Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/web-app-matomo/README.md

@@ -0,0 +1,29 @@
+# Matomo
+
+## Description
+
+Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity.
+
+## Overview
+
+This role deploys Matomo using Docker, automating the setup of your analytics platform along with its underlying database. With support for health checks, persistent storage for configuration and data, and integration with an Nginx reverse proxy, Matomo is configured to provide reliable and scalable analytics for your digital presence.
+
+## Features
+
+- **Real-Time Analytics:** Monitor visitor activity and generate detailed insights instantly.
+- **Robust Tracking:** Track user interactions across your website with comprehensive analytics tools.
+- **Privacy-First:** Enjoy a self-hosted solution that prioritizes data ownership and privacy.
+- **Customizable Setup:** Configure database connections, admin credentials, and server settings via environment variables and a TOML configuration file.
+- **Scalable Deployment:** Use Docker to ensure your analytics platform can grow with your traffic demands.
+
+## Further Resources
+
+- [Matomo Official Website](https://matomo.org/)
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+Licensed under [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl).

roles/web-app-matomo/meta/main.yml

@@ -0,0 +1,22 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - matomo
+    - docker
+    - analytics
+    - open-source
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+  logo:
+    class: "fa-solid fa-chart-line"
+  run_after:
+    - "service-rdbms-postgres"

roles/web-app-matomo/meta/schema.yml

@@ -0,0 +1,5 @@
+credentials:
+  auth_token:
+    description: "Authentication token for the Matomo HTTP API (used for automation and integrations)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"

roles/web-app-matomo/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+- name: "include service-rdbms-central"
+  include_role: 
+    name: service-rdbms-central
+  when: run_once_docker_matomo is not defined
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+  when: run_once_docker_matomo is not defined
+
+- name: run the docker matomo tasks once
+  set_fact:
+    run_once_docker_matomo: true
+  when: run_once_docker_matomo is not defined
+
+- name: Exclude global IPs in Matomo
+  uri:
+    url: "{{ matomo_index_php_url }}"
+    method: POST
+    body_format: form-urlencoded
+    body:
+      module: API
+      method: SitesManager.setGlobalExcludedIps
+      excludedIps: "{{ matomo_excluded_ips | join(',') }}"
+      format: json
+      token_auth: "{{ matomo_auth_token }}"
+    return_content: yes
+    status_code: 200
+
+- name: Exclude CSP-CheckerBot user agent in Matomo
+  uri:
+    url: "{{ matomo_index_php_url }}"
+    method: POST
+    body_format: form-urlencoded
+    body:
+      module: API
+      method: SitesManager.setGlobalExcludedUserAgents
+      excludedUserAgents: "CSP-CheckerBot"
+      format: json
+      token_auth: "{{ matomo_auth_token }}"
+    return_content: yes
+    status_code: 200

roles/web-app-matomo/templates/docker-compose.yml.j2

@@ -0,0 +1,16 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  application:
+{% set container_port = 80 %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications[application_id].images[application_id] }}"
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
+    volumes:
+      - data:/var/www/html
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-matomo/templates/env.j2

@@ -0,0 +1,8 @@
+# Environment File for Matomo 
+# @see https://hub.docker.com/_/matomo/
+
+MATOMO_DATABASE_HOST=     "{{database_host}}:{{database_port}}"
+MATOMO_DATABASE_ADAPTER=  "mysql"
+MATOMO_DATABASE_USERNAME= "{{database_username}}"
+MATOMO_DATABASE_PASSWORD= "{{database_password}}"
+MATOMO_DATABASE_DBNAME=   "{{database_name}}"

roles/web-app-matomo/vars/configuration.yml

@@ -0,0 +1,32 @@
+images:
+  matomo:             "matomo:latest"
+features:
+  matomo:             true
+  css:                false
+  portfolio_iframe:   true
+  central_database:   true
+  oauth2:             false
+csp:
+  whitelist:
+    script-src-elem:
+      - https://cdn.matomo.cloud
+    style-src:
+      - https://fonts.googleapis.com
+  flags:
+    script-src:
+      unsafe-eval:   true
+    script-src-elem:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+domains:
+  aliases:
+    - "analytics.{{ primary_domain }}"
+excluded_ips: "{{ networks.internet.values() | list }}"
+
+docker:
+  services:
+    database:
+      enabled: true

roles/web-app-matomo/vars/main.yml

@@ -0,0 +1,10 @@
+---
+application_id:       "matomo"
+database_type:        "mariadb"
+matomo_excluded_ips:  "{{ applications.matomo.excluded_ips }}"
+matomo_index_php_url: "{{ domains | get_url('matomo', web_protocol) }}/index.php"
+matomo_auth_token:    "{{ applications.matomo.credentials.auth_token }}"
+
+
+# I don't know if this is still necessary
+domain:               "{{ domains | get_domain(application_id) }}"