Finished initial inventory for Matomo installer.

scripttease/data/inventory/matomo/meta.ini

@@ -0,0 +1,6 @@
+[package]
+description = Install Matomo.
+docs = https://matomo.com
+tags = stats
+title = Matomo
+version = 0.1.0-d

scripttease/data/inventory/matomo/notes.md

@@ -1,99 +0,0 @@
-Install dependencies
-
-apt install apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip -v
-
-sudo systemctl start apache2
-sudo systemctl start mariadb
-
-
-Enable and Create db
-
-sudo systemctl enable apache2 mariadb
-
-CREATE MYSQL DATABASE
-MYSQL
-CREATE DATABASE matomodb;
-CREATE USER 'matomouser'@'localhost' IDENTIFIED BY 'password'
-GRANT ALL PRIVILAGES ON matomodb.* TO 'matomouser'@'localhost'
-
-
-Pull and unzip Matomo files and set permissions
-
-wget http://builds.matomo.org/matomo-latest.zip 
-
-unzip matomo-latest.zip
-
-mv matomo /var/www/html/matomo
-
-chown -R www-data:www-data /var/www/html/matomo
-
-chmod -R 755 /var/www/html/matomo
-
-
-
-Create Apache config file
-
-sudo nano /etc/apache2/sites-available/matomo.conf
-
-<VirtualHost *:80>
-
-ServerName matomo.mark37.com
-DocumentRoot /var/www/html/matomo/
-
-<Directory /var/www/html/matomo>
-Options FollowSymLinks
-Allowoverride All
-Require all granted
-</Directory>
-
-<Files "console">
-Options None
-Require all denied
-</Files>
-
-<Directory /var/www/html/matomo/misc/user>
-Options None
-Required all granted
-</Directory>
-
-<Directory /var/www/html/matomo/misc>
-Options None
-Required all granted
-</Directory>
-
-<Directory /var/www/html/matomo/vendor>
-Options None
-Required all granted
-</Directory>
-
-ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
-CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined
-
-</VirtualHost>
-
-
-
-
-Enable site
-
-sudo a2ensite matomo.mark37.com
-
-sudo a2enmod rewrite headers enc dif mime setenvif ssl
-
-sudo systemctl enable --now php7.4-fpm
-sudo systemctl reload apache2
-
-
-Install SSL Certificate
-
-sudo apt install certbot python3-certbot-apache -y
-
-sudo ufw disable
-sudo certbot --apache -d matomo.mark37.com
-sudo ufw enable
-
-
-
-cron settings for Ssl renew
-
-0 6 * * 0 certbot renew -n -q --pre-hook “systemctl stop apache2” --post-hook “systemctl start apache2”

scripttease/data/inventory/matomo/steps.ini

@@ -0,0 +1,91 @@
+[install dependencies]
+install: $item
+sudo: yes
+items: apache2 mariadb-server php libapache2-mod-php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear phpbcmath curl unzip
+
+[make sure a maintenance root exists]
+dir: /var/www/maint/www
+group: {{ apache_group }}
+owner: {{ apache_user }}
+recursive: yes
+sudo: yes
+
+[disable the default site]
+apache.disable_site: 000-default
+sudo: yes
+
+[install certbot]
+install: certbot
+sudo: yes
+
+[enable apache modules]
+apache.enable_module: $item
+items: rewrite headers enc dif mime setenvif ssl
+sudo: yes
+
+; Is this really necessary?
+[enable php]
+run: systemctl enable --now php7.4-fpm
+sudo: yes
+
+[create virtual host without SSL]
+template: http.conf /etc/apache2/sites-available/{{ domain_name }}.conf
+sudo: yes
+
+[enable the non-SSL site]
+apache.enable_site: {{ domain_name }}
+sudo: yes
+
+[reload apache with non-SSL site in place]
+apache.reload:
+sudo: yes
+
+[create the database]
+mysql.create: {{ database_name }}
+host: {{ database_host }}
+
+[create the database user]
+mysql.user: {{ database_user }}
+host: {{ database_host }}
+password: {{ database_password }}
+
+[set privileges for database user]
+mysql.grant: {{ database_user }}
+database: {{ database_name }}
+host: {{ database_host }}
+
+[download the latest copy of matomo]
+run: wget http://builds.matomo.org/matomo-latest.zip
+cd: /tmp
+
+[unzip the matomo package]
+run: unzip matomo-latest.zip
+cd: /tmp
+
+[move the matomo package]
+move: /tmp/matomo {{ install_path }}/{{ domain_tld }}
+sudo: yes
+
+[set permissions on the matomo directory]
+perms: {{ install_path }}/{{ domain_tld }}
+owner: {{ apache_user }}
+group: {{ apache_group }}
+mode: 755
+recursive: yes
+sudo: yes
+
+{% if not file_exists(letsencrypt_file, host=current_host) %}
+[acquire SSL certificate]
+certbot: {{ domain_name }}
+email: {{ webmaster_email }}
+webroot: /var/www/maint/www
+sudo: yes
+{% endif %}
+
+[create virtual host with SSL]
+template: https.conf /etc/apache2/sites-available/{{ domain_name }}.conf
+sudo: yes
+
+[reload apache with SSL in place]
+apache.reload:
+sudo: yes

scripttease/data/inventory/matomo/templates/http.conf

@@ -0,0 +1,12 @@
+# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites
+# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if
+# a custom maintenance site is required.
+<VirtualHost *:80>
+    ServerName {{ domain_name }}
+    ServerAlias *.{{ domain_name }}
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
+    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
+    DocumentRoot /var/www/maint/www
+</VirtualHost>

scripttease/data/inventory/matomo/templates/https.conf

@@ -0,0 +1,52 @@
+# The port 80 host is required for renewing Let's Encrypt certificates. By default document root is shared by all sites
+# requiring SSL support, but this may be changed to {{ deploy.shared_path }}/maint/www in the deployment template if
+# a custom maintenance site is required.
+<VirtualHost *:80>
+    ServerName {{ domain_name }}
+    ServerAlias *.{{ domain_name }}
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteCond %{REQUEST_URI} !^/.well-known [NC]
+    RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
+    DocumentRoot /var/www/maint/www
+</VirtualHost>
+
+# The 443 host is where the application is actually served.
+<VirtualHost *:443>
+    ServerName {{ domain_name }}
+    DocumentRoot {{ install_path }}/{{ domain_tld }}
+
+    <Directory {{ install_path }}/{{ domain_tld }}>
+        Options FollowSymLinks
+        Allowoverride All
+        Require all granted
+    </Directory>
+
+    <Files "console">
+        Options None
+        Require all denied
+    </Files>
+
+    <Directory {{ install_path }}/{{ domain_tld }}/misc/user>
+        Options None
+        Required all granted
+    </Directory>
+
+    <Directory {{ install_path }}/{{ domain_tld }}/misc>
+        Options None
+        Required all granted
+    </Directory>
+
+    <Directory {{ install_path }}/{{ domain_tld }}/vendor>
+        Options None
+        Required all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/matomo_error.log
+    CustomLog ${APACHE_LOG_DIR}/matomo_access.log combined
+
+    SSLEngine on
+    SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem
+    SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem
+
+</VirtualHost>

scripttease/data/inventory/matomo/variables.ini

@@ -0,0 +1,43 @@
+[apache_user]
+comment = The name of the user that runs Apache.
+value = www-data
+
+[apache_group]
+comment = The name of the group to which the Apache user is assigned.
+value = www-data
+
+[database_host]
+comment = The server name hosting the database.
+value = localhost
+
+[database_name]
+comment = The name of the database.
+value = matomo_example_com
+
+[database_password]
+comment = The password used to access the database.
+value = change_this_to_something_secure!
+
+[database_user]
+comment = The user name accessing the database.
+value = matomo_example_com
+
+[domain_name]
+comment = The domain name to use for the Matomo host.
+value = matomo.example.com
+
+[domain_tld]
+comment = The domain name as a directory.
+value = matomo_example_com
+
+[letsencrypt_file]
+comment = The path to the SSL cert.
+value = /etc/letsencrypt/live/%(domain_name)/cert.pem
+
+[webmaster_email]
+comment = The webmaster's email address. Used when setting up SSL.
+value = webmaster@example.com
+
+[install_path]
+comment = The path to document root where Matomo will be installed.
+value = /var/www