Fedora 42

Signed-off-by: Jason Rothstein <fdragon@fdragon.org>

templates/Fedora/42/etc/httpd/conf.d/phpMyAdmin.conf

@@ -0,0 +1,46 @@
+# phpMyAdmin - Web based MySQL browser written in php
+# 
+# Allows only localhost by default
+#
+# But allowing phpMyAdmin to anyone other than localhost should be considered
+# dangerous unless properly secured by SSL
+
+Alias /phpMyAdmin /usr/share/phpMyAdmin
+Alias /phpmyadmin /usr/share/phpMyAdmin
+
+<Directory /usr/share/phpMyAdmin/>
+   AddDefaultCharset UTF-8
+   Require ssl
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/>
+   Require local
+</Directory>
+
+# These directories do not require access over HTTP - taken from the original
+# phpMyAdmin upstream tarball
+#
+<Directory /usr/share/phpMyAdmin/libraries/>
+    Require all denied
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/templates/>
+    Require all denied
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/lib/>
+    Require all denied
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/frames/>
+    Require all denied
+</Directory>
+
+# This configuration prevents mod_security at phpMyAdmin directories from
+# filtering SQL etc.  This may break your mod_security implementation.
+#
+#<IfModule mod_security.c>
+#    <Directory /usr/share/phpMyAdmin/>
+#        SecRuleInheritance Off
+#    </Directory>
+#</IfModule>

templates/Fedora/42/etc/my.cnf

@@ -0,0 +1,11 @@
+#
+# This group is read both both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+
+#
+# include all files from the config directory
+#
+!includedir /etc/my.cnf.d
+

templates/Fedora/42/etc/my.cnf.d/auth_gssapi.cnf

@@ -0,0 +1,2 @@
+[mariadb]
+#plugin-load-add=auth_gssapi.so

templates/Fedora/42/etc/my.cnf.d/client.cnf

@@ -0,0 +1,14 @@
+#
+# These two groups are read by the client library
+# Use it for options that affect all clients, but not the server
+#
+[client]
+default-character-set = utf8mb4
+
+# This group is not read by mysql client library,
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]
+ssl
+ssl-verify-server-cert
+

templates/Fedora/42/etc/my.cnf.d/cracklib_password_check.cnf

@@ -0,0 +1,2 @@
+[mariadb]
+#plugin-load-add=cracklib_password_check.so

templates/Fedora/42/etc/my.cnf.d/enable_encryption.preset

@@ -0,0 +1,20 @@
+#
+# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d)
+# and it will enable data at rest encryption. This is a simple way to
+# ensure that everything that can be encrypted will be and your
+# data will not leak unencrypted.
+#
+# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
+# newer version and your edits will be lost. Instead, add your edits
+# to the .cnf file after the !include directive.
+#
+# NOTE that you also need to install an encryption plugin for the encryption
+# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
+#
+[mariadb]
+aria-encrypt-tables
+encrypt-binlog
+encrypt-tmp-disk-tables
+encrypt-tmp-files
+loose-innodb-encrypt-log
+loose-innodb-encrypt-tables

templates/Fedora/42/etc/my.cnf.d/hashicorp_key_management.cnf

@@ -0,0 +1,117 @@
+# Copyright (C) 2019-2022 MariaDB Corporation
+#
+# This is a default configuration for the Hashicorp Vault plugin.
+# You can read more about the parameters of this plugin in the
+# hashicorp_key_management.txt file.
+#
+# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
+# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
+# TO APPROPRIATE VALUES!
+#
+[mariadb]
+
+#
+# To use Hashicorp Vault KMS, the plugin must be preloaded and
+# activated on the server:
+#
+#plugin-load-add=hashicorp_key_management.so
+
+# Most of its parameters should not be changed during plugin
+# operation and therefore must be preconfigured as part of
+# the server configuration:
+
+#
+# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
+# It must include the name of the scheme ("https://" for a secure
+# connection) and, according to the API rules for storages of the
+# key-value type in Hashicorp Vault, after the server address, the
+# path must begin with the "/v1/" string (as prefix), for example:
+# "https://127.0.0.1:8200/v1/my_secrets"
+#
+#hashicorp-key-management-vault-url="<url>"
+
+#
+# Authentication token that passed to the Hashicorp Vault
+# in the request header:
+#
+#hashicorp-key-management-token="<token>"
+
+#
+# Optional path to the Certificate Authority (CA) bundle
+# (is a file that contains root and intermediate certificates):
+#
+#hashicorp-key-management-vault-ca="<path>"
+
+#
+# Set the duration (in seconds) for the Hashicorp Vault server
+# connection timeout. The allowed range is from 1 to 86400 seconds.
+# The user can also specify a zero value, which means the default
+# timeout value set by the libcurl library (currently 300 seconds):
+#
+#hashicorp-key-management-timeout=15
+
+#
+# Number of server request retries in case of timeout:
+#
+#hashicorp-key-management-retries=3
+
+#
+# Enable key caching (storing key values received from
+# the Hashicorp Vault server in the local memory):
+#
+#hashicorp-key-management-caching-enabled="on"
+
+#
+# This parameter instructs the plugin to use the key values
+# or version numbers taken from the cache in the event of a
+# timeout when accessing the vault server. By default this
+# option is disabled.
+#
+# Please note that key values or version numbers will be read
+# from the cache when the timeout expires only after the number
+# of attempts to read them from the storage server that specified
+# by the hashicorp-key-management-retries parameter has been
+# exhausted:
+#
+#hashicorp-key-management-use-cache-on-timeout="off"
+
+#
+# The time (in milliseconds) after which the value of the key
+# stored in the cache becomes invalid and an attempt to read this
+# data causes a new request send to the vault server. By default,
+# cache entries become invalid after 60,000 milliseconds (after
+# one minute).
+#
+# If the value of this parameter is zero, then the keys will always
+# be considered invalid, but they still can be used if the vault
+# server is unavailable and the corresponding cache operating mode
+# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
+# is enabled.
+#
+#hashicorp-key-management-cache-timeout=0
+
+#
+# The time (in milliseconds) after which the information about
+# latest version number of the key (which stored in the cache)
+# becomes invalid and an attempt to read this information causes
+# a new request send to the vault server.
+#
+# If the value of this parameter is zero, then information abount
+# latest key version numbers always considered invalid, unless
+# there is no communication with the vault server and use of the
+# cache is allowed when the server is unavailable.
+#
+# By default, this parameter is zero, that is, the latest version
+# numbers for the keys stored in the cache are considered always
+# invalid, except when the vault server is unavailable and use
+# of the cache is allowed on server failures.
+#
+#hashicorp-key-management-cache-version-timeout=0
+
+#
+# This parameter enables ("on", this is the default value) or disables
+# ("off") checking the kv storage version during plugin initialization.
+# The plugin requires storage to be version 2 or older in order for it
+# to work properly.
+#
+#hashicorp-key-management-check-kv-version=on

templates/Fedora/42/etc/my.cnf.d/mariadb-server.cnf

@@ -0,0 +1,59 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql/
+#
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+# Settings user and group are ignored when systemd is used.
+# If you need to run mysqld under a different user or group,
+# customize your systemd unit file for mysqld/mariadb according to the
+# instructions in http://fedoraproject.org/wiki/Systemd
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+character-set-server = utf8mb4
+ssl-cert=/etc/my.cnf.d/certificates/pubcert.epm
+ssl-key=/etc/my.cnf.d/certificates/privkey.epm
+tls-version=TLSv1.2,TLSv1.3
+
+
+#
+# * Galera-related settings
+#
+[galera]
+# Mandatory settings
+#wsrep_on=ON
+#wsrep_provider=
+#wsrep_cluster_address=
+#binlog_format=row
+#default_storage_engine=InnoDB
+#innodb_autoinc_lock_mode=2
+#
+# Allow server to accept connections on all interfaces.
+#
+#bind-address=0.0.0.0
+#
+# Optional setting
+#wsrep_slave_threads=1
+#innodb_flush_log_at_trx_commit=0
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.11 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.11]
+

templates/Fedora/42/etc/my.cnf.d/mysql-clients.cnf

@@ -0,0 +1,23 @@
+#
+# These groups are read by MariaDB command-line tools
+# Use it for options that affect only one utility
+#
+
+[mysql]
+
+[mysql_upgrade]
+
+[mysqladmin]
+
+[mysqlbinlog]
+
+[mysqlcheck]
+
+[mysqldump]
+
+[mysqlimport]
+
+[mysqlshow]
+
+[mysqlslap]
+

templates/Fedora/42/etc/my.cnf.d/provider_bzip2.cnf

@@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_bzip2
+provider_bzip2=force_plus_permanent

templates/Fedora/42/etc/my.cnf.d/provider_lz4.cnf

@@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lz4
+provider_lz4=force_plus_permanent

templates/Fedora/42/etc/my.cnf.d/provider_lzma.cnf

@@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lzma
+provider_lzma=force_plus_permanent

templates/Fedora/42/etc/my.cnf.d/provider_lzo.cnf

@@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_lzo
+provider_lzo=force_plus_permanent

templates/Fedora/42/etc/my.cnf.d/provider_snappy.cnf

@@ -0,0 +1,3 @@
+[server]
+plugin_load_add=provider_snappy
+provider_snappy=force_plus_permanent

templates/Fedora/42/etc/my.cnf.d/spider.cnf

@@ -0,0 +1,7 @@
+[mariadb]
+#
+# Uncomment line to enable
+#
+#plugin-load-add = ha_spider
+
+# Read more at https://mariadb.com/kb/en/spider/

templates/Fedora/42/etc/phpMyAdmin/config.inc.php

@@ -0,0 +1,153 @@
+<?php
+/**
+ * phpMyAdmin sample configuration, you can use it as base for
+ * manual configuration. For easier setup you can use setup/
+ *
+ * All directives are explained in documentation in the doc/ folder
+ * or at <https://docs.phpmyadmin.net/>.
+ */
+
+declare(strict_types=1);
+
+/**
+ * This is needed for cookie based authentication to encrypt password in
+ * cookie. Needs to be 32 chars long.
+ */
+$cfg['blowfish_secret'] = '22ba7cd24c092bec00a83751012d0082'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+
+/**
+ * Servers configuration
+ */
+$i = 0;
+
+/**
+ * First server
+ */
+$i++;
+/* Authentication type */
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+/* Server parameters */
+$cfg['Servers'][$i]['host'] = 'localhost';
+$cfg['Servers'][$i]['compress'] = false;
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+/**
+ * phpMyAdmin configuration storage settings.
+ */
+
+/* User used to manipulate with storage */
+// $cfg['Servers'][$i]['controlhost'] = '';
+// $cfg['Servers'][$i]['controlport'] = '';
+// $cfg['Servers'][$i]['controluser'] = 'pma';
+// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
+
+/* Storage database and tables */
+// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+// $cfg['Servers'][$i]['relation'] = 'pma__relation';
+// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
+// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+// $cfg['Servers'][$i]['history'] = 'pma__history';
+// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+// $cfg['Servers'][$i]['recent'] = 'pma__recent';
+// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
+// $cfg['Servers'][$i]['users'] = 'pma__users';
+// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
+// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
+// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
+// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
+// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
+// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
+
+/**
+ * End of servers configuration
+ */
+
+/**
+ * Directories for saving/loading files from server
+ */
+$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
+$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
+
+/**
+ * Whether to display icons or text or both icons and text in table row
+ * action segment. Value can be either of 'icons', 'text' or 'both'.
+ * default = 'both'
+ */
+//$cfg['RowActionType'] = 'icons';
+
+/**
+ * Defines whether a user should be displayed a "show all (records)"
+ * button in browse mode or not.
+ * default = false
+ */
+//$cfg['ShowAll'] = true;
+
+/**
+ * Number of rows displayed when browsing a result set. If the result
+ * set contains more rows, "Previous" and "Next".
+ * Possible values: 25, 50, 100, 250, 500
+ * default = 25
+ */
+//$cfg['MaxRows'] = 50;
+
+/**
+ * Disallow editing of binary fields
+ * valid values are:
+ *   false    allow editing
+ *   'blob'   allow editing except for BLOB fields
+ *   'noblob' disallow editing except for BLOB fields
+ *   'all'    disallow editing
+ * default = 'blob'
+ */
+//$cfg['ProtectBinary'] = false;
+
+/**
+ * Default language to use, if not browser-defined or user-defined
+ * (you find all languages in the locale folder)
+ * uncomment the desired line:
+ * default = 'en'
+ */
+//$cfg['DefaultLang'] = 'en';
+//$cfg['DefaultLang'] = 'de';
+
+/**
+ * How many columns should be used for table display of a database?
+ * (a value larger than 1 results in some information being hidden)
+ * default = 1
+ */
+//$cfg['PropertiesNumColumns'] = 2;
+
+/**
+ * Set to true if you want DB-based query history.If false, this utilizes
+ * JS-routines to display query history (lost by window close)
+ *
+ * This requires configuration storage enabled, see above.
+ * default = false
+ */
+//$cfg['QueryHistoryDB'] = true;
+
+/**
+ * When using DB-based query history, how many entries should be kept?
+ * default = 25
+ */
+//$cfg['QueryHistoryMax'] = 100;
+
+/**
+ * Whether or not to query the user before sending the error report to
+ * the phpMyAdmin team when a JavaScript error occurs
+ *
+ * Available options
+ * ('ask' | 'always' | 'never')
+ * default = 'ask'
+ */
+//$cfg['SendErrorReports'] = 'always';
+
+/**
+ * You can find more configuration options in the documentation
+ * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
+ */

templates/Fedora/42/usr/lib/systemd/system/mariadb-copytls.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Copy TLS Certificates for Mariadb
+
+[Service]
+Type=oneshot
+ExecStartPre=mkdir -p /etc/my.cnf.d/certificates
+ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/'
+ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates
+
+[Install]
+WantedBy=mariadb.service

templates/Fedora/42/usr/lib/systemd/system/mariadb-copytls.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Copy TLS Certificates for Mariadb
+
+[Timer]
+OnUnitActiveSec=5min
+
+[Install]
+WantedBy=mariadb.service

templates/Fedora/42/usr/lib/systemd/system/mariadb.service

@@ -0,0 +1,64 @@
+# It's not recommended to modify this file in-place, because it will be
+# overwritten during package upgrades.  If you want to customize, the
+# best way is to:
+#
+# root> systemctl edit mariadb.service
+#
+# Then add additonal directives under a section (probably [Service]).
+#
+# For more info about custom unit files, see systemd.unit(5) or
+# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
+#
+# For example, if you want to increase MariaDB's open-files-limit to 10000,
+# you need to increase systemd's LimitNOFILE setting, use the contents below:
+#
+#	[Service]
+#	LimitNOFILE=10000
+#
+
+[Unit]
+Description=MariaDB 10.11 database server
+Documentation=man:mariadbd(8)
+Documentation=https://mariadb.com/kb/en/library/systemd/
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+Alias=mysql.service
+Alias=mysqld.service
+
+[Service]
+Type=notify
+User=mysql
+Group=mysql
+
+ExecStartPre=/usr/libexec/mariadb-check-socket
+# '%n' expands to 'Full unit name'; man systemd.unit
+ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n
+# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
+# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
+# per bug #547485
+ExecStart=/usr/libexec/mariadbd --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
+ExecStartPost=/usr/libexec/mariadb-check-upgrade
+
+# Setting this to true can break replication and the Type=notify settings
+# See also bind-address MariaDB option.
+PrivateNetwork=false
+
+KillSignal=SIGTERM
+
+# Don't want to see an automated SIGKILL ever
+SendSIGKILL=no
+
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
+
+UMask=007
+
+# Give a reasonable amount of time for the server to start up/shut down
+TimeoutSec=300
+
+# Place temp files in a secure directory, not /tmp
+PrivateTmp=true

templates/Fedora/42/usr/lib/systemd/system/mariadb@.service

@@ -0,0 +1,85 @@
+# Multi instance version of MariaDB. For if you run mutiple verions at once.
+# Also used for mariadb@bootstrap to bootstrap Galera.
+#
+# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in
+# /etc/@my.cnf  to change per instance settings. A minimumal necessary
+# configuration items to change to avoid conflicts between instances is:
+#
+#       [mariadbd.instancename]
+#       # TCP port to make available for clients
+#       port=3306
+#       # Socket to make available for clients
+#       socket=/tmp/mariadb-instancename.sock
+#       # Where MariaDB should store all its data
+#       datadir=/usr/local/mariadb-instancename/data
+#
+# and start the service via:
+#
+# root> systemctl start mariadb@{instancename}.server
+#
+# It's not recommended to modify this file in-place, because it will be
+# overwritten during package upgrades.  If you want to customize, for
+# all instances, the best way is:
+#
+# root> systemctl edit mariadb@.service
+#
+# Then add additonal directives under a section (probably [Service]).
+#
+# If you only want to change a specific instance:
+#
+# root>	systemctl edit mariadb@{instancename}.server
+#
+# For more info about custom unit files, see systemd.unit(5) or
+# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
+#
+# For example, if you want to increase MariaDB's open-files-limit to 10000,
+# you need to increase systemd's LimitNOFILE setting, use the contents below:
+#
+#	[Service]
+#	LimitNOFILE=10000
+
+[Unit]
+Description=MariaDB 10.11 database server
+Documentation=man:mariadbd(8)
+Documentation=https://mariadb.com/kb/en/library/systemd/
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+Alias=mysql.service
+Alias=mysqld.service
+
+[Service]
+Type=notify
+User=mysql
+Group=mysql
+
+ExecStartPre=/usr/libexec/mariadb-check-socket --defaults-group-suffix=.%I
+ExecStartPre=/usr/libexec/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n
+# MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb@.service.d/MY_SPECIAL.conf
+# Note: we set --basedir to prevent probes that might trigger SELinux alarms,
+# per bug #547485
+ExecStart=/usr/libexec/mariadbd --defaults-group-suffix=.%I --basedir=/usr $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
+ExecStartPost=/usr/libexec/mariadb-check-upgrade --defaults-group-suffix=.%I
+
+# Setting this to true can break replication and the Type=notify settings
+# See also bind-address MariaDB option.
+PrivateNetwork=false
+
+KillSignal=SIGTERM
+
+# Don't want to see an automated SIGKILL ever
+SendSIGKILL=no
+
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
+
+UMask=007
+
+# Give a reasonable amount of time for the server to start up/shut down
+TimeoutSec=300
+
+# Place temp files in a secure directory, not /tmp
+PrivateTmp=true

vars/Fedora-42-default.yml

@@ -0,0 +1,130 @@
+---
+# vars file for ensure_mariadb
+package_list:
+  - name: 'mariadb'
+    state: 'present'
+  - name: 'mariadb-server'
+    state: 'present'
+  - name: 'phpMyAdmin'
+    state: 'present'
+firewall_list:
+  - permanent: 'yes'
+    service: 'mysql'
+    state: 'enabled'
+service_list:
+  - name: 'httpd.service'
+    state: 'started'
+    enabled: 'yes'
+  - name: 'httpd-reload.timer'
+    state: 'started'
+    enabled: 'yes'
+  - name: 'php-fpm.service'
+    state: 'started'
+    enabled: 'yes'
+  - name: 'mariadb-copytls.service'
+    state: 'started'
+    enabled: 'yes'
+  - name: 'mariadb.service'
+    state: 'started'
+    enabled: 'yes'
+template_list:
+  - dest: '/etc/my.cnf.d/client.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/client.cnf'
+  - dest: '/etc/my.cnf.d/mariadb-server.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/mariadb-server.cnf'
+  - dest: '/etc/my.cnf.d/mysql-clients.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/mysql-clients.cnf'
+  - dest: '/etc/my.cnf.d/spider.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/spider.cnf'
+  - dest: '/etc/my.cnf.d/enable_encryption.preset'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/enable_encryption.preset'
+  - dest: '/etc/my.cnf.d/cracklib_password_check.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/cracklib_password_check.cnf'
+  - dest: '/etc/my.cnf.d/auth_gssapi.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/auth_gssapi.cnf'
+  - dest: '/etc/my.cnf.d/hashicorp_key_management.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/hashicorp_key_management.cnf'
+  - dest: '/etc/my.cnf.d/provider_bzip2.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_bzip2.cnf'
+  - dest: '/etc/my.cnf.d/provider_lz4.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lz4.cnf'
+  - dest: '/etc/my.cnf.d/provider_lzma.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lzma.cnf'
+  - dest: '/etc/my.cnf.d/provider_lzo.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_lzo.cnf'
+  - dest: '/etc/my.cnf.d/provider_snappy.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf.d/provider_snappy.cnf'
+  - dest: '/etc/phpMyAdmin/config.inc.php'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/phpMyAdmin/config.inc.php'
+  - dest: '/etc/my.cnf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/my.cnf'
+  - dest: '/etc/httpd/conf.d/phpMyAdmin.conf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/httpd/conf.d/phpMyAdmin.conf'
+  - dest: '/usr/lib/systemd/system/mariadb.service'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb.service'
+  - dest: '/usr/lib/systemd/system/mariadb@.service'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb@.service'
+  - dest: '/usr/lib/systemd/system/mariadb-copytls.timer'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb-copytls.timer'
+  - dest: '/usr/lib/systemd/system/mariadb-copytls.service'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/usr/lib/systemd/system/mariadb-copytls.service'