diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index 65cc166c9a0..565f0cb68d5 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -276,6 +276,23 @@
which determines the used
Matomo version.
+
+ The Matomo module now also comes with the systemd service matomo-archive-processing.service
+ and a timer that automatically triggers archive processing every hour.
+ This means that you can safely
+
+ disable browser triggers for Matomo archiving
+ at Administration > System > General Settings.
+
+
+ Additionally, you can enable to
+
+ delete old visitor logs
+ at Administration > System > Privacy,
+ but make sure that you run systemctl start matomo-archive-processing.service
+ at least once without errors if you have already collected data before,
+ so that the reports get archived before the source data gets deleted.
+
diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml
index 510a335edc3..c71c22e810e 100644
--- a/nixos/modules/services/web-apps/matomo-doc.xml
+++ b/nixos/modules/services/web-apps/matomo-doc.xml
@@ -12,15 +12,15 @@
An automatic setup is not suported by Matomo, so you need to configure Matomo
itself in the browser-based Matomo setup.
+
Database Setup
-
You also need to configure a MariaDB or MySQL database and -user for Matomo
yourself, and enter those credentials in your browser. You can use
passwordless database authentication via the UNIX_SOCKET authentication
plugin with the following SQL commands:
-
+
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE matomo;
@@ -32,7 +32,7 @@
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
-
+
Then fill in matomo as database user and database name,
and leave the password field blank. This authentication works by allowing
only the matomo unix user to authenticate as the
@@ -46,9 +46,30 @@
database is not on the same host.
+
+
+ Archive Processing
+
+ This module comes with the systemd service matomo-archive-processing.service
+ and a timer that automatically triggers archive processing every hour.
+ This means that you can safely
+
+ disable browser triggers for Matomo archiving
+ at Administration > System > General Settings.
+
+
+ With automatic archive processing, you can now also enable to
+
+ delete old visitor logs
+ at Administration > System > Privacy,
+ but make sure that you run systemctl start matomo-archive-processing.service
+ at least once without errors if you have already collected data before,
+ so that the reports get archived before the source data gets deleted.
+
+
+
Backup
-
You only need to take backups of your MySQL database and the
/var/lib/matomo/config/config.ini.php file. Use a user
@@ -57,9 +78,9 @@
.
+
Issues
-
@@ -76,6 +97,7 @@
+
Using other Web Servers than nginx
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix
index 9fddf832074..34ca5c2a72b 100644
--- a/nixos/modules/services/web-apps/matomo.nix
+++ b/nixos/modules/services/web-apps/matomo.nix
@@ -54,6 +54,20 @@ in {
'';
};
+ periodicArchiveProcessing = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ Enable periodic archive processing, which generates aggregated reports from the visits.
+
+ This means that you can safely disable browser triggers for Matomo archiving,
+ and safely enable to delete old visitor logs.
+ Before deleting visitor logs,
+ make sure though that you run systemctl start matomo-archive-processing.service
+ at least once without errors if you have already collected data before.
+ '';
+ };
+
phpfpmProcessManagerConfig = mkOption {
type = types.str;
default = ''
@@ -132,16 +146,17 @@ in {
requires = [ databaseService ];
after = [ databaseService ];
path = [ cfg.package ];
+ environment.PIWIK_USER_PATH = dataDir;
serviceConfig = {
Type = "oneshot";
User = user;
# hide especially config.ini.php from other
UMask = "0007";
# TODO: might get renamed to MATOMO_USER_PATH in future versions
- Environment = "PIWIK_USER_PATH=${dataDir}";
# chown + chmod in preStart needs root
PermissionsStartOnly = true;
};
+
# correct ownership and permissions in case they're not correct anymore,
# e.g. after restoring from backup or moving from another system.
# Note that ${dataDir}/config/config.ini.php might contain the MySQL password.
@@ -169,6 +184,37 @@ in {
'';
};
+ # If this is run regularly via the timer,
+ # 'Browser trigger archiving' can be disabled in Matomo UI > Settings > General Settings.
+ systemd.services.matomo-archive-processing = {
+ description = "Archive Matomo reports";
+ # the archiving can only work if the database is already up and running
+ requires = [ databaseService ];
+ after = [ databaseService ];
+
+ # TODO: might get renamed to MATOMO_USER_PATH in future versions
+ environment.PIWIK_USER_PATH = dataDir;
+ serviceConfig = {
+ Type = "oneshot";
+ User = user;
+ UMask = "0007";
+ CPUSchedulingPolicy = "idle";
+ IOSchedulingClass = "idle";
+ ExecStart = "${cfg.package}/bin/matomo-console core:archive --url=https://${user}.${fqdn}";
+ };
+ };
+
+ systemd.timers.matomo-archive-processing = mkIf cfg.periodicArchiveProcessing {
+ description = "Automatically archive Matomo reports every hour";
+
+ wantedBy = [ "timers.target" ];
+ timerConfig = {
+ OnCalendar = "hourly";
+ Persistent = "yes";
+ AccuracySec = "10m";
+ };
+ };
+
systemd.services.${phpExecutionUnit} = {
# stop phpfpm on package upgrade, do database upgrade via matomo_setup_update, and then restart
restartTriggers = [ cfg.package ];