From a892bd8ebfe796beb67db4b143d912df394aef80 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Tue, 16 Jan 2018 17:02:57 +0100 Subject: [PATCH 1/4] piwik 3.2.1 -> matomo 3.3.0 minor release, mainly rename --- .../web-apps/{piwik => matomo}/bootstrap.php | 0 .../web-apps/{piwik => matomo}/default.nix | 21 +++++++++++-------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 +- 4 files changed, 14 insertions(+), 10 deletions(-) rename pkgs/servers/web-apps/{piwik => matomo}/bootstrap.php (100%) rename pkgs/servers/web-apps/{piwik => matomo}/default.nix (63%) diff --git a/pkgs/servers/web-apps/piwik/bootstrap.php b/pkgs/servers/web-apps/matomo/bootstrap.php similarity index 100% rename from pkgs/servers/web-apps/piwik/bootstrap.php rename to pkgs/servers/web-apps/matomo/bootstrap.php diff --git a/pkgs/servers/web-apps/piwik/default.nix b/pkgs/servers/web-apps/matomo/default.nix similarity index 63% rename from pkgs/servers/web-apps/piwik/default.nix rename to pkgs/servers/web-apps/matomo/default.nix index 697240e81c75..591e11ca8202 100644 --- a/pkgs/servers/web-apps/piwik/default.nix +++ b/pkgs/servers/web-apps/matomo/default.nix @@ -1,12 +1,14 @@ { stdenv, fetchurl, makeWrapper, php }: stdenv.mkDerivation rec { - name = "piwik-${version}"; - version = "3.2.1"; + name = "matomo-${version}"; + version = "3.3.0"; src = fetchurl { - url = "https://builds.piwik.org/${name}.tar.gz"; - sha512 = "1yisgywz7dm6kygh9mc207xnqpvdxbw4pa2l9gjh495a6979x3chi7z5rf410z4dmrg0kbj8wqm8mmmslfn276xvw37l2d4h73ij1h2"; + # TODO: As soon as the tarballs are renamed as well on future releases, this should be enabled again + # url = "https://builds.matomo.org/${name}.tar.gz"; + url = "https://builds.matomo.org/piwik-${version}.tar.gz"; + sha256 = "1ybzj3kk0x29nv8c6xnhir5d9dr0q0fl1vnm4i7zvhml73ryqk0f"; }; nativeBuildInputs = [ makeWrapper ]; @@ -21,21 +23,22 @@ stdenv.mkDerivation rec { cp ${./bootstrap.php} bootstrap.php ''; + # TODO: future versions might rename the PIWIK_… variables to MATOMO_… # TODO: Move more unnecessary files from share/, especially using PIWIK_INCLUDE_PATH. - # See https://forum.piwik.org/t/bootstrap-php/5926/10 and - # https://github.com/piwik/piwik/issues/11654#issuecomment-297730843 + # See https://forum.matomo.org/t/bootstrap-php/5926/10 and + # https://github.com/matomo-org/matomo/issues/11654#issuecomment-297730843 installPhase = '' runHook preInstall # copy evertything to share/, used as webroot folder, and then remove what's known to be not needed mkdir -p $out/share cp -ra * $out/share/ - # tmp/ is created by piwik in PIWIK_USER_PATH + # tmp/ is created by matomo in PIWIK_USER_PATH rmdir $out/share/tmp # config/ needs to be copied to PIWIK_USER_PATH anyway mv $out/share/config $out/ - makeWrapper ${php}/bin/php $out/bin/piwik-console \ + makeWrapper ${php}/bin/php $out/bin/matomo-console \ --add-flags "$out/share/console" runHook postInstall @@ -44,7 +47,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "A real-time web analytics application"; license = licenses.gpl3Plus; - homepage = https://piwik.org/; + homepage = https://matomo.org/; platforms = platforms.all; maintainers = [ maintainers.florianjacob ]; }; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 8da6bcef4957..3845c0710514 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -110,6 +110,7 @@ mapAliases (rec { m3d-linux = m33-linux; # added 2016-08-13 manpages = man-pages; # added 2015-12-06 man_db = man-db; # added 2016-05 + piwik = matomo; # added 2018-01-16 midoriWrapper = midori; # added 2015-01 minc_tools = minc-tools; # 2017-12 mlt-qt5 = libsForQt5.mlt; # added 2015-12-19 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f70da86d207e..faa3e8829961 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12632,7 +12632,7 @@ with pkgs; shaarli-material = callPackage ../servers/web-apps/shaarli/material-theme.nix { }; - piwik = callPackage ../servers/web-apps/piwik { }; + matomo = callPackage ../servers/web-apps/matomo { }; axis2 = callPackage ../servers/http/tomcat/axis2 { }; From d431aed997ee41cbe31a7a000c0f97d679a981b7 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Tue, 16 Jan 2018 17:24:49 +0100 Subject: [PATCH 2/4] matomo: make the substituteInPlace a proper patch, improve description --- pkgs/servers/web-apps/matomo/default.nix | 13 +++++++++---- .../make-localhost-default-database-host.patch | 13 +++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 pkgs/servers/web-apps/matomo/make-localhost-default-database-host.patch diff --git a/pkgs/servers/web-apps/matomo/default.nix b/pkgs/servers/web-apps/matomo/default.nix index 591e11ca8202..c99b20a46bd5 100644 --- a/pkgs/servers/web-apps/matomo/default.nix +++ b/pkgs/servers/web-apps/matomo/default.nix @@ -13,13 +13,18 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper ]; - # regarding the 127.0.0.1 substitute: - # This replaces the default value of the database server field. + # make-localhost-default-database-server.patch: + # This changes the default value of the database server field + # from 127.0.0.1 to localhost. # unix socket authentication only works with localhost, # but password-based SQL authentication works with both. + # TODO: is upstream interested in this? + patches = [ ./make-localhost-default-database-host.patch ]; + + # this bootstrap.php adds support for getting PIWIK_USER_PATH + # from an environment variable. Point it to a mutable location + # to be able to use matomo read-only from the nix store postPatch = '' - substituteInPlace plugins/Installation/FormDatabaseSetup.php \ - --replace "=> '127.0.0.1'," "=> 'localhost'," cp ${./bootstrap.php} bootstrap.php ''; diff --git a/pkgs/servers/web-apps/matomo/make-localhost-default-database-host.patch b/pkgs/servers/web-apps/matomo/make-localhost-default-database-host.patch new file mode 100644 index 000000000000..48808ac2ccca --- /dev/null +++ b/pkgs/servers/web-apps/matomo/make-localhost-default-database-host.patch @@ -0,0 +1,13 @@ +diff --git a/plugins/Installation/FormDatabaseSetup.php b/plugins/Installation/FormDatabaseSetup.php +index 9364f49870..2625cbb91b 100644 +--- a/plugins/Installation/FormDatabaseSetup.php ++++ b/plugins/Installation/FormDatabaseSetup.php +@@ -82,7 +82,7 @@ class FormDatabaseSetup extends QuickForm2 + + // default values + $this->addDataSource(new HTML_QuickForm2_DataSource_Array(array( +- 'host' => '127.0.0.1', ++ 'host' => 'localhost', + 'type' => $defaultDatabaseType, + 'tables_prefix' => 'matomo_', + ))); From 48e449ee7015c01a02875cb68290e69033d9daa1 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Tue, 16 Jan 2018 18:44:27 +0100 Subject: [PATCH 3/4] nixos/piwik: rename to matomo --- nixos/doc/manual/release-notes/rl-1803.xml | 34 +++++++++++ nixos/modules/module-list.nix | 2 +- nixos/modules/rename.nix | 6 ++ nixos/modules/services/databases/mysql.nix | 2 +- .../{piwik-doc.xml => matomo-doc.xml} | 42 ++++++------- .../web-apps/{piwik.nix => matomo.nix} | 61 +++++++++++-------- 6 files changed, 99 insertions(+), 48 deletions(-) rename nixos/modules/services/web-apps/{piwik-doc.xml => matomo-doc.xml} (58%) rename nixos/modules/services/web-apps/{piwik.nix => matomo.nix} (77%) diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index ce58c4dc95b0..855045d6ce96 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -239,6 +239,40 @@ following incompatible changes: here. + + + The Piwik analytics software was renamed to Matomo: + + + The package pkgs.piwik was renamed to pkgs.matomo. + + + The service services.piwik was renamed to services.matomo. + + + + The data directory /var/lib/piwik was renamed to /var/lib/matomo. + All files will be moved automatically on first startup, but you might need to adjust your backup scripts. + + + + + The piwik user was renamed to matomo. + The service will adjust ownership automatically for files in the data directory. + If you use unix socket authentication, remember to give the new matomo user + access to the database and to change the username to matomo + in the [database] section of /var/lib/matomo/config/config.ini.php. + + + + + If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean, + but this is neither enforced nor required. + + + + + diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 098fac7a0c2d..45eca7f4ee5f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -637,7 +637,7 @@ ./services/web-apps/nixbot.nix ./services/web-apps/nexus.nix ./services/web-apps/pgpkeyserver-lite.nix - ./services/web-apps/piwik.nix + ./services/web-apps/matomo.nix ./services/web-apps/pump.io.nix ./services/web-apps/restya-board.nix ./services/web-apps/tt-rss.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index da83baed3719..489d7d8b9b50 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -148,6 +148,12 @@ with lib; # parsoid (mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ]) + # piwik was renamed to matomo + (mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ]) + (mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ]) + (mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ]) + (mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ]) + # tarsnap (mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives..cachedir") diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 5b7390503552..466f1c705bd5 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -133,7 +133,7 @@ in ''; example = [ "nextcloud" - "piwik" + "matomo" ]; }; diff --git a/nixos/modules/services/web-apps/piwik-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml similarity index 58% rename from nixos/modules/services/web-apps/piwik-doc.xml rename to nixos/modules/services/web-apps/matomo-doc.xml index a393a182d36a..456aae6cc366 100644 --- a/nixos/modules/services/web-apps/piwik-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -2,16 +2,16 @@ xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" - xml:id="module-services-piwik"> + xml:id="module-services-matomo"> - Piwik + Matomo - Piwik is a real-time web analytics application. - This module configures php-fpm as backend for piwik, optionally configuring an nginx vhost as well. + Matomo is a real-time web analytics application. + This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well. - An automatic setup is not suported by piwik, so you need to configure piwik itself in the browser-based piwik setup. + An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup. @@ -19,7 +19,7 @@ Database Setup - You also need to configure a MariaDB or MySQL database and -user for piwik yourself, + You also need to configure a MariaDB or MySQL database and -user for Matomo yourself, and enter those credentials in your browser. You can use passwordless database authentication via the UNIX_SOCKET authentication plugin with the following SQL commands: @@ -27,20 +27,20 @@ # For MariaDB INSTALL PLUGIN unix_socket SONAME 'auth_socket'; - CREATE DATABASE piwik; - CREATE USER 'piwik'@'localhost' IDENTIFIED WITH unix_socket; - GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost'; + CREATE DATABASE matomo; + CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; + GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; # For MySQL INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; - CREATE DATABASE piwik; - CREATE USER 'piwik'@'localhost' IDENTIFIED WITH auth_socket; - GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost'; + CREATE DATABASE matomo; + CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; + GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - Then fill in piwik as database user and database name, and leave the password field blank. - This authentication works by allowing only the piwik unix user to authenticate as the - piwik database user (without needing a password), but no other users. + Then fill in matomo as database user and database name, and leave the password field blank. + This authentication works by allowing only the matomo unix user to authenticate as the + matomo database user (without needing a password), but no other users. For more information on passwordless login, see . @@ -55,9 +55,9 @@ Backup You only need to take backups of your MySQL database and the - /var/lib/piwik/config/config.ini.php file. - Use a user in the piwik group or root to access the file. - For more information, see . + /var/lib/matomo/config/config.ini.php file. + Use a user in the matomo group or root to access the file. + For more information, see . @@ -67,14 +67,14 @@ - Piwik's file integrity check will warn you. + Matomo's file integrity check will warn you. This is due to the patches necessary for NixOS, you can safely ignore this. - Piwik will warn you that the JavaScript tracker is not writable. + Matomo will warn you that the JavaScript tracker is not writable. This is because it's located in the read-only nix store. You can safely ignore this, unless you need a plugin that needs JavaScript tracker access. @@ -88,7 +88,7 @@ You can use other web servers by forwarding calls for index.php and - piwik.php to the /run/phpfpm-piwik.sock fastcgi unix socket. + piwik.php to the /run/phpfpm-matomo.sock fastcgi unix socket. You can use the nginx configuration in the module code as a reference to what else should be configured. diff --git a/nixos/modules/services/web-apps/piwik.nix b/nixos/modules/services/web-apps/matomo.nix similarity index 77% rename from nixos/modules/services/web-apps/piwik.nix rename to nixos/modules/services/web-apps/matomo.nix index ce86c6873dd4..8ca117fc459b 100644 --- a/nixos/modules/services/web-apps/piwik.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -1,10 +1,11 @@ { config, lib, pkgs, services, ... }: with lib; let - cfg = config.services.piwik; + cfg = config.services.matomo; - user = "piwik"; + user = "matomo"; dataDir = "/var/lib/${user}"; + deprecatedDataDir = "/var/lib/piwik"; pool = user; # it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770, @@ -15,15 +16,15 @@ let in { options = { - services.piwik = { + services.matomo = { # NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963 - # piwik issue for automatic piwik setup: https://github.com/piwik/piwik/issues/10257 - # TODO: find a nice way to do this when more NixOS MySQL and / or piwik automatic setup stuff is implemented. + # matomo issue for automatic matomo setup: https://github.com/matomo-org/matomo/issues/10257 + # TODO: find a nice way to do this when more NixOS MySQL and / or matomo automatic setup stuff is implemented. enable = mkOption { type = types.bool; default = false; description = '' - Enable piwik web analytics with php-fpm backend. + Enable matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory. ''; }; @@ -32,8 +33,9 @@ in { type = types.nullOr types.str; default = null; example = "lighttpd"; + # TODO: piwik.php might get renamed to matomo.php in future releases description = '' - Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx + Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user and pass fastcgi requests to `index.php` and `piwik.php` to this socket. @@ -55,7 +57,7 @@ in { catch_workers_output = yes ''; description = '' - Settings for phpfpm's process manager. You might need to change this depending on the load for piwik. + Settings for phpfpm's process manager. You might need to change this depending on the load for matomo. ''; }; @@ -65,7 +67,7 @@ in { (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) { # enable encryption by default, - # as sensitive login and piwik data should not be transmitted in clear text. + # as sensitive login and matomo data should not be transmitted in clear text. options.forceSSL.default = true; options.enableACME.default = true; } @@ -77,10 +79,10 @@ in { enableACME = false; }; description = '' - With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik. + With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo. Either this option or the webServerUser option is mandatory. Set this to {} to just enable the virtualHost if you don't need any customization. - If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active, + If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active, and certificates are acquired via ACME. If this is set to null (the default), no nginx virtualHost will be configured. ''; @@ -90,12 +92,12 @@ in { config = mkIf cfg.enable { warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [ - "If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed." + "If services.matomo.nginx is set, services.matomo.nginx.webServerUser is ignored and should be removed." ]; assertions = [ { assertion = cfg.nginx != null || cfg.webServerUser != null; - message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory"; + message = "Either services.matomo.nginx or services.matomo.nginx.webServerUser is mandatory"; }]; users.extraUsers.${user} = { @@ -106,19 +108,20 @@ in { }; users.extraGroups.${user} = {}; - systemd.services.piwik_setup_update = { - # everything needs to set up and up to date before piwik php files are executed + systemd.services.matomo_setup_update = { + # everything needs to set up and up to date before matomo php files are executed requiredBy = [ "${phpExecutionUnit}.service" ]; before = [ "${phpExecutionUnit}.service" ]; # the update part of the script can only work if the database is already up and running requires = [ databaseService ]; after = [ databaseService ]; - path = [ pkgs.piwik ]; + path = [ pkgs.matomo ]; serviceConfig = { Type = "oneshot"; User = user; # hide especially config.ini.php from other UMask = "0007"; + # TODO: might get renamed to MATOMO_USER_PATH in future versions Environment = "PIWIK_USER_PATH=${dataDir}"; # chown + chmod in preStart needs root PermissionsStartOnly = true; @@ -127,27 +130,32 @@ in { # e.g. after restoring from backup or moving from another system. # Note that ${dataDir}/config/config.ini.php might contain the MySQL password. preStart = '' + # migrate data from piwik to matomo folder + if [ -d ${deprecatedDataDir} ]; then + echo "Migrating from ${deprecatedDataDir} to ${dataDir}" + mv -T ${deprecatedDataDir} ${dataDir} + fi chown -R ${user}:${user} ${dataDir} chmod -R ug+rwX,o-rwx ${dataDir} ''; script = '' - # Use User-Private Group scheme to protect piwik data, but allow administration / backup via piwik group + # Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group # Copy config folder chmod g+s "${dataDir}" - cp -r "${pkgs.piwik}/config" "${dataDir}/" + cp -r "${pkgs.matomo}/config" "${dataDir}/" chmod -R u+rwX,g+rwX,o-rwx "${dataDir}" # check whether user setup has already been done if test -f "${dataDir}/config/config.ini.php"; then # then execute possibly pending database upgrade - piwik-console core:update --yes + matomo-console core:update --yes fi ''; }; systemd.services.${phpExecutionUnit} = { - # stop phpfpm on package upgrade, do database upgrade via piwik_setup_update, and then restart - restartTriggers = [ pkgs.piwik ]; + # stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart + restartTriggers = [ pkgs.matomo ]; # stop config.ini.php from getting written with read permission for others serviceConfig.UMask = "0007"; }; @@ -175,14 +183,15 @@ in { # References: # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html # https://github.com/perusio/piwik-nginx + # TODO: better default "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx { - # don't allow to override the root easily, as it will almost certainly break piwik. + # don't allow to override the root easily, as it will almost certainly break matomo. # disadvantage: not shown as default in docs. - root = mkForce "${pkgs.piwik}/share"; + root = mkForce "${pkgs.matomo}/share"; # define locations here instead of as the submodule option's default # so that they can easily be extended with additional locations if required - # without needing to redefine the piwik ones. + # without needing to redefine the matomo ones. # disadvantage: not shown as default in docs. locations."/" = { index = "index.php"; @@ -191,6 +200,7 @@ in { locations."= /index.php".extraConfig = '' fastcgi_pass unix:${phpSocket}; ''; + # TODO: might get renamed to matomo.php in future versions # allow piwik.php for tracking locations."= /piwik.php".extraConfig = '' fastcgi_pass unix:${phpSocket}; @@ -212,6 +222,7 @@ in { locations."= /robots.txt".extraConfig = '' return 200 "User-agent: *\nDisallow: /\n"; ''; + # TODO: might get renamed to matomo.js in future versions # let browsers cache piwik.js locations."= /piwik.js".extraConfig = '' expires 1M; @@ -221,7 +232,7 @@ in { }; meta = { - doc = ./piwik-doc.xml; + doc = ./matomo-doc.xml; maintainers = with stdenv.lib.maintainers; [ florianjacob ]; }; } From 885e762d471e0733e5da72ddf10f486893624483 Mon Sep 17 00:00:00 2001 From: Florian Jacob Date: Wed, 17 Jan 2018 11:00:15 +0100 Subject: [PATCH 4/4] nixos/matomo: improve serverName default when we need to change it anyway for the rename. --- nixos/doc/manual/release-notes/rl-1803.xml | 12 ++++++++++++ nixos/modules/services/web-apps/matomo.nix | 18 +++++++++++++----- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 855045d6ce96..ddf812aae82f 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -255,6 +255,18 @@ following incompatible changes: All files will be moved automatically on first startup, but you might need to adjust your backup scripts. + + + The default for the nginx configuration changed from + piwik.${config.networking.hostName} to + matomo.${config.networking.hostName}.${config.networking.domain} + if is set, + matomo.${config.networking.hostName} if it is not set. + If you change your , remember you'll need to update the + trustedHosts[] array in /var/lib/matomo/config/config.ini.php + as well. + + The piwik user was renamed to matomo. diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 8ca117fc459b..ef6ac9698e21 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -14,6 +14,11 @@ let phpExecutionUnit = "phpfpm-${pool}"; databaseService = "mysql.service"; + fqdn = + let + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; + in { options = { services.matomo = { @@ -75,15 +80,19 @@ in { ); default = null; example = { - serverName = "stats.$\{config.networking.hostName\}"; + serverAliases = [ + "matomo.$\{config.networking.domain\}" + "stats.$\{config.networking.domain\}" + ]; enableACME = false; }; description = '' With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo. Either this option or the webServerUser option is mandatory. Set this to {} to just enable the virtualHost if you don't need any customization. - If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active, - and certificates are acquired via ACME. + If enabled, then by default, the is + ${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}, + SSL is active, and certificates are acquired via ACME. If this is set to null (the default), no nginx virtualHost will be configured. ''; }; @@ -183,8 +192,7 @@ in { # References: # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html # https://github.com/perusio/piwik-nginx - # TODO: better default - "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx { + "${user}.${fqdn}" = mkMerge [ cfg.nginx { # don't allow to override the root easily, as it will almost certainly break matomo. # disadvantage: not shown as default in docs. root = mkForce "${pkgs.matomo}/share";