feat(analytics): replace custom pipeline with Matomo

Removes the hand-rolled analytics endpoint and SQLite event table in favour of Matomo — a self-hosted, full-featured analytics platform. k8s: - Deploy MariaDB 11 + Bitnami Matomo 5 in the solitaire namespace - Route analytics.aleshym.co ingress to the Matomo service - Remove Datasette sidecar and its BasicAuth middleware/secret - Remove the analytics port from the solitaire-server Service Rust: - Replace AnalyticsClient (custom HTTP endpoint) with MatomoClient (Matomo HTTP Tracking API bulk endpoint); maps game events to Matomo categories - Add matomo_url + matomo_site_id fields to Settings (serde default → None/1) - Privacy toggle in Settings now activates when matomo_url is set (not tied to SyncBackend::SolitaireServer) - Remove POST /api/analytics route from solitaire_server Web: - Add Matomo JS tracking snippet to game.html (/play page) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 21:10:15 -07:00
parent f6506c57e5
commit 539779d78b
20 changed files with 390 additions and 352 deletions
@@ -19,47 +19,6 @@ spec:
      imagePullSecrets:
        - name: gitea-registry
      containers:
-        - name: analytics
-          image: datasetteproject/datasette:0.65.1
-          args:
-            - serve
-            - /data/sol.db
-            - --host
-            - "0.0.0.0"
-            - --port
-            - "8001"
-            - --readonly
-            - --setting
-            - sql_time_limit_ms
-            - "5000"
-            - --setting
-            - max_returned_rows
-            - "1000"
-          ports:
-            - containerPort: 8001
-          volumeMounts:
-            - name: db-data
-              mountPath: /data
-              readOnly: true
-          livenessProbe:
-            httpGet:
-              path: /-/alive
-              port: 8001
-            initialDelaySeconds: 10
-            periodSeconds: 30
-          readinessProbe:
-            httpGet:
-              path: /-/alive
-              port: 8001
-            initialDelaySeconds: 5
-            periodSeconds: 10
-          resources:
-            requests:
-              cpu: 25m
-              memory: 48Mi
-            limits:
-              cpu: 200m
-              memory: 128Mi
        - name: server
          image: solitaire-server
          imagePullPolicy: Always
@@ -6,7 +6,6 @@ metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.middlewares: solitaire-analytics-auth@kubernetescrd
 spec:
  ingressClassName: traefik
  rules:
@@ -17,9 +16,9 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: solitaire-server
+                name: matomo
                port:
-                  name: analytics
+                  name: http
  tls:
    - hosts:
        - analytics.aleshym.co
@@ -7,8 +7,13 @@ resources:
 - deployment.yaml
 - service.yaml
 - ingress.yaml
- middleware-analytics-auth.yaml
- secret-analytics-auth.yaml
+- mariadb-pvc.yaml
+- mariadb-deployment.yaml
+- mariadb-service.yaml
+- matomo-pvc.yaml
+- matomo-secret.yaml
+- matomo-deployment.yaml
+- matomo-service.yaml
 - ingress-analytics.yaml

 # CI updates this block automatically via `kustomize edit set image`.
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb
+  namespace: solitaire
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mariadb
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mariadb
+    spec:
+      containers:
+        - name: mariadb
+          image: mariadb:11
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_ROOT_PASSWORD
+            - name: MYSQL_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_DATABASE
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_USER
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_PASSWORD
+          ports:
+            - containerPort: 3306
+          volumeMounts:
+            - name: mariadb-data
+              mountPath: /var/lib/mysql
+          livenessProbe:
+            exec:
+              command:
+                - healthcheck.sh
+                - --connect
+                - --innodb_initialized
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          readinessProbe:
+            exec:
+              command:
+                - healthcheck.sh
+                - --connect
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+      volumes:
+        - name: mariadb-data
+          persistentVolumeClaim:
+            claimName: mariadb-data
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-data
+  namespace: solitaire
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+  namespace: solitaire
+spec:
+  selector:
+    app: mariadb
+  ports:
+    - name: mysql
+      port: 3306
+      targetPort: 3306
+  clusterIP: None
@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: matomo
+  namespace: solitaire
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: matomo
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: matomo
+    spec:
+      containers:
+        - name: matomo
+          image: bitnami/matomo:5
+          env:
+            - name: MATOMO_DATABASE_HOST
+              value: mariadb
+            - name: MATOMO_DATABASE_PORT_NUMBER
+              value: "3306"
+            - name: MATOMO_DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_DATABASE
+            - name: MATOMO_DATABASE_USER
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_USER
+            - name: MATOMO_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MYSQL_PASSWORD
+            - name: MATOMO_USERNAME
+              value: admin
+            - name: MATOMO_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: matomo-secret
+                  key: MATOMO_ADMIN_PASSWORD
+            - name: MATOMO_EMAIL
+              value: funman300@gmail.com
+            - name: MATOMO_WEBSITE_NAME
+              value: "Solitaire Quest"
+            - name: MATOMO_WEBSITE_HOST
+              value: "https://klondike.aleshym.co"
+            - name: MATOMO_HOST
+              value: analytics.aleshym.co
+            - name: MATOMO_ENABLE_PROXY_URI_HEADER
+              value: "yes"
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: matomo-data
+              mountPath: /bitnami/matomo
+          livenessProbe:
+            httpGet:
+              path: /index.php
+              port: 8080
+            initialDelaySeconds: 60
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /index.php
+              port: 8080
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+      volumes:
+        - name: matomo-data
+          persistentVolumeClaim:
+            claimName: matomo-data
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: matomo-data
+  namespace: solitaire
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: matomo
+  namespace: solitaire
+spec:
+  selector:
+    app: matomo
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
@@ -1,8 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: analytics-auth
-  namespace: solitaire
-spec:
-  basicAuth:
-    secret: analytics-auth-secret
@@ -10,6 +10,3 @@ spec:
    - name: http
      port: 80
      targetPort: 8080
-    - name: analytics
-      port: 8001
-      targetPort: 8001