commit
37c009ca74
@ -244,6 +244,52 @@ following incompatible changes:</para>
|
|||||||
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
|
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The Piwik analytics software was renamed to Matomo:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
|
||||||
|
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The default <option>serverName</option> for the nginx configuration changed from
|
||||||
|
<literal>piwik.${config.networking.hostName}</literal> to
|
||||||
|
<literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
|
||||||
|
if <option>config.networking.domain</option> is set,
|
||||||
|
<literal>matomo.${config.networking.hostName}</literal> if it is not set.
|
||||||
|
If you change your <option>serverName</option>, remember you'll need to update the
|
||||||
|
<literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
|
||||||
|
as well.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
|
||||||
|
The service will adjust ownership automatically for files in the data directory.
|
||||||
|
If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
|
||||||
|
access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
|
||||||
|
in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
|
||||||
|
but this is neither enforced nor required.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
@ -638,7 +638,7 @@
|
|||||||
./services/web-apps/nixbot.nix
|
./services/web-apps/nixbot.nix
|
||||||
./services/web-apps/nexus.nix
|
./services/web-apps/nexus.nix
|
||||||
./services/web-apps/pgpkeyserver-lite.nix
|
./services/web-apps/pgpkeyserver-lite.nix
|
||||||
./services/web-apps/piwik.nix
|
./services/web-apps/matomo.nix
|
||||||
./services/web-apps/pump.io.nix
|
./services/web-apps/pump.io.nix
|
||||||
./services/web-apps/restya-board.nix
|
./services/web-apps/restya-board.nix
|
||||||
./services/web-apps/tt-rss.nix
|
./services/web-apps/tt-rss.nix
|
||||||
|
@ -148,6 +148,12 @@ with lib;
|
|||||||
# parsoid
|
# parsoid
|
||||||
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
|
(mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] [ "services" "parsoid" "wikis" ])
|
||||||
|
|
||||||
|
# piwik was renamed to matomo
|
||||||
|
(mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ])
|
||||||
|
(mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])
|
||||||
|
|
||||||
# tarsnap
|
# tarsnap
|
||||||
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")
|
(mkRemovedOptionModule [ "services" "tarsnap" "cachedir" ] "Use services.tarsnap.archives.<name>.cachedir")
|
||||||
|
|
||||||
|
@ -133,7 +133,7 @@ in
|
|||||||
'';
|
'';
|
||||||
example = [
|
example = [
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
"piwik"
|
"matomo"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -2,16 +2,16 @@
|
|||||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
version="5.0"
|
version="5.0"
|
||||||
xml:id="module-services-piwik">
|
xml:id="module-services-matomo">
|
||||||
|
|
||||||
<title>Piwik</title>
|
<title>Matomo</title>
|
||||||
<para>
|
<para>
|
||||||
Piwik is a real-time web analytics application.
|
Matomo is a real-time web analytics application.
|
||||||
This module configures php-fpm as backend for piwik, optionally configuring an nginx vhost as well.
|
This module configures php-fpm as backend for Matomo, optionally configuring an nginx vhost as well.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
An automatic setup is not suported by piwik, so you need to configure piwik itself in the browser-based piwik setup.
|
An automatic setup is not suported by Matomo, so you need to configure Matomo itself in the browser-based Matomo setup.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
|
||||||
@ -19,7 +19,7 @@
|
|||||||
<title>Database Setup</title>
|
<title>Database Setup</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You also need to configure a MariaDB or MySQL database and -user for piwik yourself,
|
You also need to configure a MariaDB or MySQL database and -user for Matomo yourself,
|
||||||
and enter those credentials in your browser.
|
and enter those credentials in your browser.
|
||||||
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
|
You can use passwordless database authentication via the UNIX_SOCKET authentication plugin
|
||||||
with the following SQL commands:
|
with the following SQL commands:
|
||||||
@ -27,20 +27,20 @@
|
|||||||
<programlisting>
|
<programlisting>
|
||||||
# For MariaDB
|
# For MariaDB
|
||||||
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
||||||
CREATE DATABASE piwik;
|
CREATE DATABASE matomo;
|
||||||
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH unix_socket;
|
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
|
||||||
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
|
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||||
|
|
||||||
# For MySQL
|
# For MySQL
|
||||||
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
|
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
|
||||||
CREATE DATABASE piwik;
|
CREATE DATABASE matomo;
|
||||||
CREATE USER 'piwik'@'localhost' IDENTIFIED WITH auth_socket;
|
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
|
||||||
GRANT ALL PRIVILEGES ON piwik.* TO 'piwik'@'localhost';
|
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
Then fill in <literal>piwik</literal> as database user and database name, and leave the password field blank.
|
Then fill in <literal>matomo</literal> as database user and database name, and leave the password field blank.
|
||||||
This authentication works by allowing only the <literal>piwik</literal> unix user to authenticate as the
|
This authentication works by allowing only the <literal>matomo</literal> unix user to authenticate as the
|
||||||
<literal>piwik</literal> database user (without needing a password), but no other users.
|
<literal>matomo</literal> database user (without needing a password), but no other users.
|
||||||
For more information on passwordless login, see
|
For more information on passwordless login, see
|
||||||
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
|
<link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" />.
|
||||||
</para>
|
</para>
|
||||||
@ -55,9 +55,9 @@
|
|||||||
<title>Backup</title>
|
<title>Backup</title>
|
||||||
<para>
|
<para>
|
||||||
You only need to take backups of your MySQL database and the
|
You only need to take backups of your MySQL database and the
|
||||||
<filename>/var/lib/piwik/config/config.ini.php</filename> file.
|
<filename>/var/lib/matomo/config/config.ini.php</filename> file.
|
||||||
Use a user in the <literal>piwik</literal> group or root to access the file.
|
Use a user in the <literal>matomo</literal> group or root to access the file.
|
||||||
For more information, see <link xlink:href="https://piwik.org/faq/how-to-install/faq_138/" />.
|
For more information, see <link xlink:href="https://matomo.org/faq/how-to-install/faq_138/" />.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
@ -67,14 +67,14 @@
|
|||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Piwik's file integrity check will warn you.
|
Matomo's file integrity check will warn you.
|
||||||
This is due to the patches necessary for NixOS, you can safely ignore this.
|
This is due to the patches necessary for NixOS, you can safely ignore this.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Piwik will warn you that the JavaScript tracker is not writable.
|
Matomo will warn you that the JavaScript tracker is not writable.
|
||||||
This is because it's located in the read-only nix store.
|
This is because it's located in the read-only nix store.
|
||||||
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
|
You can safely ignore this, unless you need a plugin that needs JavaScript tracker access.
|
||||||
</para>
|
</para>
|
||||||
@ -88,7 +88,7 @@
|
|||||||
|
|
||||||
<para>
|
<para>
|
||||||
You can use other web servers by forwarding calls for <filename>index.php</filename> and
|
You can use other web servers by forwarding calls for <filename>index.php</filename> and
|
||||||
<filename>piwik.php</filename> to the <literal>/run/phpfpm-piwik.sock</literal> fastcgi unix socket.
|
<filename>piwik.php</filename> to the <literal>/run/phpfpm-matomo.sock</literal> fastcgi unix socket.
|
||||||
You can use the nginx configuration in the module code as a reference to what else should be configured.
|
You can use the nginx configuration in the module code as a reference to what else should be configured.
|
||||||
</para>
|
</para>
|
||||||
</section>
|
</section>
|
@ -1,10 +1,11 @@
|
|||||||
{ config, lib, pkgs, services, ... }:
|
{ config, lib, pkgs, services, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services.piwik;
|
cfg = config.services.matomo;
|
||||||
|
|
||||||
user = "piwik";
|
user = "matomo";
|
||||||
dataDir = "/var/lib/${user}";
|
dataDir = "/var/lib/${user}";
|
||||||
|
deprecatedDataDir = "/var/lib/piwik";
|
||||||
|
|
||||||
pool = user;
|
pool = user;
|
||||||
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
|
# it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770,
|
||||||
@ -13,17 +14,22 @@ let
|
|||||||
phpExecutionUnit = "phpfpm-${pool}";
|
phpExecutionUnit = "phpfpm-${pool}";
|
||||||
databaseService = "mysql.service";
|
databaseService = "mysql.service";
|
||||||
|
|
||||||
|
fqdn =
|
||||||
|
let
|
||||||
|
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
|
||||||
|
in join config.networking.hostName config.networking.domain;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.piwik = {
|
services.matomo = {
|
||||||
# NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963
|
# NixOS PR for database setup: https://github.com/NixOS/nixpkgs/pull/6963
|
||||||
# piwik issue for automatic piwik setup: https://github.com/piwik/piwik/issues/10257
|
# matomo issue for automatic matomo setup: https://github.com/matomo-org/matomo/issues/10257
|
||||||
# TODO: find a nice way to do this when more NixOS MySQL and / or piwik automatic setup stuff is implemented.
|
# TODO: find a nice way to do this when more NixOS MySQL and / or matomo automatic setup stuff is implemented.
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Enable piwik web analytics with php-fpm backend.
|
Enable matomo web analytics with php-fpm backend.
|
||||||
Either the nginx option or the webServerUser option is mandatory.
|
Either the nginx option or the webServerUser option is mandatory.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -32,8 +38,9 @@ in {
|
|||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
example = "lighttpd";
|
example = "lighttpd";
|
||||||
|
# TODO: piwik.php might get renamed to matomo.php in future releases
|
||||||
description = ''
|
description = ''
|
||||||
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx
|
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for matomo if the nginx
|
||||||
option is not used. Either this option or the nginx option is mandatory.
|
option is not used. Either this option or the nginx option is mandatory.
|
||||||
If you want to use another webserver than nginx, you need to set this to that server's user
|
If you want to use another webserver than nginx, you need to set this to that server's user
|
||||||
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
|
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
|
||||||
@ -55,7 +62,7 @@ in {
|
|||||||
catch_workers_output = yes
|
catch_workers_output = yes
|
||||||
'';
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
Settings for phpfpm's process manager. You might need to change this depending on the load for piwik.
|
Settings for phpfpm's process manager. You might need to change this depending on the load for matomo.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -65,7 +72,7 @@ in {
|
|||||||
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
|
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
|
||||||
{
|
{
|
||||||
# enable encryption by default,
|
# enable encryption by default,
|
||||||
# as sensitive login and piwik data should not be transmitted in clear text.
|
# as sensitive login and matomo data should not be transmitted in clear text.
|
||||||
options.forceSSL.default = true;
|
options.forceSSL.default = true;
|
||||||
options.enableACME.default = true;
|
options.enableACME.default = true;
|
||||||
}
|
}
|
||||||
@ -73,15 +80,19 @@ in {
|
|||||||
);
|
);
|
||||||
default = null;
|
default = null;
|
||||||
example = {
|
example = {
|
||||||
serverName = "stats.$\{config.networking.hostName\}";
|
serverAliases = [
|
||||||
|
"matomo.$\{config.networking.domain\}"
|
||||||
|
"stats.$\{config.networking.domain\}"
|
||||||
|
];
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik.
|
With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
|
||||||
Either this option or the webServerUser option is mandatory.
|
Either this option or the webServerUser option is mandatory.
|
||||||
Set this to {} to just enable the virtualHost if you don't need any customization.
|
Set this to {} to just enable the virtualHost if you don't need any customization.
|
||||||
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active,
|
If enabled, then by default, the <option>serverName</option> is
|
||||||
and certificates are acquired via ACME.
|
<literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,
|
||||||
|
SSL is active, and certificates are acquired via ACME.
|
||||||
If this is set to null (the default), no nginx virtualHost will be configured.
|
If this is set to null (the default), no nginx virtualHost will be configured.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -90,12 +101,12 @@ in {
|
|||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
|
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
|
||||||
"If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed."
|
"If services.matomo.nginx is set, services.matomo.nginx.webServerUser is ignored and should be removed."
|
||||||
];
|
];
|
||||||
|
|
||||||
assertions = [ {
|
assertions = [ {
|
||||||
assertion = cfg.nginx != null || cfg.webServerUser != null;
|
assertion = cfg.nginx != null || cfg.webServerUser != null;
|
||||||
message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory";
|
message = "Either services.matomo.nginx or services.matomo.nginx.webServerUser is mandatory";
|
||||||
}];
|
}];
|
||||||
|
|
||||||
users.extraUsers.${user} = {
|
users.extraUsers.${user} = {
|
||||||
@ -106,19 +117,20 @@ in {
|
|||||||
};
|
};
|
||||||
users.extraGroups.${user} = {};
|
users.extraGroups.${user} = {};
|
||||||
|
|
||||||
systemd.services.piwik_setup_update = {
|
systemd.services.matomo_setup_update = {
|
||||||
# everything needs to set up and up to date before piwik php files are executed
|
# everything needs to set up and up to date before matomo php files are executed
|
||||||
requiredBy = [ "${phpExecutionUnit}.service" ];
|
requiredBy = [ "${phpExecutionUnit}.service" ];
|
||||||
before = [ "${phpExecutionUnit}.service" ];
|
before = [ "${phpExecutionUnit}.service" ];
|
||||||
# the update part of the script can only work if the database is already up and running
|
# the update part of the script can only work if the database is already up and running
|
||||||
requires = [ databaseService ];
|
requires = [ databaseService ];
|
||||||
after = [ databaseService ];
|
after = [ databaseService ];
|
||||||
path = [ pkgs.piwik ];
|
path = [ pkgs.matomo ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = user;
|
User = user;
|
||||||
# hide especially config.ini.php from other
|
# hide especially config.ini.php from other
|
||||||
UMask = "0007";
|
UMask = "0007";
|
||||||
|
# TODO: might get renamed to MATOMO_USER_PATH in future versions
|
||||||
Environment = "PIWIK_USER_PATH=${dataDir}";
|
Environment = "PIWIK_USER_PATH=${dataDir}";
|
||||||
# chown + chmod in preStart needs root
|
# chown + chmod in preStart needs root
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
@ -127,27 +139,32 @@ in {
|
|||||||
# e.g. after restoring from backup or moving from another system.
|
# e.g. after restoring from backup or moving from another system.
|
||||||
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
|
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
# migrate data from piwik to matomo folder
|
||||||
|
if [ -d ${deprecatedDataDir} ]; then
|
||||||
|
echo "Migrating from ${deprecatedDataDir} to ${dataDir}"
|
||||||
|
mv -T ${deprecatedDataDir} ${dataDir}
|
||||||
|
fi
|
||||||
chown -R ${user}:${user} ${dataDir}
|
chown -R ${user}:${user} ${dataDir}
|
||||||
chmod -R ug+rwX,o-rwx ${dataDir}
|
chmod -R ug+rwX,o-rwx ${dataDir}
|
||||||
'';
|
'';
|
||||||
script = ''
|
script = ''
|
||||||
# Use User-Private Group scheme to protect piwik data, but allow administration / backup via piwik group
|
# Use User-Private Group scheme to protect matomo data, but allow administration / backup via matomo group
|
||||||
# Copy config folder
|
# Copy config folder
|
||||||
chmod g+s "${dataDir}"
|
chmod g+s "${dataDir}"
|
||||||
cp -r "${pkgs.piwik}/config" "${dataDir}/"
|
cp -r "${pkgs.matomo}/config" "${dataDir}/"
|
||||||
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
|
chmod -R u+rwX,g+rwX,o-rwx "${dataDir}"
|
||||||
|
|
||||||
# check whether user setup has already been done
|
# check whether user setup has already been done
|
||||||
if test -f "${dataDir}/config/config.ini.php"; then
|
if test -f "${dataDir}/config/config.ini.php"; then
|
||||||
# then execute possibly pending database upgrade
|
# then execute possibly pending database upgrade
|
||||||
piwik-console core:update --yes
|
matomo-console core:update --yes
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.${phpExecutionUnit} = {
|
systemd.services.${phpExecutionUnit} = {
|
||||||
# stop phpfpm on package upgrade, do database upgrade via piwik_setup_update, and then restart
|
# stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart
|
||||||
restartTriggers = [ pkgs.piwik ];
|
restartTriggers = [ pkgs.matomo ];
|
||||||
# stop config.ini.php from getting written with read permission for others
|
# stop config.ini.php from getting written with read permission for others
|
||||||
serviceConfig.UMask = "0007";
|
serviceConfig.UMask = "0007";
|
||||||
};
|
};
|
||||||
@ -175,14 +192,14 @@ in {
|
|||||||
# References:
|
# References:
|
||||||
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
|
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
|
||||||
# https://github.com/perusio/piwik-nginx
|
# https://github.com/perusio/piwik-nginx
|
||||||
"${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
|
"${user}.${fqdn}" = mkMerge [ cfg.nginx {
|
||||||
# don't allow to override the root easily, as it will almost certainly break piwik.
|
# don't allow to override the root easily, as it will almost certainly break matomo.
|
||||||
# disadvantage: not shown as default in docs.
|
# disadvantage: not shown as default in docs.
|
||||||
root = mkForce "${pkgs.piwik}/share";
|
root = mkForce "${pkgs.matomo}/share";
|
||||||
|
|
||||||
# define locations here instead of as the submodule option's default
|
# define locations here instead of as the submodule option's default
|
||||||
# so that they can easily be extended with additional locations if required
|
# so that they can easily be extended with additional locations if required
|
||||||
# without needing to redefine the piwik ones.
|
# without needing to redefine the matomo ones.
|
||||||
# disadvantage: not shown as default in docs.
|
# disadvantage: not shown as default in docs.
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
index = "index.php";
|
index = "index.php";
|
||||||
@ -191,6 +208,7 @@ in {
|
|||||||
locations."= /index.php".extraConfig = ''
|
locations."= /index.php".extraConfig = ''
|
||||||
fastcgi_pass unix:${phpSocket};
|
fastcgi_pass unix:${phpSocket};
|
||||||
'';
|
'';
|
||||||
|
# TODO: might get renamed to matomo.php in future versions
|
||||||
# allow piwik.php for tracking
|
# allow piwik.php for tracking
|
||||||
locations."= /piwik.php".extraConfig = ''
|
locations."= /piwik.php".extraConfig = ''
|
||||||
fastcgi_pass unix:${phpSocket};
|
fastcgi_pass unix:${phpSocket};
|
||||||
@ -212,6 +230,7 @@ in {
|
|||||||
locations."= /robots.txt".extraConfig = ''
|
locations."= /robots.txt".extraConfig = ''
|
||||||
return 200 "User-agent: *\nDisallow: /\n";
|
return 200 "User-agent: *\nDisallow: /\n";
|
||||||
'';
|
'';
|
||||||
|
# TODO: might get renamed to matomo.js in future versions
|
||||||
# let browsers cache piwik.js
|
# let browsers cache piwik.js
|
||||||
locations."= /piwik.js".extraConfig = ''
|
locations."= /piwik.js".extraConfig = ''
|
||||||
expires 1M;
|
expires 1M;
|
||||||
@ -221,7 +240,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
doc = ./piwik-doc.xml;
|
doc = ./matomo-doc.xml;
|
||||||
maintainers = with stdenv.lib.maintainers; [ florianjacob ];
|
maintainers = with stdenv.lib.maintainers; [ florianjacob ];
|
||||||
};
|
};
|
||||||
}
|
}
|
59
pkgs/servers/web-apps/matomo/default.nix
Normal file
59
pkgs/servers/web-apps/matomo/default.nix
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
{ stdenv, fetchurl, makeWrapper, php }:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
name = "matomo-${version}";
|
||||||
|
version = "3.3.0";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
# TODO: As soon as the tarballs are renamed as well on future releases, this should be enabled again
|
||||||
|
# url = "https://builds.matomo.org/${name}.tar.gz";
|
||||||
|
url = "https://builds.matomo.org/piwik-${version}.tar.gz";
|
||||||
|
sha256 = "1ybzj3kk0x29nv8c6xnhir5d9dr0q0fl1vnm4i7zvhml73ryqk0f";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
# make-localhost-default-database-server.patch:
|
||||||
|
# This changes the default value of the database server field
|
||||||
|
# from 127.0.0.1 to localhost.
|
||||||
|
# unix socket authentication only works with localhost,
|
||||||
|
# but password-based SQL authentication works with both.
|
||||||
|
# TODO: is upstream interested in this?
|
||||||
|
patches = [ ./make-localhost-default-database-host.patch ];
|
||||||
|
|
||||||
|
# this bootstrap.php adds support for getting PIWIK_USER_PATH
|
||||||
|
# from an environment variable. Point it to a mutable location
|
||||||
|
# to be able to use matomo read-only from the nix store
|
||||||
|
postPatch = ''
|
||||||
|
cp ${./bootstrap.php} bootstrap.php
|
||||||
|
'';
|
||||||
|
|
||||||
|
# TODO: future versions might rename the PIWIK_… variables to MATOMO_…
|
||||||
|
# TODO: Move more unnecessary files from share/, especially using PIWIK_INCLUDE_PATH.
|
||||||
|
# See https://forum.matomo.org/t/bootstrap-php/5926/10 and
|
||||||
|
# https://github.com/matomo-org/matomo/issues/11654#issuecomment-297730843
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
|
||||||
|
# copy evertything to share/, used as webroot folder, and then remove what's known to be not needed
|
||||||
|
mkdir -p $out/share
|
||||||
|
cp -ra * $out/share/
|
||||||
|
# tmp/ is created by matomo in PIWIK_USER_PATH
|
||||||
|
rmdir $out/share/tmp
|
||||||
|
# config/ needs to be copied to PIWIK_USER_PATH anyway
|
||||||
|
mv $out/share/config $out/
|
||||||
|
|
||||||
|
makeWrapper ${php}/bin/php $out/bin/matomo-console \
|
||||||
|
--add-flags "$out/share/console"
|
||||||
|
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with stdenv.lib; {
|
||||||
|
description = "A real-time web analytics application";
|
||||||
|
license = licenses.gpl3Plus;
|
||||||
|
homepage = https://matomo.org/;
|
||||||
|
platforms = platforms.all;
|
||||||
|
maintainers = [ maintainers.florianjacob ];
|
||||||
|
};
|
||||||
|
}
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/plugins/Installation/FormDatabaseSetup.php b/plugins/Installation/FormDatabaseSetup.php
|
||||||
|
index 9364f49870..2625cbb91b 100644
|
||||||
|
--- a/plugins/Installation/FormDatabaseSetup.php
|
||||||
|
+++ b/plugins/Installation/FormDatabaseSetup.php
|
||||||
|
@@ -82,7 +82,7 @@ class FormDatabaseSetup extends QuickForm2
|
||||||
|
|
||||||
|
// default values
|
||||||
|
$this->addDataSource(new HTML_QuickForm2_DataSource_Array(array(
|
||||||
|
- 'host' => '127.0.0.1',
|
||||||
|
+ 'host' => 'localhost',
|
||||||
|
'type' => $defaultDatabaseType,
|
||||||
|
'tables_prefix' => 'matomo_',
|
||||||
|
)));
|
@ -1,51 +0,0 @@
|
|||||||
{ stdenv, fetchurl, makeWrapper, php }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
name = "piwik-${version}";
|
|
||||||
version = "3.2.1";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://builds.piwik.org/${name}.tar.gz";
|
|
||||||
sha512 = "1yisgywz7dm6kygh9mc207xnqpvdxbw4pa2l9gjh495a6979x3chi7z5rf410z4dmrg0kbj8wqm8mmmslfn276xvw37l2d4h73ij1h2";
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
|
||||||
|
|
||||||
# regarding the 127.0.0.1 substitute:
|
|
||||||
# This replaces the default value of the database server field.
|
|
||||||
# unix socket authentication only works with localhost,
|
|
||||||
# but password-based SQL authentication works with both.
|
|
||||||
postPatch = ''
|
|
||||||
substituteInPlace plugins/Installation/FormDatabaseSetup.php \
|
|
||||||
--replace "=> '127.0.0.1'," "=> 'localhost',"
|
|
||||||
cp ${./bootstrap.php} bootstrap.php
|
|
||||||
'';
|
|
||||||
|
|
||||||
# TODO: Move more unnecessary files from share/, especially using PIWIK_INCLUDE_PATH.
|
|
||||||
# See https://forum.piwik.org/t/bootstrap-php/5926/10 and
|
|
||||||
# https://github.com/piwik/piwik/issues/11654#issuecomment-297730843
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
|
|
||||||
# copy evertything to share/, used as webroot folder, and then remove what's known to be not needed
|
|
||||||
mkdir -p $out/share
|
|
||||||
cp -ra * $out/share/
|
|
||||||
# tmp/ is created by piwik in PIWIK_USER_PATH
|
|
||||||
rmdir $out/share/tmp
|
|
||||||
# config/ needs to be copied to PIWIK_USER_PATH anyway
|
|
||||||
mv $out/share/config $out/
|
|
||||||
|
|
||||||
makeWrapper ${php}/bin/php $out/bin/piwik-console \
|
|
||||||
--add-flags "$out/share/console"
|
|
||||||
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
|
||||||
description = "A real-time web analytics application";
|
|
||||||
license = licenses.gpl3Plus;
|
|
||||||
homepage = https://piwik.org/;
|
|
||||||
platforms = platforms.all;
|
|
||||||
maintainers = [ maintainers.florianjacob ];
|
|
||||||
};
|
|
||||||
}
|
|
@ -132,6 +132,7 @@ mapAliases (rec {
|
|||||||
m3d-linux = m33-linux; # added 2016-08-13
|
m3d-linux = m33-linux; # added 2016-08-13
|
||||||
manpages = man-pages; # added 2015-12-06
|
manpages = man-pages; # added 2015-12-06
|
||||||
man_db = man-db; # added 2016-05
|
man_db = man-db; # added 2016-05
|
||||||
|
piwik = matomo; # added 2018-01-16
|
||||||
midoriWrapper = midori; # added 2015-01
|
midoriWrapper = midori; # added 2015-01
|
||||||
minc_tools = minc-tools; # 2017-12
|
minc_tools = minc-tools; # 2017-12
|
||||||
mlt-qt5 = libsForQt5.mlt; # added 2015-12-19
|
mlt-qt5 = libsForQt5.mlt; # added 2015-12-19
|
||||||
|
@ -12672,7 +12672,7 @@ with pkgs;
|
|||||||
|
|
||||||
shaarli-material = callPackage ../servers/web-apps/shaarli/material-theme.nix { };
|
shaarli-material = callPackage ../servers/web-apps/shaarli/material-theme.nix { };
|
||||||
|
|
||||||
piwik = callPackage ../servers/web-apps/piwik { };
|
matomo = callPackage ../servers/web-apps/matomo { };
|
||||||
|
|
||||||
axis2 = callPackage ../servers/http/tomcat/axis2 { };
|
axis2 = callPackage ../servers/http/tomcat/axis2 { };
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user