113 lines
3.1 KiB
YAML
113 lines
3.1 KiB
YAML
---
|
|
|
|
# Name of this instance
|
|
instance: plausible
|
|
|
|
plausible:
|
|
|
|
# Consul settings
|
|
consul:
|
|
connect:
|
|
# COnnect to postgres and smtp through the mesh
|
|
upstreams:
|
|
- destination_name: postgres[[ .consul.suffix ]]
|
|
local_bind_port: 5432
|
|
- destination_name: '[[ .mail.smtp_service_name ]]'
|
|
local_bind_port: 25
|
|
|
|
wait_for:
|
|
- service: primary.postgres[[ .consul.suffix ]]
|
|
|
|
# Vault settings
|
|
vault:
|
|
# We need a secret key and a totp vault with exact length, so use custom commands
|
|
rand_secrets:
|
|
- fields:
|
|
- secret_key_base
|
|
cmd: openssl rand -base64 48
|
|
- fields:
|
|
- totp_vault_key
|
|
cmd: openssl rand -base64 32
|
|
|
|
# Public URL where plausible is exposed
|
|
public_url: https://plausible.example.org
|
|
|
|
# Plausible server settings
|
|
server:
|
|
# Version of plausible to deploy
|
|
version: 3.0.1
|
|
|
|
# Docker image to use
|
|
image: '[[ .docker.repo ]]plausible:[[ .plausible.server.version ]]-1'
|
|
|
|
# Env vars to set in the container
|
|
env:
|
|
BASE_URL: '[[ .plausible.public_url ]]'
|
|
MAILER_EMAIL: '[[ .instance ]]@[[ .consul.domain ]]'
|
|
SMTP_HOST_ADDR: 127.0.0.1
|
|
SMTP_HOST_PORT: 25
|
|
SECRET_KEY_BASE: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.secret_key_base }}{{ end }}'
|
|
TOTP_VAULT_KEY: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.totp_vault_key }}{{ end }}'
|
|
DISABLE_REGISTRATION: invite_only
|
|
ENABLE_EMAIL_VERIFICATION: true
|
|
LOG_FAILED_LOGIN_ATTEMPTS: true
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 300
|
|
memory: 512
|
|
memory_max: 768
|
|
|
|
# Traefik settings
|
|
# Use an explicit priority to ensure the events are handled first
|
|
traefik:
|
|
priority: 50
|
|
|
|
# Events (clients facing parts) are handled in a separated router so you can apply different middlewares
|
|
events:
|
|
traefik:
|
|
rule: Host(`[[ (urlParse .plausible.public_url).Hostname ]]`) && (Path(`/api/event`) && Method(`POST`) || Path(`/js/script.js`) && Method(`GET`))
|
|
router: events
|
|
csp: false
|
|
priority: 100
|
|
middlewares:
|
|
cors:
|
|
- headers.accesscontrolalloworiginlist=*
|
|
|
|
# Clickhouse settings
|
|
clickhouse:
|
|
|
|
# Clickhouse version to use
|
|
version: 24.12
|
|
|
|
# Docker image to use
|
|
image: '[[ .docker.repo ]]clickhouse:[[ .plausible.clickhouse.version ]]-1'
|
|
|
|
# Env vars to set in the container
|
|
env: {}
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 500
|
|
memory: 1024
|
|
|
|
# VOlumes for data persistence
|
|
volumes:
|
|
clickhouse:
|
|
source: '[[ .instance ]]-clickhouse'
|
|
type: csi
|
|
destination: /var/lib/clickhouse
|
|
owner: 101
|
|
group: 101
|
|
|
|
# Proxmox Backup settings
|
|
proxmox_backup:
|
|
user: 101:101
|
|
# We use a custom Docker image to have a clickhouse-client available
|
|
image: '[[ .docker.repo ]]plausible-proxmox-backup:[[ .docker.base_images.pbc.image | regexp.Replace "^.*:" "" ]]'
|
|
postgres: true
|
|
hooks:
|
|
plausible:
|
|
type: template
|
|
source: plausible/proxmox-backup.sh
|