From c883fc6fdb08458201d8b41dbdf3e6c544fac5f6 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Fri, 19 May 2017 15:19:36 +0200
Subject: [PATCH] New "piwik" role

---
 README.md                                     |  25 ++++
 roles/piwik/defaults/main.yml                 |  18 +++
 roles/piwik/files/htaccess                    |  24 ++++
 roles/piwik/files/piwik.gpg                   | Bin 0 -> 1699 bytes
 roles/piwik/meta/main.yml                     |   6 +
 roles/piwik/tasks/main.yml                    | 123 ++++++++++++++++++
 .../templates/apache2_piwik_vhost.conf.j2     |  17 +++
 roles/piwik/templates/config.ini.php.j2       |  18 +++
 roles/piwik/templates/php_piwik.ini.j2        |   6 +
 roles/piwik/templates/piwik.list.j2           |   6 +
 10 files changed, 243 insertions(+)
 create mode 100644 roles/piwik/defaults/main.yml
 create mode 100644 roles/piwik/files/htaccess
 create mode 100644 roles/piwik/files/piwik.gpg
 create mode 100644 roles/piwik/meta/main.yml
 create mode 100644 roles/piwik/tasks/main.yml
 create mode 100644 roles/piwik/templates/apache2_piwik_vhost.conf.j2
 create mode 100644 roles/piwik/templates/config.ini.php.j2
 create mode 100644 roles/piwik/templates/php_piwik.ini.j2
 create mode 100644 roles/piwik/templates/piwik.list.j2

diff --git a/README.md b/README.md
index 4f4d33f..6d64b5f 100644
--- a/README.md
+++ b/README.md
@@ -260,6 +260,31 @@ Generic "base role" for the operating system, pulls in the actual OS and
 distribution specific role (e. g. "debian-base").
 
 
+### piwik
+
+#### Depends on / Pulls in
+
+ - os-base
+ - apache2-php5
+
+#### Installed Packages
+
+ - piwik
+
+#### Variables
+
+ - `piwik_apt_repository`
+ - `piwik_vhost_ipa`
+ - `piwik_vhost_port`
+ - `piwik_vhost_fqdn`
+ - `piwik_admin_email`
+ - `piwik_db_host`: Initial database host.
+ - `piwik_db_user`: Initial database user.
+ - `piwik_db_password`: Initial database password.
+ - `piwik_db_name`: Initial database name.
+ - `piwik_trusted_hosts`: Initial list of trusted hosts.
+
+
 ### postfix
 
 Postfix SMTP server setup.
diff --git a/roles/piwik/defaults/main.yml b/roles/piwik/defaults/main.yml
new file mode 100644
index 0000000..fded36d
--- /dev/null
+++ b/roles/piwik/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+# defaults file for piwik
+
+piwik_apt_repository: "http://debian.piwik.org/"
+
+piwik_vhost_ipa: "*"
+piwik_vhost_port: 80
+piwik_vhost_fqdn: "{{ inventory_hostname }}"
+
+piwik_admin_email: "root@{{ inventory_hostname }}"
+
+piwik_db_host: "localhost"
+piwik_db_user: "piwik"
+piwik_db_password: "piwik"
+piwik_db_name: "piwik"
+
+piwik_trusted_hosts:
+  - "{{ piwik_vhost_fqdn }}"
diff --git a/roles/piwik/files/htaccess b/roles/piwik/files/htaccess
new file mode 100644
index 0000000..df1618b
--- /dev/null
+++ b/roles/piwik/files/htaccess
@@ -0,0 +1,24 @@
+# This file is auto generated by Piwik, do not edit directly
+# Please report any issue or improvement directly to the Piwik team.
+
+# First, deny access to all files in this directory
+<Files "*">
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		Order Deny,Allow
+		Deny from All
+	</IfVersion>
+	<IfVersion >= 2.4>
+		Require all denied
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		Order Deny,Allow
+		Deny from All
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+</IfModule>
+</Files>
diff --git a/roles/piwik/files/piwik.gpg b/roles/piwik/files/piwik.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..643cf380f2e635d7d19558d2259ca77a2439f5e1
GIT binary patch
literal 1699
zcmV;U23+}>0ipy_vxjdH1OTqCgM-7YR0cAx2dVdmDXCB+bQ6o(U9U_yo3_)$MjStj
zLqAxawXIRHqwWar-B32+DFc4XE7wFfKXL#Cf*p4iS``Y)z(NFL2poMkK>=+jd7`v{
zdUo+6=50SoV;Ft3cUE0eV{E%!9vGoUFh6iL@@h){xXN{3)RIJ$x_1DewIW4g_eIc>
z24e$EZs_%>M2OjK1OH^e2M{4Ry@k!xjh0w*T*-x5(06-<>{NZ=1FlrdLgt`sSo2se
zQh&$&^9CCfU``n^XT(q5;CKNVMq4n~z0^Oh<$>I1gQhW3mQ)G$>{d0{rytgEH{~h6
zYRwI3kO8m%mFqGz;{Z|(o(C&qvjtjMwoz&l-o*Npe(X&+s)+;tM#)0g0(0OJhw4v0
zliVz`?_JQ#3&aB+X8hVCT5212S$^UYynlD$;|im}urd37PDLyEuBQHh=ddRxvoXdj
z!b`h2#q$)?qO)kNsfE%<!e(7$=k{rZCIcm1b7^YyBy~qS)k9FlU!<{&jju((1X37W
zLY<0>zpt<aR%#f<v_DX3cWG-NPjF>!AX9I3a${v6L2hAed30%Gb08>0WnyVzZXi%$
zV{2h&Who#$WMyJ$VQxThX?JOBE^l&YK8Roh6A=OcAO!+avxjd28v_Ol2?z%R0t6KT
z2m=Hb0s{d89svRufB*^!5P{<7i)Q}Vp1!RBprbJ(S*0$Wg^%Eq5q1huRuCSZl>nLo
z=UC0%R^VW7_$3~toypc`9rACv1PugIvxjdG5CD}>x2j~P@e4!+Tj(~7&k8_yqxlBX
zax)q==Y1-ss71EsX6_${$<40a4#bH<eUt`;vO3nk7^g_5kFoZ@7YTQs2k>kJXLq{g
zyT#B)czYWQCF~uWQ4xyer(+rBVWNGTiP_rJF70*wde>zpdUr3pNxlnzDUBFsg~Fmc
zGiw6{t`VEUfj+=mmRBG!VREd&-Z51w^w}>A!@`3^5|KwYY>fg7{?u+JLDV(<pOW(A
zC54l<|9HN4yn!$DWpb`e<t06qSf~`QflhQhOW0?p9u90{!u7o+74uZwrCKc};)D6v
zjp>?thKn?WRk<);(%qw<N-i?S)SQ?chsXSL6B@OQWYL7%W2ls=xhAbKaIX7ZB*OtZ
zD9q%PIOQXxbFxNCBN^od^fs?jtA2l%L8q#ZzCx_H@|)>t=c4DQYd9Q2o?LJwUv)vK
zV7D(d*YJOo2}WeLgV7SQ_&al19H68xCn0<CKJwfU`0swZ54UpCK(2k`kVS~b?nfM|
zO>uvi)!bs>%ImfB5@i;>6Nt1t!=u-sSRo_6UhWRIU8%i6Iq7CIm7-F9?{h1uTVV1R
zNhl8M03T1l?CAlWYod{_&gSL*TT?(>FZQt&-g?3jw`a#<eROccS>_ZA-oaaUD4MRu
zwqx6{`{?}w?+$SMBd}9bcvV~VheH4Z1`qxzZ~<Gu$ojVuFVi?P>ceuCRoDWzE!TfD
z>tm_qF=M^)ML=TLLGPI&s|?lm;N-Lk9baelEgSMa_YC%lx|KcX1n{o*Z~l&xs2ZL!
zG6N<3g+izcVm#%`Q*w=6O@mnwJy%oCMSh1;Km^2UhnZGK(YPG5A^x?2(Vz2+=*U)#
z8%3w<5~Bf&{RP9~drn!HJV$L!Z?CEWT&96lTM+zoMKL{p*pOTLHMT9D@w_HyYvJAg
z4hgB7=m&%&@QTRfDgD&SlBKdop7ImFRf^sS-Xap<rOU^#Sw0vA`TfRx-tv8{o_o-;
z{EA7Tl2XcN)R+BPk`lx^uUq=RqSb~_>WsR**d{;o(M9-IEpB62wQ}4*m-2@<v9hm&
z!EepLExx3|z0VO(OKyMpA&W5z0~Stz*>WTaXg7*7f$cNvxMOL1$9eZw^~!(`wi)wr
z9$gR5Oc3rqLgEUW5CTw)8*ZYa0_1oK<=#6`M>A(suefW&4)L8Itl<wwcgDM;i{ZFf
zSb{co0V+!N`#Bn_sH~yq(~8H((I8$KVhu>vVoX&>E<{53fZRRLUARX|k*8s)snqvr
z)K@06)yE5?)}2nP9?tnYrkIGiDWZP^*?Gb(!&XD#^ND{<-~Qg>L4|b7Bi3aP0QcC7
zQBU>*msiRVKy%+NVCqZCs;0h(Ndy=X0ssjG0#dVwZvq<(0162Zf#T<jX8zcou%G~*
tDe2-M=`|E2LG}kQY!az8-GocX0HBQdmR$>#Yq+gDw8zn}(D!t9cs{f|DzN|n

literal 0
HcmV?d00001

diff --git a/roles/piwik/meta/main.yml b/roles/piwik/meta/main.yml
new file mode 100644
index 0000000..1a7d29e
--- /dev/null
+++ b/roles/piwik/meta/main.yml
@@ -0,0 +1,6 @@
+---
+# meta file for piwik
+
+dependencies:
+  - { role: os-base }
+  - { role: apache2-php5 }
diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
new file mode 100644
index 0000000..6442168
--- /dev/null
+++ b/roles/piwik/tasks/main.yml
@@ -0,0 +1,123 @@
+---
+# tasks file for piwik
+
+- name: install "apt-transport-https" and "ca-certificates"
+  tags:
+    - docker
+    - packages
+  apt: >
+    name={{ item }}
+    state=installed
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+  when: piwik_apt_repository.startswith("https://")
+
+- name: install Piwik repository GnuPG key
+  tags:
+    - piwik
+    - packages
+  copy: >
+    dest=/etc/apt/trusted.gpg.d/
+    group=root
+    mode=0644
+    owner=root
+    src=piwik.gpg
+  notify:
+    - update APT repositories
+
+- name: install Piwik repository configuration
+  tags:
+    - piwik
+    - packages
+  template: >
+    dest=/etc/apt/sources.list.d/piwik.list
+    group=root
+    mode=0644
+    owner=root
+    src=piwik.list.j2
+  notify:
+    - update APT repositories
+
+- meta: flush_handlers
+  tags:
+    - piwik
+    - packages
+
+- name: install "piwik"
+  tags:
+    - piwik
+    - packages
+  apt: >
+    name=piwik
+    state=installed
+
+- name: install Piwik configuration
+  tags:
+    - piwik
+  template: >
+    dest=/etc/piwik/config.ini.php
+    force=no
+    group=www-data
+    mode=0664
+    owner=root
+    src=config.ini.php.j2
+
+- name: install Piwik "htaccess" configuration
+  tags:
+    - piwik
+  copy: >
+    dest=/etc/piwik/.htaccess
+    force=no
+    group=www-data
+    mode=0664
+    owner=root
+    src=htaccess
+
+- name: make JavaScript tracker writable
+  tags:
+    - piwik
+  file: >
+    group=www-data
+    mode=0664
+    owner=root
+    path=/usr/share/piwik/piwik.js
+
+- name: install Apache VHost configuration for Piwik
+  tags:
+    - piwik
+    - apache
+  template: >
+    dest=/etc/apache2/sites-available/piwik.conf
+    group=root
+    mode=0644
+    owner=root
+    src=apache2_piwik_vhost.conf.j2
+  notify:
+    - restart "apache2"
+
+- name: enable Apache VHost configuration for Piwik
+  tags:
+    - piwik
+    - apache
+  file: >
+    dest=/etc/apache2/sites-enabled/piwik.conf
+    group=root
+    owner=root
+    src=/etc/apache2/sites-available/piwik.conf
+    state=link
+  notify:
+    - restart "apache2"
+
+- name: install Piwik PHP configuration
+  tags:
+    - php
+    - piwik
+  template: >
+    dest=/etc/php5/apache2/conf.d/99-piwik.ini
+    group=root
+    mode=0644
+    owner=root
+    src=php_piwik.ini.j2
+  notify:
+    - restart "apache2"
diff --git a/roles/piwik/templates/apache2_piwik_vhost.conf.j2 b/roles/piwik/templates/apache2_piwik_vhost.conf.j2
new file mode 100644
index 0000000..77aaae3
--- /dev/null
+++ b/roles/piwik/templates/apache2_piwik_vhost.conf.j2
@@ -0,0 +1,17 @@
+# /etc/apache2/sites-available/piwik.conf
+# ---
+#  {{ ansible_managed }}
+# ---
+
+<VirtualHost {{piwik_vhost_ipa}}:{{piwik_vhost_port}}>
+	ServerAdmin {{piwik_admin_email}}
+	ServerName {{piwik_vhost_fqdn}}
+
+	DocumentRoot /usr/share/piwik
+
+	Include /etc/piwik/apache.conf
+
+	CustomLog /var/log/apache2/piwik_access.log combined
+	ErrorLog /var/log/apache2/piwik_error.log
+	LogLevel warn
+</VirtualHost>
diff --git a/roles/piwik/templates/config.ini.php.j2 b/roles/piwik/templates/config.ini.php.j2
new file mode 100644
index 0000000..c172532
--- /dev/null
+++ b/roles/piwik/templates/config.ini.php.j2
@@ -0,0 +1,18 @@
+; <?php exit; ?> DO NOT REMOVE THIS LINE
+; /etc/piwik/config.ini.php
+; ---
+; Ansible template configuration file, will be overwritten by Piwik later on,
+; which is okay :-)
+; ---
+
+[database]
+host = "{{ piwik_db_host }}"
+username = "{{ piwik_db_user }}"
+password = "{{ piwik_db_password }}"
+dbname = "{{ piwik_db_name }}"
+
+[General]
+proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
+proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
+{% for host in piwik_trusted_hosts %}trusted_hosts[] = "{{ host }}"
+{% endfor %}
diff --git a/roles/piwik/templates/php_piwik.ini.j2 b/roles/piwik/templates/php_piwik.ini.j2
new file mode 100644
index 0000000..4c9e7c9
--- /dev/null
+++ b/roles/piwik/templates/php_piwik.ini.j2
@@ -0,0 +1,6 @@
+; /etc/php5/apache2/conf.d/99-piwik.ini
+; ---
+;  {{ ansible_managed }}
+; ---
+
+always_populate_raw_post_data=-1
diff --git a/roles/piwik/templates/piwik.list.j2 b/roles/piwik/templates/piwik.list.j2
new file mode 100644
index 0000000..aafbc54
--- /dev/null
+++ b/roles/piwik/templates/piwik.list.j2
@@ -0,0 +1,6 @@
+# /etc/apt/sources.list.d/piwik.list
+# ---
+#  {{ ansible_managed }}
+# ---
+
+deb {{ piwik_apt_repository }} piwik main
-- 
2.39.2