some web server
 # operators block the default urllib user agent as it is frequently used
-# by malicious attacks/scripts, so we set it to something unique to
+# by malicious attacks/scripts, so we set it to something unique to 
 # avoid issues.
 #http_user_agent = ansible-agent
 
-# if set to a persistant type (not 'memory', for example 'redis') fact values
+# if set to a persistent type (not 'memory', for example 'redis') fact values
 # from previous runs in Ansible will be stored.  This may be useful when
 # wanting to use, for example, IP information from one group of servers
 # without having to talk to them in the same playbook run to get their
@@ -161,8 +161,8 @@ fact_caching = memory
 
 [privilege_escalation]
 #become=True
-#become_method='sudo'
+#become_method=sudo
-#become_user='root'
+#become_user=root
 #become_ask_pass=False
 
 [paramiko_connection]
@@ -179,24 +179,24 @@ fact_caching = memory
 [ssh_connection]
 
 # ssh arguments to use
-# Leaving off ControlPersist will result in poor performance, so use
+# Leaving off ControlPersist will result in poor performance, so use 
 # paramiko on older platforms rather than removing it
 #ssh_args = -o ControlMaster=auto -o ControlPersist=60s
 
 # The path to use for the ControlPath sockets. This defaults to
 # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
-# very long hostnames or very long path names (caused by long user names or
+# very long hostnames or very long path names (caused by long user names or 
 # deeply nested home directories) this can exceed the character limit on
-# file socket names (108 characters for most platforms). In that case, you
+# file socket names (108 characters for most platforms). In that case, you 
 # may wish to shorten the string below.
-#
+# 
-# Example:
+# Example: 
 # control_path = %(directory)s/%%h-%%r
 #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
 
-# Enabling pipelining reduces the number of SSH operations required to
+# Enabling pipelining reduces the number of SSH operations required to 
-# execute a module on the remote server. This can result in a significant
+# execute a module on the remote server. This can result in a significant 
-# performance improvement when enabled, however when using "sudo:" you must
+# performance improvement when enabled, however when using "sudo:" you must 
 # first disable 'requiretty' in /etc/sudoers
 #
 # By default, this option is disabled to preserve compatibility with
@@ -204,7 +204,7 @@ fact_caching = memory
 #
 pipelining = True
 
-# if True, make ansible use scp if the connection type is ssh
+# if True, make ansible use scp if the connection type is ssh 
 # (default is sftp)
 #scp_if_ssh = True
 
@@ -215,7 +215,7 @@ accelerate_connect_timeout = 5.0
 
 # The daemon timeout is measured in minutes. This time is measured
 # from the last activity to the accelerate daemon.
-accelerate_daemon_timeout = 30
+accelerate_daemon_timeout = 30 
 
 # If set to yes, accelerate_multi_key will allow multiple
 # private keys to be uploaded to it, though each user must
@@ -223,3 +223,8 @@ accelerate_daemon_timeout = 30
 # is "no".
 #accelerate_multi_key = yes
 
+[selinux]
+# file systems that require special treatment when dealing with security context
+# the default behaviour that copies the existing context or uses the user default
+# needs to be changed to use the file system dependant context.
+#special_context_filesystems=nfs,vboxsf,fuse

connection_plugins/lxc

@@ -1 +1 @@
-Subproject commit e6e168920486dc6e1249a6c8849cd98186fab6f5
+Subproject commit e497737cd0cfdf9e57d94845b1096da425507c1d

roles/common/defaults/main.yml

@@ -0,0 +1,7 @@
+static_files:
+  - { from: locale.conf, to: /etc/locale.conf }
+  - { from: whois.conf, to: /etc/whois.conf }
+  - { from: resolv.conf, to: /etc/resolv.conf }
+  - { from: logind.conf, to: /etc/systemd/system/logind.conf }
+  - { from: locale.gen, to: /etc/locale.gen }
+  - { from: man-db.hook, to: /etc/pacman.d/hooks/man-db.hook }

roles/common/files/man-db.hook

@@ -0,0 +1,11 @@
+[Trigger]
+Type = File
+Operation = Install
+Operation = Upgrade
+Operation = Remove
+Target = usr/share/man/*
+
+[Action]
+Description = Updating manpage index...
+When = PostTransaction
+Exec = /usr/bin/systemctl start --no-block man-db.service

roles/common/files/resolv.conf

@@ -4,6 +4,6 @@
 #
 
 nameserver 172.23.75.6
-search eve.higgsboson.tk
+search eve.evenet.dn42
 
 # End of file

roles/common/tasks/main.yml

@@ -1,24 +1,34 @@
 - name: update pacman cache
   pacman: update_cache=yes
+- fetch: src=/etc/hosts dest=/tmp/fetched
+- name: remove silver-searcher-git
+  pacman:
+    name="silver-searcher-git"
+    state=absent
 - name: install essential packages
   pacman:
-    name="htop,strace,the_silver_searcher,zsh,git,sudo,neovim-git,ca-certificates-dn42"
+    name="htop,strace,zsh,git,sudo,neovim,python2-neovim,python-neovim,the_silver_searcher"
     state=present
+- name: install packages from repo
+  pacman:
+    name="ca-certificates-dn42,neovim-symlinks"
+    state=present
+  # fails on login, because it does not have the repo
+  ignore_errors: yes
 - file: src=/usr/bin/nvim dest=/usr/local/bin/vim state=link
 - locale_gen: name=de_DE.UTF-8 state=present
 - locale_gen: name=en_DK.UTF-8 state=present
-- command: /usr/bin/timedatectl set-timezone UTC
+#- command: /usr/bin/timedatectl set-timezone UTC
 
 - name: common configuration
   template: src={{ item.from }}.j2 dest={{ item.to }} mode=0644 backup=no
   with_items:
     - { from: hosts, to: /etc/hosts }
 
+- name: create directories for files
+  file: path="{{ item.to | dirname }}" recurse=yes state=directory
+  with_items: "{{static_files}}"
+
 - name: common configuration
-  copy: src={{ item.from }} dest={{ item.to }}
+  copy: src="{{ item.from }}" dest={{ item.to }}
-  with_items:
+  with_items: "{{static_files}}"
-    - { from: locale.conf, to: /etc/locale.conf }
-    - { from: whois.conf, to: /etc/whois.conf }
-    - { from: resolv.conf, to: /etc/resolv.conf }
-    - { from: logind.conf, to: /etc/systemd/system/logind.conf }
-    - { from: locale.gen, to: /etc/locale.gen }

roles/common/templates/hosts.j2

@@ -4,7 +4,7 @@
 #
 
 #<ip-address>   <hostname.domain.org>   <hostname>
-127.0.0.1       {{ ansible_nodename }}.lxc   {{ ansible_nodename }} localhost
+127.0.0.1       {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
-::1             {{ ansible_nodename }}.lxc   {{ ansible_nodename }} localhost
+::1             {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
 
 # End of file

roles/container/files/vimrc

@@ -3,34 +3,13 @@ set nocompatible   " be iMproved
 filetype off       " required!
 let mapleader=","  " change the leader to be a comma vs slash
 
-let iCanHazVundle=1
+call plug#begin('~/.vim/plugged')
-let vundle_readme=expand('~/.vim/bundle/Vundle.vim/README.md')
+Plug 'scrooloose/nerdtree'
-if !filereadable(vundle_readme)
+Plug 'scrooloose/syntastic'
-  echo "Installing Vundle.."
+Plug 'Valloric/YouCompleteMe'
-  echo ""
+Plug 'airblade/vim-gitgutter'
-  silent !mkdir -p ~/.vim/bundle
+Plug 'bronson/vim-trailing-whitespace'
-  silent !git clone https://github.com/gmarik/Vundle.vim.git ~/.vim/bundle/Vundle.vim
+call plug#end()
-  let iCanHazVundle=0
-endif
-
-set rtp+=~/.vim/bundle/Vundle.vim
-call vundle#begin()
-
-Plugin 'tpope/vim-rails'
-Plugin 'scrooloose/nerdtree'
-Plugin 'slim-template/vim-slim'
-Plugin 'scrooloose/syntastic'
-" not compatible with vim on servers
-" Bundle 'Valloric/YouCompleteMe'
-Plugin 'airblade/vim-gitgutter'
-Plugin 'bronson/vim-trailing-whitespace'
-call vundle#end()
-
-if iCanHazVundle == 0
-  echo "Installing Bundles, please ignore key map error messages"
-  echo ""
-  :BundleInstall
-endif
 
 syntax on
 filetype plugin indent on

roles/container/tasks/main.yml

@@ -6,11 +6,6 @@
   with_items: masked_services
 
 - user: name=root shell=/bin/bash
-- name: delete oh-my-zsh repo
-  file: path=/root/.oh-my-zsh state=absent
-- name: delete .zshrc
-  file: path=/root/.zshrs state=absent
-
 - name: Allow wheel group to use sudo
   lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'"
 - name: Write mirrorlist
@@ -21,15 +16,21 @@
 - name: SSH Keys
   copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys
 
-- set_fact:
+- set_fact: admins="{{ base_admins + additional_admins }}"
-    admins: "{{ base_admins + additional_admins }}"
 
 - name: deploy dotfiles
   copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}"
   with_nested:
-    - ['bashrc', 'dircolors', 'vimrc']
+    - ['bashrc', 'dircolors']
     - admins
 
+- name: Create ~/.config/nvim/autoload
+  file: path=/root/.config/nvim/autoload state=directory
+- name: create neovim
+  copy: src="vimrc" dest="/root/.config/nvim/init.vim"
+- name: install plug.vim
+  copy: src="vim/autoload/plug.vim" dest="/root/.config/nvim/autoload/plug.vim"
+
 - mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present
 
 - name: backup directory

roles/container/tasks/ssh.yml

@@ -17,7 +17,7 @@
   service: name=sshd.socket state=started enabled=yes
 
 - name: sshd.service.d
-  file: path=/etc/systemd/system/sshd.service.d/ state=directory
+  file: path=/etc/systemd/system/sshd@.service.d/ state=directory
 - name: ssh service KillMode
   copy: src=sshd-killmode.conf dest=/etc/systemd/system/sshd@.service.d/killmode.conf
   notify: Reload systemd

roles/php/templates/php-fpm.conf.j2

@@ -14,7 +14,7 @@
 ; Relative path can also be used. They will be prefixed by:
 ;  - the global prefix if it's been set (-p argument)
 ;  - /usr otherwise
-include=/etc/php/fpm.d/*.conf
+include=/etc/php/php-fpm.d/*.conf
 
 ;;;;;;;;;;;;;;;;;;
 ; Global Options ;

roles/php/templates/php.ini.j2

@@ -201,10 +201,6 @@ engine = On
 ; http://php.net/short-open-tag
 short_open_tag = Off
 
-; Allow ASP-style <% %> tags.
-; http://php.net/asp-tags
-asp_tags = Off
-
 ; The number of significant digits displayed in floating point numbers.
 ; http://php.net/precision
 precision = 14
@@ -696,13 +692,6 @@ default_charset = "UTF-8"
 ; http://php.net/output-encoding
 ;output_encoding =
 
-; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
-; to disable this feature and it will be removed in a future version.
-; If post reading is disabled through enable_post_data_reading,
-; $HTTP_RAW_POST_DATA is *NOT* populated.
-; http://php.net/always-populate-raw-post-data
-;always_populate_raw_post_data = -1
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Paths and Directories ;
 ;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -885,19 +874,14 @@ extension=gettext.so
 ;extension=intl.so
 ;extension=ldap.so
 ;extension=mcrypt.so
-;extension=mssql.so
 ;extension=mysqli.so
-;extension=mysql.so
 ;extension=odbc.so
 zend_extension=opcache.so
-;extension=openssl.so
 ;extension=pdo_mysql.so
 ;extension=pdo_odbc.so
 ;extension=pdo_pgsql.so
 ;extension=pdo_sqlite.so
 ;extension=pgsql.so
-;extension=phar.so
-;extension=posix.so
 ;extension=pspell.so
 ;extension=shmop.so
 ;extension=snmp.so
@@ -910,12 +894,7 @@ zend_extension=opcache.so
 ;extension=tidy.so
 ;extension=xmlrpc.so
 ;extension=xsl.so
-;extension=zip.so
+extension=zip.so
-
-; Extensions enabled by ansible
-{% for item in php_extensions %}
-extension={{item}}.so
-{% endfor %}
 
 ;;;;;;;;;;;;;;;;;;;
 ; Module Settings ;
@@ -974,10 +953,6 @@ date.timezone = UTC
 ; Default is 0, which does not produce any errors.
 ;intl.error_level = E_WARNING
 
-[sqlite]
-; http://php.net/sqlite.assoc-case
-;sqlite.assoc_case = 0
-
 [sqlite3]
 ;sqlite3.extension_dir =
 
@@ -993,6 +968,10 @@ date.timezone = UTC
 ; http://php.net/pcre.recursion-limit
 ;pcre.recursion_limit=100000
 
+;Enables or disables JIT compilation of patterns. This requires the PCRE
+;library to be compiled with JIT support.
+;pcre.jit=1
+
 [Pdo]
 ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
 ; http://php.net/pdo-odbc.connection-pooling
@@ -1036,7 +1015,7 @@ smtp_port = 25
 
 ; Force the addition of the specified parameters to be passed as extra parameters
 ; to the sendmail binary. These parameters will always replace the value of
-; the 5th parameter to mail(), even in safe mode.
+; the 5th parameter to mail().
 ;mail.force_extra_parameters =
 
 ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
@@ -1126,64 +1105,6 @@ ibase.dateformat = "%Y-%m-%d"
 ; Default time format.
 ibase.timeformat = "%H:%M:%S"
 
-[MySQL]
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysql.allow_local_infile
-mysql.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysql.allow-persistent
-mysql.allow_persistent = On
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysql.cache_size
-mysql.cache_size = 2000
-
-; Maximum number of persistent links.  -1 means no limit.
-; http://php.net/mysql.max-persistent
-mysql.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent).  -1 means no limit.
-; http://php.net/mysql.max-links
-mysql.max_links = -1
-
-; Default port number for mysql_connect().  If unset, mysql_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysql.default-port
-mysql.default_port =
-
-; Default socket name for local MySQL connects.  If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysql.default-socket
-mysql.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-host
-mysql.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-user
-mysql.default_user =
-
-; Default password for mysql_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
-; and reveal this password!  And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysql.default-password
-mysql.default_password =
-
-; Maximum time (in seconds) for connect timeout. -1 means no limit
-; http://php.net/mysql.connect-timeout
-mysql.connect_timeout = 60
-
-; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
-; SQL-Errors will be displayed.
-; http://php.net/mysql.trace-mode
-mysql.trace_mode = Off
-
 [MySQLi]
 
 ; Maximum number of persistent links.  -1 means no limit.
@@ -1338,45 +1259,6 @@ pgsql.ignore_notice = 0
 ; http://php.net/pgsql.log-notice
 pgsql.log_notice = 0
 
-[Sybase-CT]
-; Allow or prevent persistent links.
-; http://php.net/sybct.allow-persistent
-sybct.allow_persistent = On
-
-; Maximum number of persistent links.  -1 means no limit.
-; http://php.net/sybct.max-persistent
-sybct.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent).  -1 means no limit.
-; http://php.net/sybct.max-links
-sybct.max_links = -1
-
-; Minimum server message severity to display.
-; http://php.net/sybct.min-server-severity
-sybct.min_server_severity = 10
-
-; Minimum client message severity to display.
-; http://php.net/sybct.min-client-severity
-sybct.min_client_severity = 10
-
-; Set per-context timeout
-; http://php.net/sybct.timeout
-;sybct.timeout=
-
-;sybct.packet_size
-
-; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
-; Default: one minute
-;sybct.login_timeout=
-
-; The name of the host you claim to be connecting from, for display by sp_who.
-; Default: none
-;sybct.hostname=
-
-; Allows you to define how often deadlocks are to be retried. -1 means "forever".
-; Default: 0
-;sybct.deadlock_retry_count=
-
 [bcmath]
 ; Number of decimal digits for all bcmath functions.
 ; http://php.net/bcmath.scale
@@ -1627,64 +1509,31 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
 ; http://php.net/session.upload-progress.min-freq
 ;session.upload_progress.min_freq = "1"
 
-[MSSQL]
+; Only write session data when session data is changed. Enabled by default.
-; Allow or prevent persistent links.
+; http://php.net/session.lazy-write
-mssql.allow_persistent = On
+;session.lazy_write = On
-
-; Maximum number of persistent links.  -1 means no limit.
-mssql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent).  -1 means no limit.
-mssql.max_links = -1
-
-; Minimum error severity to display.
-mssql.min_error_severity = 10
-
-; Minimum message severity to display.
-mssql.min_message_severity = 10
-
-; Compatibility mode with old versions of PHP 3.0.
-mssql.compatibility_mode = Off
-
-; Connect timeout
-;mssql.connect_timeout = 5
-
-; Query timeout
-;mssql.timeout = 60
-
-; Valid range 0 - 2147483647.  Default = 4096.
-;mssql.textlimit = 4096
-
-; Valid range 0 - 2147483647.  Default = 4096.
-;mssql.textsize = 4096
-
-; Limits the number of records in each batch.  0 = all records in one batch.
-;mssql.batchsize = 0
-
-; Specify how datetime and datetim4 columns are returned
-; On => Returns data converted to SQL server settings
-; Off => Returns values as YYYY-MM-DD hh:mm:ss
-;mssql.datetimeconvert = On
-
-; Use NT authentication when connecting to the server
-mssql.secure_connection = Off
-
-; Specify max number of processes. -1 = library default
-; msdlib defaults to 25
-; FreeTDS defaults to 4096
-;mssql.max_procs = -1
-
-; Specify client character set.
-; If empty or not set the client charset from freetds.conf is used
-; This is only used when compiled with FreeTDS
-;mssql.charset = "ISO-8859-1"
 
 [Assertion]
+; Switch whether to compile assertions at all (to have no overhead at run-time)
+; -1: Do not compile at all
+;  0: Jump over assertion at run-time
+;  1: Execute assertions
+; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
+; Default Value: 1
+; Development Value: 1
+; Production Value: -1
+; http://php.net/zend.assertions
+zend.assertions = -1
+
 ; Assert(expr); active by default.
 ; http://php.net/assert.active
 ;assert.active = On
 
-; Issue a PHP warning for each failed assertion.
+; Throw an AssertationException on failed assertions
+; http://php.net/assert.exception
+;assert.exception = On
+
+; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
 ; http://php.net/assert.warning
 ;assert.warning = On
 
@@ -1728,7 +1577,7 @@ mssql.secure_connection = Off
 
 [mbstring]
 ; language for internal character representation.
-; This affects mb_send_mail() and mbstrig.detect_order.
+; This affects mb_send_mail() and mbstring.detect_order.
 ; http://php.net/mbstring.language
 ;mbstring.language = Japanese
 
@@ -1918,11 +1767,6 @@ opcache.enable=1
 ; size of the optimized code.
 ;opcache.save_comments=1
 
-; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
-; may be always stored (save_comments=1), but not loaded by applications
-; that don't need them anyway.
-;opcache.load_comments=1
-
 ; If enabled, a fast shutdown sequence is used for the accelerated code
 ;opcache.fast_shutdown=0
 
@@ -1972,6 +1816,31 @@ opcache.enable=1
 ; Useful for internal debugging only.
 ;opcache.protect_memory=0
 
+; Allows calling OPcache API functions only from PHP scripts which path is
+; started from specified string. The default "" means no restriction
+;opcache.restrict_api=
+
+; Mapping base of shared memory segments (for Windows only). All the PHP
+; processes have to map shared memory into the same address space. This
+; directive allows to manually fix the "Unable to reattach to base address"
+; errors.
+;opcache.mmap_base=
+
+; Enables and sets the second level cache directory.
+; It should improve performance when SHM memory is full, at server restart or
+; SHM reset. The default "" disables file based caching.
+;opcache.file_cache=
+
+; Enables or disables opcode caching in shared memory.
+;opcache.file_cache_only=0
+
+; Enables or disables checksum validation when script loaded from file cache.
+;opcache.file_cache_consistency_checks=1
+
+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+;opcache.huge_code_pages=1
+
 [curl]
 ; A default value for the CURLOPT_CAINFO option. This is required to be an
 ; absolute path.
@@ -1995,6 +1864,9 @@ opcache.enable=1
 ; SSL stream context option.
 ;openssl.capath=
 
+[apc]
+apc.enable_cli=1
+
 ; Local Variables:
 ; tab-width: 4
 ; End: