From: Alexander Barton <alex@barton.de>
Date: Fri, 19 May 2017 13:19:36 +0000 (+0200)
Subject: New "piwik" role
X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=AnsibleRoles.git;a=commitdiff_plain;h=c883fc6fdb08458201d8b41dbdf3e6c544fac5f6

New "piwik" role
---

diff --git a/README.md b/README.md
index 4f4d33f..6d64b5f 100644
--- a/README.md
+++ b/README.md
@@ -260,6 +260,31 @@ Generic "base role" for the operating system, pulls in the actual OS and
 distribution specific role (e. g. "debian-base").
 
 
+### piwik
+
+#### Depends on / Pulls in
+
+ - os-base
+ - apache2-php5
+
+#### Installed Packages
+
+ - piwik
+
+#### Variables
+
+ - `piwik_apt_repository`
+ - `piwik_vhost_ipa`
+ - `piwik_vhost_port`
+ - `piwik_vhost_fqdn`
+ - `piwik_admin_email`
+ - `piwik_db_host`: Initial database host.
+ - `piwik_db_user`: Initial database user.
+ - `piwik_db_password`: Initial database password.
+ - `piwik_db_name`: Initial database name.
+ - `piwik_trusted_hosts`: Initial list of trusted hosts.
+
+
 ### postfix
 
 Postfix SMTP server setup.
diff --git a/roles/piwik/defaults/main.yml b/roles/piwik/defaults/main.yml
new file mode 100644
index 0000000..fded36d
--- /dev/null
+++ b/roles/piwik/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+# defaults file for piwik
+
+piwik_apt_repository: "http://debian.piwik.org/"
+
+piwik_vhost_ipa: "*"
+piwik_vhost_port: 80
+piwik_vhost_fqdn: "{{ inventory_hostname }}"
+
+piwik_admin_email: "root@{{ inventory_hostname }}"
+
+piwik_db_host: "localhost"
+piwik_db_user: "piwik"
+piwik_db_password: "piwik"
+piwik_db_name: "piwik"
+
+piwik_trusted_hosts:
+  - "{{ piwik_vhost_fqdn }}"
diff --git a/roles/piwik/files/htaccess b/roles/piwik/files/htaccess
new file mode 100644
index 0000000..df1618b
--- /dev/null
+++ b/roles/piwik/files/htaccess
@@ -0,0 +1,24 @@
+# This file is auto generated by Piwik, do not edit directly
+# Please report any issue or improvement directly to the Piwik team.
+
+# First, deny access to all files in this directory
+<Files "*">
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		Order Deny,Allow
+		Deny from All
+	</IfVersion>
+	<IfVersion >= 2.4>
+		Require all denied
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		Order Deny,Allow
+		Deny from All
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+</IfModule>
+</Files>
diff --git a/roles/piwik/files/piwik.gpg b/roles/piwik/files/piwik.gpg
new file mode 100644
index 0000000..643cf38
Binary files /dev/null and b/roles/piwik/files/piwik.gpg differ
diff --git a/roles/piwik/meta/main.yml b/roles/piwik/meta/main.yml
new file mode 100644
index 0000000..1a7d29e
--- /dev/null
+++ b/roles/piwik/meta/main.yml
@@ -0,0 +1,6 @@
+---
+# meta file for piwik
+
+dependencies:
+  - { role: os-base }
+  - { role: apache2-php5 }
diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
new file mode 100644
index 0000000..6442168
--- /dev/null
+++ b/roles/piwik/tasks/main.yml
@@ -0,0 +1,123 @@
+---
+# tasks file for piwik
+
+- name: install "apt-transport-https" and "ca-certificates"
+  tags:
+    - docker
+    - packages
+  apt: >
+    name={{ item }}
+    state=installed
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+  when: piwik_apt_repository.startswith("https://")
+
+- name: install Piwik repository GnuPG key
+  tags:
+    - piwik
+    - packages
+  copy: >
+    dest=/etc/apt/trusted.gpg.d/
+    group=root
+    mode=0644
+    owner=root
+    src=piwik.gpg
+  notify:
+    - update APT repositories
+
+- name: install Piwik repository configuration
+  tags:
+    - piwik
+    - packages
+  template: >
+    dest=/etc/apt/sources.list.d/piwik.list
+    group=root
+    mode=0644
+    owner=root
+    src=piwik.list.j2
+  notify:
+    - update APT repositories
+
+- meta: flush_handlers
+  tags:
+    - piwik
+    - packages
+
+- name: install "piwik"
+  tags:
+    - piwik
+    - packages
+  apt: >
+    name=piwik
+    state=installed
+
+- name: install Piwik configuration
+  tags:
+    - piwik
+  template: >
+    dest=/etc/piwik/config.ini.php
+    force=no
+    group=www-data
+    mode=0664
+    owner=root
+    src=config.ini.php.j2
+
+- name: install Piwik "htaccess" configuration
+  tags:
+    - piwik
+  copy: >
+    dest=/etc/piwik/.htaccess
+    force=no
+    group=www-data
+    mode=0664
+    owner=root
+    src=htaccess
+
+- name: make JavaScript tracker writable
+  tags:
+    - piwik
+  file: >
+    group=www-data
+    mode=0664
+    owner=root
+    path=/usr/share/piwik/piwik.js
+
+- name: install Apache VHost configuration for Piwik
+  tags:
+    - piwik
+    - apache
+  template: >
+    dest=/etc/apache2/sites-available/piwik.conf
+    group=root
+    mode=0644
+    owner=root
+    src=apache2_piwik_vhost.conf.j2
+  notify:
+    - restart "apache2"
+
+- name: enable Apache VHost configuration for Piwik
+  tags:
+    - piwik
+    - apache
+  file: >
+    dest=/etc/apache2/sites-enabled/piwik.conf
+    group=root
+    owner=root
+    src=/etc/apache2/sites-available/piwik.conf
+    state=link
+  notify:
+    - restart "apache2"
+
+- name: install Piwik PHP configuration
+  tags:
+    - php
+    - piwik
+  template: >
+    dest=/etc/php5/apache2/conf.d/99-piwik.ini
+    group=root
+    mode=0644
+    owner=root
+    src=php_piwik.ini.j2
+  notify:
+    - restart "apache2"
diff --git a/roles/piwik/templates/apache2_piwik_vhost.conf.j2 b/roles/piwik/templates/apache2_piwik_vhost.conf.j2
new file mode 100644
index 0000000..77aaae3
--- /dev/null
+++ b/roles/piwik/templates/apache2_piwik_vhost.conf.j2
@@ -0,0 +1,17 @@
+# /etc/apache2/sites-available/piwik.conf
+# ---
+#  {{ ansible_managed }}
+# ---
+
+<VirtualHost {{piwik_vhost_ipa}}:{{piwik_vhost_port}}>
+	ServerAdmin {{piwik_admin_email}}
+	ServerName {{piwik_vhost_fqdn}}
+
+	DocumentRoot /usr/share/piwik
+
+	Include /etc/piwik/apache.conf
+
+	CustomLog /var/log/apache2/piwik_access.log combined
+	ErrorLog /var/log/apache2/piwik_error.log
+	LogLevel warn
+</VirtualHost>
diff --git a/roles/piwik/templates/config.ini.php.j2 b/roles/piwik/templates/config.ini.php.j2
new file mode 100644
index 0000000..c172532
--- /dev/null
+++ b/roles/piwik/templates/config.ini.php.j2
@@ -0,0 +1,18 @@
+; <?php exit; ?> DO NOT REMOVE THIS LINE
+; /etc/piwik/config.ini.php
+; ---
+; Ansible template configuration file, will be overwritten by Piwik later on,
+; which is okay :-)
+; ---
+
+[database]
+host = "{{ piwik_db_host }}"
+username = "{{ piwik_db_user }}"
+password = "{{ piwik_db_password }}"
+dbname = "{{ piwik_db_name }}"
+
+[General]
+proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
+proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
+{% for host in piwik_trusted_hosts %}trusted_hosts[] = "{{ host }}"
+{% endfor %}
diff --git a/roles/piwik/templates/php_piwik.ini.j2 b/roles/piwik/templates/php_piwik.ini.j2
new file mode 100644
index 0000000..4c9e7c9
--- /dev/null
+++ b/roles/piwik/templates/php_piwik.ini.j2
@@ -0,0 +1,6 @@
+; /etc/php5/apache2/conf.d/99-piwik.ini
+; ---
+;  {{ ansible_managed }}
+; ---
+
+always_populate_raw_post_data=-1
diff --git a/roles/piwik/templates/piwik.list.j2 b/roles/piwik/templates/piwik.list.j2
new file mode 100644
index 0000000..aafbc54
--- /dev/null
+++ b/roles/piwik/templates/piwik.list.j2
@@ -0,0 +1,6 @@
+# /etc/apt/sources.list.d/piwik.list
+# ---
+#  {{ ansible_managed }}
+# ---
+
+deb {{ piwik_apt_repository }} piwik main