From 57dca0bed4a6c0eb8b22881941ec09aacb0012d7 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Wed, 23 Sep 2020 21:25:43 +0200
Subject: [PATCH] Initial import

---
 .envrc.sample |  7 ++++++
 README.md     | 20 +++++++++++++++
 compose.yml   | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+)
 create mode 100644 .envrc.sample
 create mode 100644 README.md
 create mode 100644 compose.yml

diff --git a/.envrc.sample b/.envrc.sample
new file mode 100644
index 0000000..423bad1
--- /dev/null
+++ b/.envrc.sample
@@ -0,0 +1,7 @@
+export SERVICE=matomo
+export DOMAIN=matomo.example.com
+export STACK_NAME=matomo
+export LETS_ENCRYPT_ENV=production
+
+export DB_PASSWORD_VERSION=v1
+export DB_ROOT_PASSWORD_VERSION=v1
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d6b543d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,20 @@
+# Matomo
+
+Matomo analytics + CoöpCloud
+
+1. Set up Docker Swarm and [`abra`][abra]
+2. Deploy [`compose-stacks/traefik`][compose-traefik]
+2. `cp .envrc.sample .envrc`
+3. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
+   your Docker swarm box
+4. `direnv allow` (or `. .envrc`)
+5. Generate secrets:
+   ```
+   abra secret_generate db_password v1
+   abra secret_generate db_root_password v1
+   ```
+6. `abra deploy`
+7. Open the configured domain to finish set-up
+
+[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
+[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..98b31ad
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,68 @@
+version: "3.8"
+
+services:
+  mariadb:
+    image: mariadb
+    command: --max-allowed-packet=64MB
+    volumes:
+      - mariadb:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_DATABASE=matomo
+      - MYSQL_USER=matomo
+    networks:
+      - internal
+    secrets:
+      - db_root_password
+      - db_password
+
+  matomo:
+    image: matomo
+    depends_on: 
+      - mariadb
+    volumes:
+      - "matomo_config:/var/www/html/config"
+      - "matomo_logs:/var/www/html/logs"
+      #- matomo:/var/www/html
+    environment:
+      - MATOMO_DATABASE_ADAPTER=mysql
+      - MATOMO_DATABASE_TABLES_PREFIX=matomo_
+      - MATOMO_DATABASE_USERNAME=matomo
+      - MATOMO_DATABASE_PASSWORD_FILE=/run/secrets/db_password
+      - MATOMO_DATABASE_DBNAME=matomo
+      - MATOMO_DATABASE_HOST=db
+    networks:
+      - proxy
+      - internal
+    secrets:
+      - db_password
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${STACK_NAME}.tls=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+
+volumes:
+  mariadb:
+  matomo_config:
+  matomo_logs:
+
+secrets:
+  db_root_password:    
+    external: true 
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
+  db_password:    
+    external: true 
+    name: ${STACK_NAME}_db_password_${DB_ROOT_PASSWORD_VERSION}
+
+networks:
+  proxy:
+    external: true
+  internal: