Matomo
services.matomo.enable
Enable Matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.hostname
URL of the host, without https prefix. You may want to change it if you run Matomo on a different URL than matomo.yourdomain.
Type: string
Default
"matomo.${config.networking.fqdnOrHostName}"
Example
"matomo.yourdomain.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx
With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the {option}serverName is
${user}.${config.networking.hostName}.${config.networking.domain},
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or (submodule)
Default
null
Example
{serverAliases = ["matomo.${config.networking.domain}""stats.${config.networking.domain}"];enableACME = false;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default
"/var/lib/acme/acme-challenge"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default
{ }
Example
{user = "password";};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.basicAuthFile
Basic Auth password file for a vhost.
Can be created via: {command}htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.default
Makes this vhost the default.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through {option}useACMEHost.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS. This will set defaults for listen to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
Type: null or string
Default
null
Example
"newserver.example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses.
Type: list of (submodule)
Default
[ ]
Example
[{addr = "195.154.1.1";port = 443;ssl = true;}{addr = "192.154.1.1";port = 80;}{addr = "unix:/var/run/nginx.sock";}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen.*.addr
Listen address.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default
[ ]
Example
["backlog=1024""deferred"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default
[ ]
Example
["127.0.0.1""[::1]"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default
{ }
Example
{"/" = {proxyPass = "http://localhost:3000";};};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default
null
Example
"/your/alias/directory"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default
{ }
Example
{user = "password";};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost.
Can be created via: {command}htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default
null
Example
"index.php index.html"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default
1000
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default
null
Example
"http://www.example.org/"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default
config.services.nginx.recommendedProxySettings
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default
null
Example
"301 http://example.com$request_uri"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default
null
Example
"/your/root/directory"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default
null
Example
"$uri =404"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.redirectCode
HTTP status used by globalRedirect and forceSSL. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default
301
Example
308
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.root
The path of the web root directory.
Type: null or path
Default
null
Example
"/data/webserver/docs"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default
[ ]
Example
["www.example.org""example.org"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default
null
Example
"example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example
"/var/host.cert"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example
"/var/host.key"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default
null
Example
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through {option}enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.package
The matomo package to use.
Type: package
Default
pkgs.matomo
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.periodicArchiveProcessing
Enable periodic archive processing, which generates aggregated reports from the visits.
This means that you can safely disable browser triggers for Matomo archiving,
and safely enable to delete old visitor logs.
Before deleting visitor logs,
make sure though that you run systemctl start matomo-archive-processing.service
at least once without errors if you have already collected data before.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix
services.matomo.webServerUser
Name of the web server user that forwards requests to {option}services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to index.php, matomo.php and piwik.php (legacy name) to this socket.
Type: null or string
Default
null
Example
"lighttpd"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/matomo.nix