Ansible role for configuring Matomo, formerly known as Piwik.
This role configures Matomo, formerly known as Piwik, and optionally handle the configuration of MySQL and Nginx for minimal installations. It then download a given release and complete the manual installation process automatically thanks to the uri module.
What is not automatic yet:
- Configuration of the geoip database ;
- Configuration of the trusted sites ;
- User creation.
Automatic testing is provided using molecule's delegated driver and https://builds.sr.ht.
For now only the converge step is implemented.
It should be noted that this role is not idempotent yet.
- python3-openssl
- php
- php-curl
- php-gd
- php-cli
- php-mysql
- php-xml
- php-mbstring
- php-fpm
- python3-mysqldb
- mysql-server
- nginx
- tar
Nginx is listed as an example, any http server implementing FastCGI will work.
- php
- php-gd
- php-pdo-mysql
- php-curl
- gtar
Matomo can be installed in a chroot and works fine with OpenBSD's httpd.
| Variable | Description | Default |
|---|---|---|
matomo_mysql_database |
Optional definition of the database name | matomodata |
matomo_mysql_user |
Optional name for mysql user | matomo |
matomo_mysql_password |
Password for matomo_mysql_user |
|
matomo_name |
The domain name pointing to matomo | mandatory |
matomo_superuser_user |
Name for matomo superuser | mandatory |
matomo_superuser_password |
Password for matomo_superuser_user |
mandatory |
matomo_superuser_email |
Email address for matomo_superuser_user |
mandatory |
matomo_version |
The specific matomo version to install | "3.9.0" |
matomo_proxy |
Configure matomo to use the X-Forwarded-For header | no |
mysql_rescue_user |
Optional rescue mysql user with SUPER and PROCESS rights on matomo_mysql_database. Only used if matomo_bypass_mysql is not yes. |
`` |
mysql_rescue_password |
Password for mysql_rescue_user. Only used if matomo_bypass_mysql is not yes. |
`` |
matomo_bypass_mysql |
Do not configure mysql | yes |
matomo_bypass_nginx |
Do not configure nginx | yes |
matomo_www_directory |
Matomo install directory | /var/www |
matomo_php_interpreter |
Path to PHP | {{ __matomo_php_interpreter }} |
| Variable | Default |
|---|---|
__matomo_php_interpreter |
/usr/bin/php |
| Variable | Default |
|---|---|
__matomo_php_interpreter |
/usr/local/bin/php-7.3 |
Any role configuring MySQL, such as:
- geerlingguy.mysql
- tleguern.mysql
Any role configuring a web server, such as:
- geerlingguy.nginx
- reallyenglish.ansible-role-httpd
A role configuring PHP is a plus.
Minimal installation with included lightweight configuration of Nginx and MySQL on Debian:
- hosts: matomo
vars:
matomo_mysql_password: "{{ vaulted_matomo_mysql_password }}"
matomo_superuser_user: matomo_admin
matomo_superuser_password: "{{ vaulted_matomo_superuser_password }}"
matomo_name: stats.example.org
roles:
- role: tleguern.matomoRegular installation on OpenBSD. Additional steps are needed once the installation is over to open the web server to the Internet:
- hosts: matomo
vars:
matomo_mysql_password: matomo
matomo_superuser_password: adminadmin42
matomo_version: "3.9.0"
matomo_name: localhost
matomo_superuser_email: admin@example.org
mysql_databases:
- name: "{{ matomo_mysql_database }}"
mysql_users:
- name: "{{ matomo_mysql_user }}"
password: "{{ matomo_mysql_password }}"
priv: "*.*:FILE/{{ matomo_mysql_database }}.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,CREATE\ TEMPORARY\ TABLES,LOCK\ TABLES"
mysql_db_admin_password: adminpassword
httpd_conf_domains:
- name: matomo
config: |
listen on 127.0.0.1 port 80
directory index index.php
root "/matomo"
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
pre_tasks:
- name: Configure pdo_mysql
file:
src: "/etc/php-7.3.sample/{{ item }}"
dest: "/etc/php-7.3/{{ item }}"
state: link
loop: ['pdo_mysql.ini', 'gd.ini', 'curl.ini']
- name: Start php-fpm
service:
name: php73_fpm
state: started
enabled: yes
roles:
- role: tleguern.mysql
- role: reallyenglish.ansible-role-httpd
- role: tleguern.matomoISC
Either send send GitHub pull requests or send patches on SourceHut.
Written by Tristan Le Guern on behalf of Deveryware.