try plausible CE for web analytics

plausible/iac/backend.tf

@@ -0,0 +1,6 @@
+terraform {
+  backend "gcs" {
+    bucket = "arcodange-tf"
+    prefix = "tools/plausible/main"
+  }
+}

plausible/iac/main.tf

@@ -0,0 +1,30 @@
+module "app_roles" {
+  source = "git::ssh://git@192.168.1.202:2222/arcodange-org/tools.git//hashicorp-vault/iac/modules/app_roles?depth=1&ref=main"
+  name = "plausible"
+  service_account_namespaces = ["tools"]
+}
+
+# https://github.com/plausible/community-edition/wiki/configuration#database
+
+#SECRET_KEY_BASE (openssl rand -base64 48)
+#
+
+resource "random_password" "secret" {
+  for_each = toset(["48","32"])
+  length  = tonumber(each.value)
+  special = false
+}
+locals {
+  config = {
+    SECRET_KEY_BASE = base64encode(random_password.secret["48"].result)
+    TOTP_VAULT_KEY = base64encode(random_password.secret["32"].result)
+  }
+}
+
+resource "vault_kv_secret_v2" "config" {
+  mount                      = "kvv2"
+  name                       = "plausible/config"
+  cas                        = 1
+#   delete_all_versions        = true
+  data_json                  = jsonencode(local.config)
+}

plausible/iac/providers.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    vault = {
+      source  = "vault"
+      version = "4.4.0"
+    }
+  }
+}
+
+provider "vault" {
+  address = "https://vault.arcodange.duckdns.org"
+  auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
+    mount = "gitea_jwt"
+    role  = "gitea_cicd_plausible"
+  }
+}