passwords = data_bag_item("matomo", "passwords")
package %w[
+ brotli
+ gzip
php-cli
php-curl
php-mbstring
]
apache_module "expires"
+apache_module "proxy"
+apache_module "proxy_fcgi"
apache_module "rewrite"
version = node[:matomo][:version]
geoip_directory = node[:geoipupdate][:directory]
-directory "/opt/matomo-#{version}" do
- owner "root"
- group "root"
- mode "0755"
-end
-
remote_file "#{Chef::Config[:file_cache_path]}/matomo-#{version}.zip" do
source "https://builds.matomo.org/matomo-#{version}.zip"
- not_if { ::File.exist?("/opt/matomo-#{version}/matomo") }
end
archive_file "#{Chef::Config[:file_cache_path]}/matomo-#{version}.zip" do
destination "/opt/matomo-#{version}"
- overwrite true
- owner "root"
- group "root"
- not_if { ::File.exist?("/opt/matomo-#{version}/matomo") }
+ notifies :run, "notify_group[matomo-updated]"
end
node[:matomo][:plugins].each do |plugin_name, plugin_version|
end
archive_file "#{Chef::Config[:file_cache_path]}/matomo-#{plugin_name}-#{plugin_version}.zip" do
- action :nothing
- destination "/opt/matomo-#{version}/matomo/plugins"
- overwrite true
- owner "root"
- group "root"
- subscribes :extract, "remote_file[#{Chef::Config[:file_cache_path]}/matomo-#{plugin_name}-#{plugin_version}.zip]", :immediately
+ destination "/opt/matomo-#{plugin_name}-#{plugin_version}"
end
-end
-execute "/opt/matomo-#{version}/matomo/matomo.js" do
- command "gzip -k -9 /opt/matomo-#{version}/matomo/matomo.js"
- cwd "/opt/matomo-#{version}"
- user "root"
- group "root"
- not_if { ::File.exist?("/opt/matomo-#{version}/matomo/matomo.js.gz") }
-end
-
-execute "/opt/matomo-#{version}/matomo/piwik.js" do
- command "gzip -k -9 /opt/matomo-#{version}/matomo/piwik.js"
- cwd "/opt/matomo-#{version}"
- user "root"
- group "root"
- not_if { ::File.exist?("/opt/matomo-#{version}/matomo/piwik.js.gz") }
+ link "/opt/matomo-#{version}/matomo/plugins/#{plugin_name}" do
+ to "/opt/matomo-#{plugin_name}-#{plugin_version}/#{plugin_name}"
+ notifies :run, "notify_group[matomo-updated]"
+ end
end
directory "/opt/matomo-#{version}/matomo/config" do
variables :passwords => passwords,
:directory => "/opt/matomo-#{version}/matomo",
:plugins => node[:matomo][:plugins].keys.sort
+ notifies :run, "notify_group[matomo-updated]"
end
directory "/opt/matomo-#{version}/matomo/tmp" do
mode "0750"
end
+directory "/opt/matomo-#{version}/matomo/tmp/cache" do
+ owner "www-data"
+ group "www-data"
+ mode "0750"
+end
+
link "/opt/matomo-#{version}/matomo/misc/GeoLite2-ASN.mmdb" do
to "#{geoip_directory}/GeoLite2-ASN.mmdb"
end
to "#{geoip_directory}/GeoLite2-Country.mmdb"
end
-link "/srv/matomo.openstreetmap.org" do
- to "/opt/matomo-#{version}/matomo"
- notifies :restart, "service[php#{node[:php][:version]}-fpm]"
-end
-
mysql_user "piwik@localhost" do
password passwords["database"]
end
permissions "piwik@localhost" => :all
end
+notify_group "matomo-updated"
+
+if File.symlink?("/srv/matomo.openstreetmap.org")
+ execute "core:update" do
+ action :nothing
+ command "/opt/matomo-#{version}/matomo/console core:update --yes"
+ user "www-data"
+ group "www-data"
+ subscribes :run, "notify_group[matomo-updated]"
+ end
+
+ execute "custom-matomo-js:update" do
+ action :nothing
+ command "/opt/matomo-#{version}/matomo/console custom-matomo-js:update"
+ user "root"
+ group "root"
+ subscribes :run, "execute[core:update]"
+ end
+
+ execute "/opt/matomo-#{version}/matomo/matomo.br" do
+ action :nothing
+ command "brotli --keep --force --best /opt/matomo-#{version}/matomo/matomo.js"
+ cwd "/opt/matomo-#{version}"
+ user "root"
+ group "root"
+ subscribes :run, "execute[custom-matomo-js:update]"
+ end
+
+ execute "/opt/matomo-#{version}/matomo/matomo.js" do
+ action :nothing
+ command "gzip --keep --force --best /opt/matomo-#{version}/matomo/matomo.js"
+ cwd "/opt/matomo-#{version}"
+ user "root"
+ group "root"
+ subscribes :run, "execute[custom-matomo-js:update]"
+ end
+
+ execute "/opt/matomo-#{version}/matomo/piwik.br" do
+ action :nothing
+ command "brotli --keep --force --best /opt/matomo-#{version}/matomo/piwik.js"
+ cwd "/opt/matomo-#{version}"
+ user "root"
+ group "root"
+ subscribes :run, "execute[custom-matomo-js:update]"
+ end
+
+ execute "/opt/matomo-#{version}/matomo/piwik.js" do
+ action :nothing
+ command "gzip --keep --force --best /opt/matomo-#{version}/matomo/piwik.js"
+ cwd "/opt/matomo-#{version}"
+ user "root"
+ group "root"
+ subscribes :run, "execute[custom-matomo-js:update]"
+ end
+end
+
+link "/srv/matomo.openstreetmap.org" do
+ to "/opt/matomo-#{version}/matomo"
+ notifies :restart, "service[php#{node[:php][:version]}-fpm]"
+end
+
ssl_certificate "matomo.openstreetmap.org" do
domains ["matomo.openstreetmap.org", "matomo.osm.org",
"piwik.openstreetmap.org", "piwik.osm.org"]
template "apache.erb"
end
-cron_d "matomo" do
- minute "5"
+systemd_service "matomo-archive" do
+ description "Matomo report archiving"
+ exec_start "/usr/bin/php /srv/matomo.openstreetmap.org/console core:archive --url=https://matomo.openstreetmap.org/"
user "www-data"
- command "/usr/bin/php /srv/matomo.openstreetmap.org/console core:archive --quiet --url=https://matomo.openstreetmap.org/"
+ sandbox true
+ proc_subset "all"
+ memory_deny_write_execute false
+ restrict_address_families "AF_UNIX"
+ read_write_paths "/opt/matomo-#{version}/matomo/tmp"
+end
+
+systemd_timer "matomo-archive" do
+ description "Matomo report archiving"
+ on_boot_sec "30m"
+ on_unit_inactive_sec "30m"
+end
+
+service "matomo-archive.timer" do
+ action [:enable, :start]
end
projects / chef.git / blobdiff