Our in-house service to track basic DTI usage over time
Find a file
Emi Matchu 8633124883 Oops, fix serving over IPv6 (and therefore HTTPS cert renewal!)
Oh wow, TIL you need a special invocation in nginx to listen on IPv6 as
well as IPv4. This was both presumably breaking clients trying to
connect over IPv6 (I guess we never ran into that in a browser?), but
also breaking certbot's certificate renewal attempts, because Let's
Encrypt prefers IPv6 when possible. Okay!
2024-02-13 08:38:53 -08:00
files Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00
ansible.cfg Replace run.sh with an equivalent ansible.cfg 2024-02-13 08:36:54 -08:00
inventory.cfg Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00
LICENSE Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00
README.md Replace run.sh with an equivalent ansible.cfg 2024-02-13 08:36:54 -08:00
setup-all.yml Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00
setup-nginx.yml Oops, fix serving over IPv6 (and therefore HTTPS cert renewal!) 2024-02-13 08:38:53 -08:00
setup-plausible.yml Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00
setup-security.yml Add our standard anti-OpenAI security rules 2024-01-14 06:42:07 -08:00
setup-users.yml Initial commit: our working deploy, and a README! 2024-01-14 06:41:11 -08:00

OpenNeo Analytics

This is the deployment code we use to set up and manage analytics.openneo.net, a self-hosted copy of Plausible! It's an analytics service that's unusually privacy-oriented, keeping as little data as possible to give us an impression of trends in usage and what features people do and don't use.

We like to use Ansible playbooks to keep track of how we set up our servers, here's how we've structured them! (We don't use very fancy Ansible features: these are all very basic commands, captured in script form for convenience!)

  • setup-users.yml: Sets up the user accounts for the system, with their SSH keys for login.
  • setup-security.yml: Sets up firewall rules and automatic system updates. (This is a standard playbook I use for all my servers!)
  • setup-nginx.yml: Sets up the nginx reverse-proxy to sit in front of Plausible, including certbot for auto-renewing SSL certificates.
  • setup-plausible.yml: Sets up the Plausible server itself, as a systemd service running Plausible's official Docker container.

You can run them individually, or all at once, with ansible-playbook:

ansible-playbook setup-all.yml

If you're interested in setting up your own Plausible service, this could be useful as a starting point, there's not much custom here! Just a couple things to note:

  • setup-users.yml contains my own username and my own SSH public keys—you'll want to replace those! (Public SSH keys aren't secret, don't worry, I'm fine!)
  • You'll need to create your own copy of files/plausible-conf.env, with your own random secret key. We've omitted ours from the repo for security reasons, but files/plausible-conf.example.env is similar!
  • We used the latest version of Plausible available at the time we deployed, but it's possible you're reading this later. It's worth checking out Plausible's own self-hosting instructions, and making sure your copy of files/docker-compose.yml references the latest versions.
  • This code is distributed under the GPLv3 license; see the LICENSE file for more details.

Hope this helps!