2021-05-21 21:15:23 +00:00
|
|
|
{ lib, pkgs, config, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.plausible;
|
|
|
|
|
|
|
|
in {
|
|
|
|
options.services.plausible = {
|
|
|
|
enable = mkEnableOption "plausible";
|
|
|
|
|
2023-11-30 18:03:14 +00:00
|
|
|
package = mkPackageOption pkgs "plausible" { };
|
2023-04-17 09:18:23 +00:00
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
adminUser = {
|
|
|
|
name = mkOption {
|
|
|
|
default = "admin";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Name of the admin user that plausible will created on initial startup.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
email = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
example = "admin@localhost";
|
|
|
|
description = ''
|
|
|
|
Email-address of the admin-user.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
passwordFile = mkOption {
|
|
|
|
type = types.either types.str types.path;
|
|
|
|
description = ''
|
|
|
|
Path to the file which contains the password of the admin user.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
activate = mkEnableOption "activating the freshly created admin-user";
|
|
|
|
};
|
|
|
|
|
|
|
|
database = {
|
|
|
|
clickhouse = {
|
|
|
|
setup = mkEnableOption "creating a clickhouse instance" // { default = true; };
|
|
|
|
url = mkOption {
|
|
|
|
default = "http://localhost:8123/default";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
2022-08-13 03:15:06 +00:00
|
|
|
The URL to be used to connect to `clickhouse`.
|
2021-05-21 21:15:23 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
postgres = {
|
|
|
|
setup = mkEnableOption "creating a postgresql instance" // { default = true; };
|
|
|
|
dbname = mkOption {
|
|
|
|
default = "plausible";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Name of the database to use.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
socket = mkOption {
|
|
|
|
default = "/run/postgresql";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
2022-08-13 03:15:06 +00:00
|
|
|
Path to the UNIX domain-socket to communicate with `postgres`.
|
2021-05-21 21:15:23 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
server = {
|
|
|
|
disableRegistration = mkOption {
|
|
|
|
default = true;
|
2023-10-26 14:54:25 +00:00
|
|
|
type = types.enum [true false "invite_only"];
|
2021-05-21 21:15:23 +00:00
|
|
|
description = ''
|
2023-10-26 14:54:25 +00:00
|
|
|
Whether to prohibit creating an account in plausible's UI or allow on `invite_only`.
|
2021-05-21 21:15:23 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
secretKeybaseFile = mkOption {
|
|
|
|
type = types.either types.path types.str;
|
|
|
|
description = ''
|
|
|
|
Path to the secret used by the `phoenix`-framework. Instructions
|
|
|
|
how to generate one are documented in the
|
2022-07-28 21:19:15 +00:00
|
|
|
[
|
2021-05-21 21:15:23 +00:00
|
|
|
framework docs](https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content).
|
|
|
|
'';
|
|
|
|
};
|
plausible, nixos/plausible: Add `listenAddress` option.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
2022-01-13 03:21:32 +00:00
|
|
|
listenAddress = mkOption {
|
|
|
|
default = "127.0.0.1";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
The IP address on which the server is listening.
|
|
|
|
'';
|
|
|
|
};
|
2021-05-21 21:15:23 +00:00
|
|
|
port = mkOption {
|
|
|
|
default = 8000;
|
|
|
|
type = types.port;
|
|
|
|
description = ''
|
|
|
|
Port where the service should be available.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
baseUrl = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
Public URL where plausible is available.
|
2021-07-14 03:28:57 +00:00
|
|
|
|
|
|
|
Note that `/path` components are currently ignored:
|
2022-07-28 21:19:15 +00:00
|
|
|
[
|
2021-07-14 03:28:57 +00:00
|
|
|
https://github.com/plausible/analytics/issues/1182
|
|
|
|
](https://github.com/plausible/analytics/issues/1182).
|
2021-05-21 21:15:23 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
mail = {
|
|
|
|
email = mkOption {
|
2021-05-29 14:13:20 +00:00
|
|
|
default = "hello@plausible.local";
|
2021-05-21 21:15:23 +00:00
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
The email id to use for as *from* address of all communications
|
|
|
|
from Plausible.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
smtp = {
|
|
|
|
hostAddr = mkOption {
|
|
|
|
default = "localhost";
|
|
|
|
type = types.str;
|
|
|
|
description = ''
|
|
|
|
The host address of your smtp server.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
hostPort = mkOption {
|
|
|
|
default = 25;
|
|
|
|
type = types.port;
|
|
|
|
description = ''
|
|
|
|
The port of your smtp server.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
user = mkOption {
|
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
description = ''
|
|
|
|
The username/email in case SMTP auth is enabled.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
passwordFile = mkOption {
|
|
|
|
default = null;
|
|
|
|
type = with types; nullOr (either str path);
|
|
|
|
description = ''
|
|
|
|
The path to the file with the password in case SMTP auth is enabled.
|
|
|
|
'';
|
|
|
|
};
|
2021-05-29 14:13:20 +00:00
|
|
|
enableSSL = mkEnableOption "SSL when connecting to the SMTP server";
|
2021-05-21 21:15:23 +00:00
|
|
|
retries = mkOption {
|
|
|
|
type = types.ints.unsigned;
|
|
|
|
default = 2;
|
|
|
|
description = ''
|
|
|
|
Number of retries to make until mailer gives up.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
plausible, nixos/plausible: Add `listenAddress` option.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
2022-01-13 03:21:32 +00:00
|
|
|
imports = [
|
|
|
|
(mkRemovedOptionModule [ "services" "plausible" "releaseCookiePath" ] "Plausible uses no distributed Erlang features, so this option is no longer necessary and was removed")
|
|
|
|
];
|
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
config = mkIf cfg.enable {
|
|
|
|
assertions = [
|
|
|
|
{ assertion = cfg.adminUser.activate -> cfg.database.postgres.setup;
|
|
|
|
message = ''
|
2021-05-29 15:33:16 +00:00
|
|
|
Unable to automatically activate the admin-user if no locally managed DB for
|
2021-05-21 21:15:23 +00:00
|
|
|
postgres (`services.plausible.database.postgres.setup') is enabled!
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
services.postgresql = mkIf cfg.database.postgres.setup {
|
|
|
|
enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.clickhouse = mkIf cfg.database.clickhouse.setup {
|
|
|
|
enable = true;
|
|
|
|
};
|
|
|
|
|
2023-04-17 09:18:23 +00:00
|
|
|
environment.systemPackages = [ cfg.package ];
|
2021-11-09 13:15:53 +00:00
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
systemd.services = mkMerge [
|
|
|
|
{
|
|
|
|
plausible = {
|
2023-04-17 09:18:23 +00:00
|
|
|
inherit (cfg.package.meta) description;
|
2021-05-21 21:15:23 +00:00
|
|
|
documentation = [ "https://plausible.io/docs/self-hosting" ];
|
2021-05-29 14:13:20 +00:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2022-08-14 14:53:42 +00:00
|
|
|
after = optional cfg.database.clickhouse.setup "clickhouse.service"
|
|
|
|
++ optionals cfg.database.postgres.setup [
|
|
|
|
"postgresql.service"
|
|
|
|
"plausible-postgres.service"
|
|
|
|
];
|
2021-05-29 14:13:20 +00:00
|
|
|
requires = optional cfg.database.clickhouse.setup "clickhouse.service"
|
|
|
|
++ optionals cfg.database.postgres.setup [
|
|
|
|
"postgresql.service"
|
|
|
|
"plausible-postgres.service"
|
|
|
|
];
|
2021-05-21 21:15:23 +00:00
|
|
|
|
|
|
|
environment = {
|
|
|
|
# NixOS specific option to avoid that it's trying to write into its store-path.
|
|
|
|
# See also https://github.com/lau/tzdata#data-directory-and-releases
|
2021-10-30 12:58:21 +00:00
|
|
|
STORAGE_DIR = "/var/lib/plausible/elixir_tzdata";
|
2021-05-21 21:15:23 +00:00
|
|
|
|
|
|
|
# Configuration options from
|
|
|
|
# https://plausible.io/docs/self-hosting-configuration
|
|
|
|
PORT = toString cfg.server.port;
|
plausible, nixos/plausible: Add `listenAddress` option.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
2022-01-13 03:21:32 +00:00
|
|
|
LISTEN_IP = cfg.server.listenAddress;
|
|
|
|
|
|
|
|
# Note [plausible-needs-no-erlang-distributed-features]:
|
|
|
|
# Plausible does not use, and does not plan to use, any of
|
|
|
|
# Erlang's distributed features, see:
|
|
|
|
# https://github.com/plausible/analytics/pull/1190#issuecomment-1018820934
|
|
|
|
# Thus, disable distribution for improved simplicity and security:
|
|
|
|
#
|
|
|
|
# When distribution is enabled,
|
|
|
|
# Elixir spwans the Erlang VM, which will listen by default on all
|
|
|
|
# interfaces for messages between Erlang nodes (capable of
|
|
|
|
# remote code execution); it can be protected by a cookie; see
|
|
|
|
# https://erlang.org/doc/reference_manual/distributed.html#security).
|
|
|
|
#
|
|
|
|
# It would be possible to restrict the interface to one of our choice
|
|
|
|
# (e.g. localhost or a VPN IP) similar to how we do it with `listenAddress`
|
|
|
|
# for the Plausible web server; if distribution is ever needed in the future,
|
|
|
|
# https://github.com/NixOS/nixpkgs/pull/130297 shows how to do it.
|
|
|
|
#
|
|
|
|
# But since Plausible does not use this feature in any way,
|
|
|
|
# we just disable it.
|
|
|
|
RELEASE_DISTRIBUTION = "none";
|
|
|
|
# Additional safeguard, in case `RELEASE_DISTRIBUTION=none` ever
|
|
|
|
# stops disabling the start of EPMD.
|
|
|
|
ERL_EPMD_ADDRESS = "127.0.0.1";
|
|
|
|
|
2023-10-26 14:54:25 +00:00
|
|
|
DISABLE_REGISTRATION = if isBool cfg.server.disableRegistration then boolToString cfg.server.disableRegistration else cfg.server.disableRegistration;
|
2021-05-21 21:15:23 +00:00
|
|
|
|
2021-05-29 14:13:20 +00:00
|
|
|
RELEASE_TMP = "/var/lib/plausible/tmp";
|
2021-11-09 13:15:53 +00:00
|
|
|
# Home is needed to connect to the node with iex
|
|
|
|
HOME = "/var/lib/plausible";
|
2021-05-29 14:13:20 +00:00
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
ADMIN_USER_NAME = cfg.adminUser.name;
|
|
|
|
ADMIN_USER_EMAIL = cfg.adminUser.email;
|
|
|
|
|
|
|
|
DATABASE_SOCKET_DIR = cfg.database.postgres.socket;
|
|
|
|
DATABASE_NAME = cfg.database.postgres.dbname;
|
|
|
|
CLICKHOUSE_DATABASE_URL = cfg.database.clickhouse.url;
|
|
|
|
|
|
|
|
BASE_URL = cfg.server.baseUrl;
|
|
|
|
|
|
|
|
MAILER_EMAIL = cfg.mail.email;
|
|
|
|
SMTP_HOST_ADDR = cfg.mail.smtp.hostAddr;
|
|
|
|
SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort;
|
|
|
|
SMTP_RETRIES = toString cfg.mail.smtp.retries;
|
|
|
|
SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL;
|
2021-05-29 14:13:20 +00:00
|
|
|
|
|
|
|
SELFHOST = "true";
|
|
|
|
} // (optionalAttrs (cfg.mail.smtp.user != null) {
|
|
|
|
SMTP_USER_NAME = cfg.mail.smtp.user;
|
|
|
|
});
|
2021-05-21 21:15:23 +00:00
|
|
|
|
2023-04-17 09:18:23 +00:00
|
|
|
path = [ cfg.package ]
|
2021-05-21 21:15:23 +00:00
|
|
|
++ optional cfg.database.postgres.setup config.services.postgresql.package;
|
2021-10-30 12:58:21 +00:00
|
|
|
script = ''
|
plausible, nixos/plausible: Add `listenAddress` option.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
2022-01-13 03:21:32 +00:00
|
|
|
# Elixir does not start up if `RELEASE_COOKIE` is not set,
|
|
|
|
# even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
|
|
|
|
# Thus, make a random one, which should then be ignored.
|
|
|
|
export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
|
2023-07-02 15:03:53 +00:00
|
|
|
export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
|
|
|
|
export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
|
|
|
|
|
|
|
|
${lib.optionalString (cfg.mail.smtp.passwordFile != null)
|
|
|
|
''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
|
2022-01-25 16:19:49 +00:00
|
|
|
|
2024-03-29 21:23:18 +00:00
|
|
|
${lib.optionalString cfg.database.postgres.setup ''
|
|
|
|
# setup
|
2024-05-07 13:27:08 +00:00
|
|
|
${cfg.package}/createdb.sh
|
2024-03-29 21:23:18 +00:00
|
|
|
''}
|
|
|
|
|
2023-04-17 09:18:23 +00:00
|
|
|
${cfg.package}/migrate.sh
|
2023-09-06 19:00:20 +00:00
|
|
|
export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
|
2023-04-30 22:31:55 +00:00
|
|
|
${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
|
2021-10-30 12:58:21 +00:00
|
|
|
${optionalString cfg.adminUser.activate ''
|
2023-09-06 19:00:20 +00:00
|
|
|
psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';"
|
2021-10-30 12:58:21 +00:00
|
|
|
''}
|
2022-01-25 16:19:49 +00:00
|
|
|
|
|
|
|
exec plausible start
|
2021-10-30 12:58:21 +00:00
|
|
|
'';
|
2021-05-21 21:15:23 +00:00
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
DynamicUser = true;
|
|
|
|
PrivateTmp = true;
|
|
|
|
WorkingDirectory = "/var/lib/plausible";
|
|
|
|
StateDirectory = "plausible";
|
2021-10-30 12:58:21 +00:00
|
|
|
LoadCredential = [
|
|
|
|
"ADMIN_USER_PWD:${cfg.adminUser.passwordFile}"
|
|
|
|
"SECRET_KEY_BASE:${cfg.server.secretKeybaseFile}"
|
2022-01-25 16:19:49 +00:00
|
|
|
] ++ lib.optionals (cfg.mail.smtp.passwordFile != null) [ "SMTP_USER_PWD:${cfg.mail.smtp.passwordFile}"];
|
2021-05-21 21:15:23 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
(mkIf cfg.database.postgres.setup {
|
2021-05-29 14:13:20 +00:00
|
|
|
# `plausible' requires the `citext'-extension.
|
2021-05-21 21:15:23 +00:00
|
|
|
plausible-postgres = {
|
|
|
|
after = [ "postgresql.service" ];
|
|
|
|
partOf = [ "plausible.service" ];
|
2021-10-30 12:58:21 +00:00
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
User = config.services.postgresql.superUser;
|
|
|
|
RemainAfterExit = true;
|
|
|
|
};
|
|
|
|
script = with cfg.database.postgres; ''
|
2021-05-29 14:13:20 +00:00
|
|
|
PSQL() {
|
2021-10-30 12:58:21 +00:00
|
|
|
${config.services.postgresql.package}/bin/psql --port=5432 "$@"
|
2021-05-29 14:13:20 +00:00
|
|
|
}
|
2021-10-30 12:58:21 +00:00
|
|
|
# check if the database already exists
|
|
|
|
if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${dbname} ; then
|
|
|
|
PSQL -tAc "CREATE ROLE plausible WITH LOGIN;"
|
|
|
|
PSQL -tAc "CREATE DATABASE ${dbname} WITH OWNER plausible;"
|
|
|
|
PSQL -d ${dbname} -tAc "CREATE EXTENSION IF NOT EXISTS citext;"
|
|
|
|
fi
|
2021-05-21 21:15:23 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
})
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2024-05-07 13:35:22 +00:00
|
|
|
meta.maintainers = with maintainers; [ xanderio ];
|
2023-01-24 23:33:40 +00:00
|
|
|
meta.doc = ./plausible.md;
|
2021-05-21 21:15:23 +00:00
|
|
|
}
|