scott-amgen/ansible-tasks.yaml

## ansible-tasks.yaml
---
- name: Pull matomo docker image
  community.docker.docker_image:
    name: "matomo:{{ matomo_ver }}"
    source: pull
    # Select platform for pulling. If not specified, will pull whatever docker prefers.
    pull:
      platform: amd64

- name: Download plugins
  delegate_to: localhost
  ansible.builtin.uri:
    url: "https://plugins.matomo.org/api/2.0/plugins/{{ item }}/download/latest?matomo={{ matomo_ver }}"
    dest: "{{ role_path }}/files/plugins/{{ item }}-{{ matomo_ver }}.zip"
    method: POST
    body_format: form-urlencoded
    body:
      - [ access_token, "{{ matomo_license }}" ]
    mode: u=rw,g=rw,o=rw
  with_items:
    - AbTesting
    - ActivityLog
    - AdvertisingConversionExport
    - Bandwidth
    - Cohorts
    - CustomAlerts
    - CustomReports
    - CustomVariables
    - DeviceNetworkInformation
    - DevicePixelRatio
    - ForceSSL
    - FormAnalytics
    - Funnels
    - GroupPermissions
    - HeatmapSessionRecording
    - InvalidateReports
    - LoginOIDC
    - MediaAnalytics
    - MultiChannelConversionAttribution
    - Provider
    - RollUpReporting
    - SEOWebVitals
    - TreemapVisualization
    - UsersFlow
    - WhiteLabel
    - WooCommerceAnalytics
  run_once: true

- name: Download RDS cert
  delegate_to: localhost
  ansible.builtin.get_url:
    url: "https://truststore.pki.rds.amazonaws.com/us-west-2/us-west-2-bundle.pem"
    dest: "{{ role_path }}/files/us-west-2-bundle.pem"
    mode: u=rw,g=r,o=r
  run_once: true

- name: Ensure working dir exist
  ansible.builtin.file:
    path: "/matomo"
    owner: www-data
    group: www-data
    state: directory

- name: Ensure config dir exist
  ansible.builtin.file:
    path: "/matomo/config"
    state: directory
    owner: www-data
    group: www-data

- name: Ensure plugins dir exist
  ansible.builtin.file:
    path: "/matomo/plugins"
    state: directory
    owner: www-data
    group: www-data

- name: Transfer plugin files
  ansible.builtin.unarchive:
    src: "plugins/{{ item }}-{{ matomo_ver }}.zip"
    dest: /matomo/plugins/
  with_items:
    - AbTesting
    - ActivityLog
    - AdvertisingConversionExport
    - Bandwidth
    - Cohorts
    - CustomAlerts
    - CustomReports
    - CustomVariables
    - DeviceNetworkInformation
    - DevicePixelRatio
    - ForceSSL
    - FormAnalytics
    - Funnels
    - GroupPermissions
    - HeatmapSessionRecording
    - InvalidateReports
    - LoginOIDC
    - MediaAnalytics
    - MultiChannelConversionAttribution
    - Provider
    - RollUpReporting
    - SEOWebVitals
    - TreemapVisualization
    - UsersFlow
    - WhiteLabel
    - WooCommerceAnalytics

- name: Transfer RDS cert
  ansible.builtin.copy:
    src: us-west-2-bundle.pem
    dest: /matomo/config/us-west-2-bundle.pem
    owner: www-data
    group: www-data
    mode: u=rw,g=r,o=r

- name: Transfer Matomo configs
  ansible.builtin.template:
    src: config.ini.php.j2
    dest: /matomo/config/config.ini.php
    owner: www-data
    group: www-data
    mode: u=rw,g=r,o=r

- name: Create matomo container
  community.docker.docker_container:
    name: matomo
    image: "matomo:{{ matomo_ver }}"
    volumes:
      - /matomo:/var/www/html
    state: started
    restart: yes
    ports:
      - 8080:80
    env:
      PHP_MEMORY_LIMIT: "{{ php_memory_limit }}"

## config.ini.php
[LoginOIDC]
disableSuperuser = 0
disablePasswordConfirmation = 1
disableDirectLoginUrl = 0
allowSignup = 1
bypassTwoFa = 0
autoLinking = 1
authenticationName = "Okta SSO"
authorizeUrl = "{{ okta_host }}/oauth2/v1/authorize"
tokenUrl = "{{ okta_host }}/oauth2/v1/token"
userinfoUrl = "{{ okta_host }}/oauth2/v1/userinfo"
; endSessionUrl = ""
userinfoId = "email"
clientId = "{{ okta_client_id }}"
clientSecret = "{{ okta_client_secret }}"
scope = "openid email"
; redirectUriOverride = ""
; allowedSignupDomains = ""
	---
	- name: Pull matomo docker image
	community.docker.docker_image:
	name: "matomo:{{ matomo_ver }}"
	source: pull
	# Select platform for pulling. If not specified, will pull whatever docker prefers.
	pull:
	platform: amd64

	- name: Download plugins
	delegate_to: localhost
	ansible.builtin.uri:
	url: "https://plugins.matomo.org/api/2.0/plugins/{{ item }}/download/latest?matomo={{ matomo_ver }}"
	dest: "{{ role_path }}/files/plugins/{{ item }}-{{ matomo_ver }}.zip"
	method: POST
	body_format: form-urlencoded
	body:
	- [ access_token, "{{ matomo_license }}" ]
	mode: u=rw,g=rw,o=rw
	with_items:
	- AbTesting
	- ActivityLog
	- AdvertisingConversionExport
	- Bandwidth
	- Cohorts
	- CustomAlerts
	- CustomReports
	- CustomVariables
	- DeviceNetworkInformation
	- DevicePixelRatio
	- ForceSSL
	- FormAnalytics
	- Funnels
	- GroupPermissions
	- HeatmapSessionRecording
	- InvalidateReports
	- LoginOIDC
	- MediaAnalytics
	- MultiChannelConversionAttribution
	- Provider
	- RollUpReporting
	- SEOWebVitals
	- TreemapVisualization
	- UsersFlow
	- WhiteLabel
	- WooCommerceAnalytics
	run_once: true

	- name: Download RDS cert
	delegate_to: localhost
	ansible.builtin.get_url:
	url: "https://truststore.pki.rds.amazonaws.com/us-west-2/us-west-2-bundle.pem"
	dest: "{{ role_path }}/files/us-west-2-bundle.pem"
	mode: u=rw,g=r,o=r
	run_once: true

	- name: Ensure working dir exist
	ansible.builtin.file:
	path: "/matomo"
	owner: www-data
	group: www-data
	state: directory

	- name: Ensure config dir exist
	ansible.builtin.file:
	path: "/matomo/config"
	state: directory
	owner: www-data
	group: www-data

	- name: Ensure plugins dir exist
	ansible.builtin.file:
	path: "/matomo/plugins"
	state: directory
	owner: www-data
	group: www-data

	- name: Transfer plugin files
	ansible.builtin.unarchive:
	src: "plugins/{{ item }}-{{ matomo_ver }}.zip"
	dest: /matomo/plugins/
	with_items:
	- AbTesting
	- ActivityLog
	- AdvertisingConversionExport
	- Bandwidth
	- Cohorts
	- CustomAlerts
	- CustomReports
	- CustomVariables
	- DeviceNetworkInformation
	- DevicePixelRatio
	- ForceSSL
	- FormAnalytics
	- Funnels
	- GroupPermissions
	- HeatmapSessionRecording
	- InvalidateReports
	- LoginOIDC
	- MediaAnalytics
	- MultiChannelConversionAttribution
	- Provider
	- RollUpReporting
	- SEOWebVitals
	- TreemapVisualization
	- UsersFlow
	- WhiteLabel
	- WooCommerceAnalytics

	- name: Transfer RDS cert
	ansible.builtin.copy:
	src: us-west-2-bundle.pem
	dest: /matomo/config/us-west-2-bundle.pem
	owner: www-data
	group: www-data
	mode: u=rw,g=r,o=r

	- name: Transfer Matomo configs
	ansible.builtin.template:
	src: config.ini.php.j2
	dest: /matomo/config/config.ini.php
	owner: www-data
	group: www-data
	mode: u=rw,g=r,o=r

	- name: Create matomo container
	community.docker.docker_container:
	name: matomo
	image: "matomo:{{ matomo_ver }}"
	volumes:
	- /matomo:/var/www/html
	state: started
	restart: yes
	ports:
	- 8080:80
	env:
	PHP_MEMORY_LIMIT: "{{ php_memory_limit }}"
	[LoginOIDC]
	disableSuperuser = 0
	disablePasswordConfirmation = 1
	disableDirectLoginUrl = 0
	allowSignup = 1
	bypassTwoFa = 0
	autoLinking = 1
	authenticationName = "Okta SSO"
	authorizeUrl = "{{ okta_host }}/oauth2/v1/authorize"
	tokenUrl = "{{ okta_host }}/oauth2/v1/token"
	userinfoUrl = "{{ okta_host }}/oauth2/v1/userinfo"
	; endSessionUrl = ""
	userinfoId = "email"
	clientId = "{{ okta_client_id }}"
	clientSecret = "{{ okta_client_secret }}"
	scope = "openid email"
	; redirectUriOverride = ""
	; allowedSignupDomains = ""