add plausible

.github/workflows/plausible.yml

@@ -0,0 +1,56 @@
+name: deploy-plausible
+
+on:
+  push:
+    paths:
+      - '.github/workflows/plausible.yml'
+      - 'plausible/**'
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: Plausible
+      url: https://pa.aosus.org
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Tailscale
+        uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd
+        with:
+          oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TAILSCALE_SECRET }}
+          tags: tag:deploy-ci
+          hostname: Github-actions
+          version: ${{ vars.TAILSCALE_VERSION }}
+
+      - name: Add secrets to compose
+        env:
+          SECRET_KEY_BASE: ${{ secrets.plausible_secret_key_base }}
+          SMTP_USER_PWD: ${{ secrets.plausible_smtp_user_pwd }}
+          GOOGLE_CLIENT_ID: ${{ secrets.plausible_google_client_id }}
+          GOOGLE_CLIENT_SECRET: ${{ secrets.plausible_google_client_secret }}
+          POSTGRES_PASSWORD: ${{ secrets.plausible_postgres_password }}
+          MAXMIND_LICENSE_KEY: ${{ secrets.plausible_maxmind_license_key }}
+        run: |
+          sed -i "s|(plausible_secret_key_base)|$SECRET_KEY_BASE|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+          sed -i "s|(plausible_smtp_user_pwd)|$SMTP_USER_PWD|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+          sed -i "s|(plausible_google_client_id)|$GOOGLE_CLIENT_ID|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+          sed -i "s|(plausible_google_client_secret)|$GOOGLE_CLIENT_SECRET|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+          sed -i "s|(plausible_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+          sed -i "s|(plausible_maxmind_license_key)|$MAXMIND_LICENSE_KEY|g" $GITHUB_WORKSPACE/plausible/docker-compose.yml
+
+      - name: Start Deployment
+        uses: FarisZR/[email protected]
+        with:
+          remote_docker_host: ${{ secrets.server_address }}
+          tailscale_ssh: true # no need for manual private and public keys
+          compose_file_path: plausible/docker-compose.yml
+          args: -p plausible up -d --remove-orphans
+          upload_directory: true
+          docker_compose_directory: plausible

caddy/configs/plausible.caddyfile

@@ -0,0 +1,18 @@
+pa.aosus.org {
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+	handle_errors {
+		# handle_errors is only triggerd on erros from Caddy and not the proxy, that's why we don't specifiy any errors here.
+		rewrite * /proxy_error_page.html
+		file_server {
+			root /srv/
+		}
+	}
+	rewrite /js/pls.js /js/plausible.js
+	rewrite /js/pls2.js /js/plausible.hash.js
+	rewrite /js/pls3.js /js/plausible.outbound-links.js
+	rewrite /js/pls4.js /js/plausible.hash.outbound-links.js
+	reverse_proxy plausible:8000
+	encode zstd gzip
+}

plausible/clickhouse-config.xml

@@ -0,0 +1,15 @@
+<yandex>
+    <logger>
+        <level>warning</level>
+        <console>true</console>
+    </logger>
+
+    <!-- Stop all the unnecessary logging -->
+    <query_thread_log remove="remove"/>
+    <query_log remove="remove"/>
+    <text_log remove="remove"/>
+    <trace_log remove="remove"/>
+    <metric_log remove="remove"/>
+    <asynchronous_metric_log remove="remove"/>
+    <listen_host>0.0.0.0</listen_host>
+</yandex>

plausible/clickhouse-user-config.xml

@@ -0,0 +1,8 @@
+<yandex>
+    <profiles>
+        <default>
+            <log_queries>0</log_queries>
+            <log_query_threads>0</log_query_threads>
+        </default>
+    </profiles>
+</yandex>

plausible/docker-compose.yml

@@ -0,0 +1,70 @@
+networks: 
+  default:
+    enable_ipv6: true
+  web:
+    external: true
+
+services:
+  plausible_db:
+    restart: unless-stopped
+    image: postgres:12.17-alpine@sha256:9b8cddafe10e9b94ea858c34c4febe02d139fb7324064a42d3465af87f1d49ed
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD="(plausible_postgres_password)"
+
+  plausible_events_db:
+    restart: unless-stopped
+    image: clickhouse/clickhouse-server:22.12-alpine@sha256:c2abc9bd093328270bb3d0b259ec3b8871306fb6084359d42859ebee433ef0d9
+    volumes:
+      - event-data:/var/lib/clickhouse
+    configs:
+      - source: clickhouse-config
+        target: /etc/clickhouse-server/config.d/logging.xml
+      - source: clickhouse-user-config
+        target: /etc/clickhouse-server/users.d/logging.xml
+    ulimits:
+      nofile:
+        soft: 262144
+        hard: 262144
+
+  plausible:
+    restart: unless-stopped
+    image: plausible/analytics:v2.0.0@sha256:cd5f75e1399073669b13b4151cc603332a825324d0b8f13dfc9de9112a3c68a1
+    container_name: plausible
+    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
+    expose:
+      - 8000
+    depends_on:
+      - plausible_db
+      - plausible_events_db
+    # ports:
+      # - 8004:8000
+    environment:
+      - BASE_URL=https://pa.aosus.org
+      - DISALBLE_REGISTRATION=true
+      - [email protected]
+      - SMTP_HOST_ADDR=smtp.eu.mailgun.org
+      - SMTP_HOST_PORT=587
+      - [email protected]
+      - SECRET_KEY_BASE="(plausible_secret_key_base)"
+      - SMTP_USER_PWD="(plausible_smtp_user_pwd)"
+      - GOOGLE_CLIENT_ID="(plausible_google_client_id)"
+      - GOOGLE_CLIENT_SECRET="(plausible_google_client_secret)"
+      - MAXMIND_LICENSE_KEY="(plausible_maxmind_license_key)"
+      - MAXMIND_EDITION=GeoLite2-City
+    networks:
+      default:
+      web:
+
+volumes:
+  geoip:
+    driver: local
+  postgres:
+  event-data:
+
+configs:
+  clickhouse-config:
+    file: /home/aosus/plausible/clickhouse-config.xml
+  clickhouse-user-config:
+    file: /home/aosus/plausible/clickhouse-user-config.xml