Added Fathom statistics tracker to blog task

README.md

@@ -32,6 +32,7 @@ What do you get if you point Sovereign at a server? All kinds of good stuff!
 -   [Monit](http://mmonit.com/monit/) to keep everything running smoothly (and alert you when it’s not).
 -   [collectd](http://collectd.org/) to collect system statistics.
 -   Web hosting (ex: for your blog) via [Apache](https://www.apache.org/).
+-   Statistics for the website using [Fathom](https://github.com/usefathom/fathom).
 -   Firewall management via [Uncomplicated Firewall (ufw)](https://wiki.ubuntu.com/UncomplicatedFirewall).
 -   Intrusion prevention via [fail2ban](http://www.fail2ban.org/) and rootkit detection via [rkhunter](http://rkhunter.sourceforge.net).
 -   SSH configuration preventing root login and insecure password authentication
@@ -114,6 +115,7 @@ Create `A` or `CNAME` records which point to your server's IP address:
 * `mail.example.com`
 * `www.example.com` (for Web hosting)
 * `autoconfig.example.com` (for email client automatic configuration)
+* `fathom.example.com` (for web stats)
 * `news.example.com` (for Selfoss)
 * `cloud.example.com` (for ownCloud)
 

roles/blog/defaults/main.yml

@@ -0,0 +1,18 @@
+# pass
+secret_root: '{{ inventory_dir | realpath }}'
+secret_name: 'secret'
+secret: '{{ secret_root + "/" + secret_name }}'
+
+# must match values in roles/common
+db_admin_username: 'postgres'
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password', length=32) }}"
+
+fathom_db_username: 'fathom'
+fathom_db_password: "{{ lookup('password', secret + '/' + 'fathom_db_password', length=32) }}"
+fathom_db_database: 'fathom'
+fathom_admin_username: "{{ admin_email }}"
+fathom_admin_password: "{{ lookup('password', secret + '/' + 'fathom_admin_password', length=32) }}"
+fathom_internal_port: '9000'
+fathom_secret: "{{ lookup('password', secret + '/' + 'fathom_secret', length=32) }}"
+fathom_version: '1.2.1'
+fathom_release: "https://github.com/usefathom/fathom/releases/download/v{{ fathom_version }}/fathom_{{ fathom_version }}_linux_amd64.tar.gz"

roles/blog/tasks/blog.yml

@@ -2,7 +2,7 @@
   file: state=directory path={{ item }} group=www-data owner={{ main_user_name }}
   with_items: "{{ virtual_domains | json_query('[*].doc_root') | unique }}"
 
-- name: Create the Apache sites config file
+- name: Create the Apache sites config files
   template:
     src=etc_apache2_sites-available_blog.j2
     dest=/etc/apache2/sites-available/{{ item.name }}.conf

roles/blog/tasks/fathom.yml

@@ -0,0 +1,97 @@
+- name: Create temporary fathom directory
+  file: state=directory path=/root/fathom
+
+- name: Download fathom {{ fathom_version }} release
+  get_url:
+    url="{{ fathom_release }}"
+    dest=/root/fathom/fathom-{{ fathom_version }}.tar.gz
+
+- name: Decompress fathom release
+  unarchive: src=/root/fathom/fathom-{{ fathom_version }}.tar.gz
+             dest=/root/fathom copy=no
+             creates=/root/fathom/fathom
+
+- name: Create /usr/local/bin
+  file: state=directory path=/usr/local/bin
+
+- name: Stop old fathom instance
+  service: name=fathom-stats state=stopped
+
+- name: Copy fathom binary to /usr/local/bin
+  shell: cp fathom/fathom /usr/local/bin/fathom chdir=/root
+
+- name: Remove downloaded temporary fathom files
+  file: state=absent path=/root/fathom
+
+- name: Create fathom working directory
+  file: state=directory path=/home/{{ main_user_name }}/fathom-stats
+
+- name: Create fathom config file
+  template:
+    src=home_user_fathom-stats_env.j2
+    dest=/home/{{ main_user_name }}/fathom-stats/.env
+    owner={{ main_user_name }}
+    group=root
+
+- name: Add fathom postgres user
+  postgresql_user:
+    login_host=localhost
+    login_user={{ db_admin_username }}
+    login_password="{{ db_admin_password }}"
+    name={{ fathom_db_username }}
+    password="{{ fathom_db_password }}"
+    encrypted=yes
+    state=present
+
+- name: Create fathom database
+  postgresql_db:
+    login_host=localhost
+    login_user={{ db_admin_username }}
+    login_password="{{ db_admin_password }}"
+    name={{ fathom_db_database }}
+    state=present
+    owner={{ fathom_db_username }}
+
+- name: Delete old fathom admin user account
+  become: true
+  become_user: "{{ main_user_name }}"
+  shell: fathom user delete --email="{{ fathom_admin_username }}"
+  args:
+    chdir: /home/{{ main_user_name }}/fathom-stats
+
+- name: Create fathom admin user account
+  become: true
+  become_user: "{{ main_user_name }}"
+  shell: fathom user add --email="{{ fathom_admin_username }}" --password="{{ fathom_admin_password }}"
+  args:
+    chdir: /home/{{ main_user_name }}/fathom-stats
+
+- name: Add systemd service to start fathom automatically
+  template:
+    src=etc_systemd_system_fathom-stats.j2
+    dest=/etc/systemd/system/fathom-stats.service
+    owner=root
+    group=root
+
+- name: Register new fathom service
+  systemd: name=fathom-stats daemon_reload=yes enabled=yes
+
+- name: Start new fathom instance
+  service: name=fathom-stats state=started
+
+- name: Create the Apache Fathom sites config files
+  template:
+    src=etc_apache2_sites-available_fathom.j2
+    dest=/etc/apache2/sites-available/fathom_{{ item.name }}.conf
+    owner=root
+    group=root
+  with_items: "{{ virtual_domains }}"
+
+- name: Remove old sites-enabled symlinks (new ones will be created by a2ensite)
+  file: path=/etc/apache2/sites-enabled/fathom_{{ item }}.conf state=absent
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"
+
+- name: Enable Apache sites (creates new sites-enabled symlinks)
+  command: a2ensite fathom_{{ item }}.conf creates=/etc/apache2/sites-enabled/fathom_{{ item }}.conf
+  notify: restart apache
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"

roles/blog/tasks/main.yml

@@ -1 +1,2 @@
-- include: blog.yml tags=blog
+- include: blog.yml tags=blog
+- include: fathom.yml tags=blog

roles/blog/templates/etc_apache2_sites-available_fathom.j2

@@ -0,0 +1,20 @@
+<VirtualHost *:80>
+    ServerName fathom.{{ item.name }}
+
+    Redirect permanent / https://{{ item.name }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName fathom.{{ item.name }}
+
+    SSLEngine               On
+    DocumentRoot            "{{ item.doc_root }}"
+    DirectoryIndex          index.html
+    Options                 -Indexes
+    HostnameLookups         Off
+
+    ProxyRequests           On
+    ProxyPreserveHost       On
+    ProxyPass               / http://localhost:{{ fathom_internal_port }}/
+    ProxyPassReverse        / http://localhost:{{ fathom_internal_port }}/
+</VirtualHost>

roles/blog/templates/etc_systemd_system_fathom-stats.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Starts the fathom server
+Requires=network.target
+After=network.target
+
+[Service]
+Type=simple
+User={{ main_user_name }}
+Restart=always
+RestartSec=3
+WorkingDirectory=/home/{{ main_user_name }}/fathom-stats
+ExecStart=/usr/local/bin/fathom server
+
+[Install]
+WantedBy=multi-user.target

roles/blog/templates/home_user_fathom-stats_env.j2

@@ -0,0 +1,10 @@
+FATHOM_SERVER_ADDR={{ fathom_internal_port }}
+FATHOM_GZIP=true
+FATHOM_DEBUG=false
+FATHOM_DATABASE_DRIVER="postgres"
+FATHOM_DATABASE_SSLMODE="require"
+FATHOM_DATABASE_NAME="{{ fathom_db_database }}"
+FATHOM_DATABASE_USER="{{ fathom_db_username }}"
+FATHOM_DATABASE_PASSWORD="{{ fathom_db_password }}"
+FATHOM_DATABASE_HOST="localhost"
+FATHOM_SECRET="{{ fathom_secret }}"

roles/common/files/letsencrypt-gencert

@@ -17,7 +17,7 @@ for domain in "$@"; do
   fi
 
   # subdomains - www.foo.com mail.foo.com ...
-  for sub in www mail autoconfig news cloud git; do
+  for sub in www mail autoconfig fathom news cloud git; do
     # only add if the DNS entry for the subdomain does actually exist
     if (getent hosts $sub.$domain > /dev/null); then
       if [ -z "$d" ]; then

roles/common/tasks/apache.yml

@@ -9,6 +9,14 @@
   command: a2enmod headers creates=/etc/apache2/mods-enabled/headers.load
   notify: restart apache
 
+- name: Enable Apache proxy module
+  command: a2enmod proxy creates=/etc/apache2/mods-enabled/proxy.load
+  notify: restart apache
+
+- name: Enable Apache proxy http module
+  command: a2enmod proxy_http creates=/etc/apache2/mods-enabled/proxy_http.load
+  notify: restart apache
+
 - name: Create ServerName configuration file for Apache
   template: src=fqdn.j2 dest=/etc/apache2/conf-available/fqdn.conf