diff --git a/docs/services/plausible.md b/docs/services/plausible.md new file mode 100644 index 0000000..43690db --- /dev/null +++ b/docs/services/plausible.md @@ -0,0 +1,64 @@ +# Plausible Analytics + +[Plausible Analytics](https://plausible.io/) is intuitive, lightweight and open source web analytics. No cookies and fully compliant with GDPR, CCPA and PECR. + +With this playbook, you can install the [Community Edition](https://plausible.io/blog/community-edition) of Plausible Analytics. + + +## Dependencies + +This service requires the following other services: + +- a [Postgres](postgres.md) database +- a [ClickHouse](clickhouse.md) database +- a [Traefik](traefik.md) reverse-proxy server +- (optional) the [exim-relay](exim-relay.md) mailer + + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# plausible # +# # +######################################################################## + +plausible_enabled: true + +plausible_hostname: plausible.example.com + +# Generate this with: `openssl rand -base64 48` +plausible_environment_variable_secret_key_base: '' + +# Generate this with: `openssl rand -base64 32` +plausible_environment_variable_totp_vault_key: '' + +# Controls which user ids will be system admins +# By default, only the first user (`1`) to be registered will be made an admin. +# plausible_environment_variable_admin_user_ids: '1,2,3' + +######################################################################## +# # +# /plausible # +# # +######################################################################## +``` + +In the example configuration above, we configure the service to be hosted at `https://plausible.example.com`. + +The Ansible role for Plausible Analytics contains a `plausible_path_prefix` variable for hosting at a subdirectory, but this is not implemented yet. See the comments about `plausible_path_prefix` in [ansible-role-plausible](https://github.com/mother-of-all-self-hosting/ansible-role-plausible)'s `defaults/main.yml` file. + + +## Usage + +After [installation](../installing.md), you should be able to access your new Plausible Analytics instance at the URL you've chosen. + +You should then be able to create your first user account, which will be created as an admin (see the details about `plausible_environment_variable_admin_user_ids` above). + +After logging in with your user account you can create properties (websites) and invite other users by email. +By default, the system is configured to allow registrations that are coming from an explicit invitation, while public registrations are disabled. This can be controlled via the `plausible_environment_variable_disable_registration` variable. + +For additional configuration options, refer to [ansible-role-plausible](https://github.com/mother-of-all-self-hosting/ansible-role-plausible)'s `defaults/main.yml` file. diff --git a/docs/supported-services.md b/docs/supported-services.md index c6dc358..f815064 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -58,6 +58,7 @@ | [OxiTraffic](https://codeberg.org/mo8it/oxitraffic) | [OxiTraffic](https://codeberg.org/mo8it/oxitraffic) is a self-hosted, simple and privacy respecting website traffic tracker. | [Link](services/oxitraffic.md) | | [Paperless-ngx](https://paperless-ngx.com) | [Paperless-ngx](https://paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. | [Link](services/paperless-ngx.md) | | [PeerTube](https://joinpeertube.org/) | A tool for sharing online videos | [Link](services/peertube.md) | +| [Plausible Analytics](https://plausible.io/) | Intuitive, lightweight and open source web analytics | [Link](services/plausible.md) | | [Postgis](https://postgis.net/) | A spatial database extender for PostgreSQL object-relational database | [Link](services/postgis.md) | | [Postgres](https://www.postgresql.org) | A powerful, open source object-relational database system | [Link](services/postgres.md) | | [Postgres Backup](https://github.com/prodrigestivill/docker-postgres-backup-local) | A solution for backing up PostgresSQL to local filesystem with periodic backups. | [Link](services/postgres-backup.md) | diff --git a/templates/group_vars_mash_servers b/templates/group_vars_mash_servers index 3b6a3f4..3767921 100644 --- a/templates/group_vars_mash_servers +++ b/templates/group_vars_mash_servers @@ -503,6 +503,11 @@ mash_playbook_devture_systemd_service_manager_services_list_auto_itemized: {{ ({'name': (postgis_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'postgis']} if postgis_enabled else omit) }} # /role-specific:postgis + # role-specific:plausible + - |- + {{ ({'name': (plausible_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'plausible']} if plausible_enabled else omit) }} + # /role-specific:plausible + # role-specific:prometheus - |- {{ ({'name': (prometheus_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'metrics', 'prometheus']} if prometheus_enabled else omit) }} @@ -905,6 +910,17 @@ mash_playbook_devture_postgres_managed_databases_auto_itemized: }} # /role-specific:peertube + # role-specific:plausible + - |- + {{ + ({ + 'name': plausible_database_name, + 'username': plausible_database_username, + 'password': plausible_database_password, + } if plausible_enabled else omit) + }} + # /role-specific:plausible + # role-specific:prometheus_postgres_exporter - |- {{ @@ -1631,10 +1647,24 @@ clickhouse_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_ba clickhouse_uid: "{{ mash_playbook_uid }}" clickhouse_gid: "{{ mash_playbook_gid }}" -# This will be extended in the future, to auto-create databases for services which depend on MariaDB. -# See `devture_postgres_managed_databases_auto` -# TODO -# clickhouse_managed_databases_auto: [] +clickhouse_managed_databases_auto_itemized: + # Dummy entry, which is not role-specific. + # Ensures there's at least one entry defined in the list. + - "{{ omit }}" + + # role-specific:plausible + - |- + {{ + ({ + 'name': plausible_clickhouse_database_name, + 'username': plausible_clickhouse_database_username, + 'password': plausible_clickhouse_database_password, + 'additional_sql': ('GRANT SELECT ON system.replicas TO ' + plausible_clickhouse_database_username + '; GRANT SELECT ON system.parts TO ' + plausible_clickhouse_database_username + ';') + } if plausible_enabled and plausible_clickhouse_database_hostname == clickhouse_identifier else omit) + }} + # /role-specific:plausible + +clickhouse_managed_databases_auto: "{{ clickhouse_managed_databases_auto_itemized | reject('equalto', omit) }}" ######################################################################## # # @@ -4253,6 +4283,76 @@ peertube_config_smtp_from: "{{ exim_relay_sender_address if exim_relay_enabled e # /role-specific:peertube +# role-specific:plausible +######################################################################## +# # +# plausible # +# # +######################################################################## + +plausible_enabled: false + +plausible_identifier: "{{ mash_playbook_service_identifier_prefix }}plausible" + +plausible_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}plausible" + +plausible_uid: "{{ mash_playbook_uid }}" +plausible_gid: "{{ mash_playbook_gid }}" + +plausible_systemd_required_systemd_services_list_auto: | + {{ + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled and plausible_database_hostname == devture_postgres_identifier else []) + + + ([clickhouse_identifier ~ '.service'] if clickhouse_enabled | default(false) and plausible_clickhouse_database_hostname == clickhouse_identifier| default('mash-clickhouse') else []) + }} + +plausible_systemd_wanted_systemd_services_list_auto: | + {{ + ([(exim_relay_identifier | default('mash-exim-relay')) ~ '.service'] if (exim_relay_enabled | default(false) and plausible_environment_variable_smtp_host_addr == exim_relay_identifier | default('mash-exim-relay')) else []) + }} + +plausible_container_additional_networks_auto: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and plausible_database_hostname == devture_postgres_identifier and plausible_container_network != devture_postgres_container_network else []) + + + ([clickhouse_container_network | default('mash-clickhouse')] if (clickhouse_enabled | default(false) and plausible_clickhouse_database_hostname == clickhouse_identifier | default('mash-clickhouse') and plausible_container_network != clickhouse_container_network | default('mash-clickhouse')) else []) + + + ([exim_relay_container_network | default('mash-exim-relay')] if (exim_relay_enabled | default(false) and plausible_environment_variable_smtp_host_addr == exim_relay_identifier | default('mash-exim-relay') and plausible_container_network != exim_relay_container_network) else []) + }} + +plausible_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +plausible_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +plausible_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +plausible_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +plausible_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +plausible_database_password: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'plausible.db', rounds=655555) | to_uuid) if devture_postgres_enabled else '' }}" + +# role-specific:clickhouse +plausible_clickhouse_database_hostname: "{{ clickhouse_identifier if clickhouse_enabled else '' }}" +plausible_clickhouse_database_password: "{{ ('%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'plaus.clk.db', rounds=655555) | to_uuid) if clickhouse_enabled else '' }}" +# /role-specific:clickhouse + +# role-specific:exim_relay +# As of 2024-06-28, only `Bamboo.SMTPAdapter` behaves well when no SMTP username/password AUTH is required (as is the case for exim-relay). +# The Bamboo.Mua SMTP adapter is more modern, but always sends authentication, even when the SMTP user is empty. +plausible_environment_variable_mailer_adapter: "{{ 'Bamboo.SMTPAdapter' if exim_relay_enabled else 'Bamboo.LocalAdapter' }}" +plausible_environment_variable_mailer_email: "{{ exim_relay_sender_address if exim_relay_enabled else '' }}" +plausible_environment_variable_smtp_host_addr: "{{ exim_relay_identifier if exim_relay_enabled else '' }}" +plausible_environment_variable_smtp_host_port: "{{ 8025 if exim_relay_enabled else '587' }}" +plausible_environment_variable_smtp_host_ssl_enabled: false +# /role-specific:exim_relay + +######################################################################## +# # +# /plausible # +# # +######################################################################## +# /role-specific:plausible + + # role-specific:postgis ######################################################################## diff --git a/templates/requirements.yml b/templates/requirements.yml index 922c5b5..709dba0 100644 --- a/templates/requirements.yml +++ b/templates/requirements.yml @@ -247,6 +247,10 @@ version: v6.1.0-1 name: peertube activation_prefix: peertube_ +- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-plausible.git + version: v2.1.1-0 + name: plausible + activation_prefix: plausible_ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git version: 201c939eed363de269a83ba29784fc3244846048 name: playbook_help diff --git a/templates/setup.yml b/templates/setup.yml index be241d5..1d24d4c 100644 --- a/templates/setup.yml +++ b/templates/setup.yml @@ -311,6 +311,10 @@ - role: galaxy/peertube # /role-specific:peertube + # role-specific:plausible + - role: galaxy/plausible + # /role-specific:plausible + # role-specific:postgis - role: galaxy/postgis # /role-specific:postgis