# Class: piwik

class wmdeit_piwik(
  $source = "https://builds.matomo.org/piwik.zip",
  $domain,
  $localnginx = true,
  $localsql = true,
  $piwikdbuser = "piwik",
  $piwikdbpassword = "piwik",
) inherits wmdeit_piwik::params {

  if $localnginx {
    $fpm_listen = "/tmp/fpm"
    $fpm_type ="unix:"
  }

  service { "$phpfpm_service":
    ensure    => running,
    require   => Package[$packages],
    subscribe => [Package[$packages],File[$phpfpm_cfg]]
  }

  file{"$phpfpm_cfg":
    ensure  => present,
    content => template ("wmdeit_piwik/php-fpm.conf.erb"),
  }

  package { $packages:
    ensure  => installed,
    require => File["$wwwdir"]
  }

  file { "$wwwdir":
    ensure => directory,
  }

  file { "$sourcezip":
    source => $source,
    ensure => 'present'
  }

  exec {"unzip":
    command => "$unzipcmd -q $sourcezip && chown -R $wwwuser $wwwdir/piwik",
    cwd     => "$wwwdir",
    require => [
      Package[$packages],
      File[$sourcezip],
      File[$wwwdir],
    ],
    creates => "$wwwdir/piwik",
  }

  if $localnginx {
    class {"nginx":
      worker_connections => 4096,
      multi_accept       => 'on',
      events_use         => "$eventmech",
      server_tokens      => 'off',
      fastcgi_cache_path => "/var/cache/nginx",
    }

    nginx::resource::server { "${domain}_http":
      listen_port        => 80,
      ensure             => present,
      access_log         => "off",
      error_log          => "off",
      server_name        => ["$domain"],
      server_cfg_append  => {
        "return" => '301 https://$server_name$request_uri'
      }
    }

    nginx::resource::server { "$domain":
      listen_port        => 443,
      ensure             => present,
      www_root           => "$wwwdir/piwik",
      access_log         => "off",
      error_log          => "off",
      ssl_cert           => "$ssldir/certs/wikimedia.de.chained.pem",
      ssl_key            => "$ssldir/private/wikimedia.de.key",
      ssl                => true,
      server_cfg_append  => {
        "ssl_session_cache"    => "shared:SSL:10m",
        # " ssl_session_timeout" => "10m;"
      }
      #include => ["/usr/local/etc/nginx/apps/piwik/piwik.conf"],
    }

    file {"$cache_dir":
      ensure => "directory",
      owner  => "$wwwuser"
    }

    nginx::resource::location { "${domain}_x2":
      ensure                 => present,
      server                 => "$domain",
      ssl                    => true,
      ssl_only               => true,
      www_root               => "$wwwdir/piwik/",
      location               => '~* ^.+\.(?:css|gif|html?|jpe?g|js|png|swf)$',
      location_cfg_append    => {
        open_file_cache            => "max=500 inactive=120s",
        open_file_cache_valid      =>"45s",
        open_file_cache_min_uses   => "2",
        open_file_cache_errors     => "off",
      },
      expires                => "max",
    }

    nginx::resource::location { "${domain}_root":
      ensure          => present,
      server          => "$domain",
      ssl             => true,
      ssl_only        => true,
      www_root        => "$wwwdir/piwik/",
      location        => '~ \.php$',
      index_files     => ['index.php', 'index.html', 'index.htm'],
      proxy           => undef,
      fastcgi         => "$fpm_type$fpm_listen",
      fastcgi_script  => undef,
      # location_cfg_append => {
      #   fastcgi_connect_timeout => '3m',
      #   fastcgi_read_timeout    => '3m',
      #   fastcgi_send_timeout    => '3m',
      #   fastcgi_cache_valid     => "404 1m",
      #   fastcgi_cache_valid     => "200 301 5m",
      #
      # }
    }
  }

  if $localsql {
    class {"mysql::server":
      override_options => {
        mysqld => {
          'innodb_buffer_pool_size' => '2147483648'
        }
      }
    }

    mysql::db { 'piwikdb':
      user     => "$piwikdbuser",
      password => "$piwikdbpassword",
      host     => 'localhost',
      grant    => ['ALL'],
    }
  }
}