From 3ea8703a941bb73aed56495874e9da7caf543d36 Mon Sep 17 00:00:00 2001 From: Till JS Date: Tue, 26 May 2026 14:56:34 +0200 Subject: [PATCH] chore(analytics): Umami aus i18n, CSP, website-blocks-Feature, infra (Welle D) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit i18n×5 (settings-footnote → 'kein Web-Analytics'), security-headers CSP (stats.mana.how raus, GlitchTip bleibt), website-blocks (Provider-Enum 'umami' raus, plausible bleibt; Analytics/Inspector/Test), privacy-faq DE/EN, infra gpu-box .env/compose/README. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/mana/apps/web/src/lib/i18n/locales/settings/de.json | 2 +- apps/mana/apps/web/src/lib/i18n/locales/settings/en.json | 2 +- apps/mana/apps/web/src/lib/i18n/locales/settings/es.json | 2 +- apps/mana/apps/web/src/lib/i18n/locales/settings/fr.json | 2 +- apps/mana/apps/web/src/lib/i18n/locales/settings/it.json | 2 +- infrastructure/.env.gpu-box.example | 7 +------ infrastructure/README.md | 2 -- infrastructure/docker-compose.gpu-box.yml | 4 ++-- packages/help/src/privacy-faq.ts | 4 ++-- packages/shared-utils/src/security-headers.ts | 8 ++++---- packages/website-blocks/src/analytics/Analytics.svelte | 7 ------- .../src/analytics/AnalyticsInspector.svelte | 3 +-- packages/website-blocks/src/analytics/schema.ts | 7 +++---- packages/website-blocks/src/schemas.test.ts | 4 ++-- 14 files changed, 20 insertions(+), 36 deletions(-) diff --git a/apps/mana/apps/web/src/lib/i18n/locales/settings/de.json b/apps/mana/apps/web/src/lib/i18n/locales/settings/de.json index c723ca595..5c4e7918c 100644 --- a/apps/mana/apps/web/src/lib/i18n/locales/settings/de.json +++ b/apps/mana/apps/web/src/lib/i18n/locales/settings/de.json @@ -320,7 +320,7 @@ "total_entities": "Gesamt-Entitäten", "total_entities_desc": "Datensätze über alle Apps hinweg", "projects_with_data": "Projekte mit Daten", - "footnote_pre": "Keine Tracking-Cookies — anonyme Analyse via Umami. Details in der ", + "footnote_pre": "Keine Tracking-Cookies — kein Web-Analytics. Details in der ", "footnote_link": "Datenschutzerklärung", "footnote_post": ".", "auth_title": "Authentifizierung", diff --git a/apps/mana/apps/web/src/lib/i18n/locales/settings/en.json b/apps/mana/apps/web/src/lib/i18n/locales/settings/en.json index 3b9edf40f..fa0d30258 100644 --- a/apps/mana/apps/web/src/lib/i18n/locales/settings/en.json +++ b/apps/mana/apps/web/src/lib/i18n/locales/settings/en.json @@ -320,7 +320,7 @@ "total_entities": "Total entities", "total_entities_desc": "Records across all apps", "projects_with_data": "Projects with data", - "footnote_pre": "No tracking cookies — anonymous analytics via Umami. Details in the ", + "footnote_pre": "No tracking cookies — no web analytics. Details in the ", "footnote_link": "privacy policy", "footnote_post": ".", "auth_title": "Authentication", diff --git a/apps/mana/apps/web/src/lib/i18n/locales/settings/es.json b/apps/mana/apps/web/src/lib/i18n/locales/settings/es.json index cff9905d9..a1220c20f 100644 --- a/apps/mana/apps/web/src/lib/i18n/locales/settings/es.json +++ b/apps/mana/apps/web/src/lib/i18n/locales/settings/es.json @@ -320,7 +320,7 @@ "total_entities": "Entidades totales", "total_entities_desc": "Registros en todas las apps", "projects_with_data": "Proyectos con datos", - "footnote_pre": "Sin cookies de seguimiento — analítica anónima vía Umami. Detalles en la ", + "footnote_pre": "Sin cookies de seguimiento — sin analítica web. Detalles en la ", "footnote_link": "política de privacidad", "footnote_post": ".", "auth_title": "Autenticación", diff --git a/apps/mana/apps/web/src/lib/i18n/locales/settings/fr.json b/apps/mana/apps/web/src/lib/i18n/locales/settings/fr.json index ef3a48670..54d559a33 100644 --- a/apps/mana/apps/web/src/lib/i18n/locales/settings/fr.json +++ b/apps/mana/apps/web/src/lib/i18n/locales/settings/fr.json @@ -320,7 +320,7 @@ "total_entities": "Entités totales", "total_entities_desc": "Enregistrements toutes apps confondues", "projects_with_data": "Projets avec données", - "footnote_pre": "Pas de cookies de suivi — analyse anonyme via Umami. Détails dans la ", + "footnote_pre": "Pas de cookies de suivi — pas d.analyse web. Détails dans la ", "footnote_link": "politique de confidentialité", "footnote_post": ".", "auth_title": "Authentification", diff --git a/apps/mana/apps/web/src/lib/i18n/locales/settings/it.json b/apps/mana/apps/web/src/lib/i18n/locales/settings/it.json index 86d47fe3e..7ee61c9fa 100644 --- a/apps/mana/apps/web/src/lib/i18n/locales/settings/it.json +++ b/apps/mana/apps/web/src/lib/i18n/locales/settings/it.json @@ -320,7 +320,7 @@ "total_entities": "Entità totali", "total_entities_desc": "Record su tutte le app", "projects_with_data": "Progetti con dati", - "footnote_pre": "Niente cookie di tracciamento — analitica anonima tramite Umami. Dettagli nell'", + "footnote_pre": "Niente cookie di tracciamento — nessuna analisi web. Dettagli nell'", "footnote_link": "informativa sulla privacy", "footnote_post": ".", "auth_title": "Autenticazione", diff --git a/infrastructure/.env.gpu-box.example b/infrastructure/.env.gpu-box.example index 2a2185c3d..252922108 100644 --- a/infrastructure/.env.gpu-box.example +++ b/infrastructure/.env.gpu-box.example @@ -5,17 +5,12 @@ # ─── Postgres-Credentials ──────────────────────────────────── # Mini-Postgres-Passwort (gleiches wie .env.macmini POSTGRES_PASSWORD) -# Wird von Forgejo + Umami genutzt, die ihren DB-Host auf 192.168.178.131:5432 zeigen. +# Wird von Forgejo genutzt, die ihren DB-Host auf 192.168.178.131:5432 zeigen. POSTGRES_PASSWORD= # ─── Grafana ───────────────────────────────────────────────── GF_ADMIN_PASSWORD= -# ─── Umami ─────────────────────────────────────────────────── -# Identisch mit dem Wert auf dem Mini halten, sonst werden Sessions invalidiert. -# Hexlich aus `openssl rand -base64 32`. -UMAMI_APP_SECRET= - # ─── Telegram-Notifier (alert-notifier) ────────────────────── TELEGRAM_BOT_TOKEN= TELEGRAM_CHAT_ID= diff --git a/infrastructure/README.md b/infrastructure/README.md index f022cf90c..af999fcd4 100644 --- a/infrastructure/README.md +++ b/infrastructure/README.md @@ -14,7 +14,6 @@ Hilfsdienste vom Mini abgegeben — siehe [`docs/PLAN_OPTION_C.md`](../docs/PLAN |---|---|---| | `grafana` | `:8000` → `grafana.mana.how` | Dashboards (Phase 2a) | | `forgejo` | `:3041` → `git.mana.how` | Git-Mirror (Phase 2b) | -| `umami` | `:8010` → `stats.mana.how` | Web-Analytics (Phase 2b) | | `victoriametrics` | `:9090` (intern) | Metrics-Store (Phase 2c) | | `loki` | `:3100` (intern) | Log-Store (Phase 2c) | | `pushgateway`, `blackbox-exporter`, `vmalert`, `alertmanager`, `alert-notifier` | (intern) | Metrics + Alerting (Phase 2c) | @@ -78,7 +77,6 @@ Aktive Public-Hostnames (Stand 2026-05-07, config v28): | `gpu-ollama.mana.how` | `:11434` | Ollama API | | `grafana.mana.how` | `:8000` | Phase 2a | | `git.mana.how` | `:3041` | Forgejo (Phase 2b) | -| `stats.mana.how` | `:8010` | Umami (Phase 2b) | | `glitchtip.mana.how` | `:8020` | Glitchtip (Phase 2d) | | `status.mana.how` | `:8090` | Status-Page (Phase 2e) | | `photon.mana.how` | `:2322` | Photon Geocoder (cross-LAN-Workaround für mana-geocoding's Probe + privacy-local Provider) | diff --git a/infrastructure/docker-compose.gpu-box.yml b/infrastructure/docker-compose.gpu-box.yml index 9a5a3d1de..6f1c4b410 100644 --- a/infrastructure/docker-compose.gpu-box.yml +++ b/infrastructure/docker-compose.gpu-box.yml @@ -3,7 +3,7 @@ # Production-Hot-Path bleibt unverändert auf dem Mini. # # Architektur: -# - Apps hier (Grafana, Forgejo, Umami, Glitchtip-future) lesen Postgres +# - Apps hier (Grafana, Forgejo, Glitchtip-future) lesen Postgres # auf 192.168.178.131:5432 als SoT. # - VictoriaMetrics scrapt Mac-Mini-Services via 192.168.178.131: # (siehe monitoring/prometheus/prometheus.yml) und GPU-Box-eigene @@ -40,7 +40,7 @@ services: retries: 3 # ============================================ - # Phase 2b — Forgejo + Umami + # Phase 2b — Forgejo # ============================================ forgejo: image: codeberg.org/forgejo/forgejo:11 diff --git a/packages/help/src/privacy-faq.ts b/packages/help/src/privacy-faq.ts index 3c7a6183a..8b5f813d4 100644 --- a/packages/help/src/privacy-faq.ts +++ b/packages/help/src/privacy-faq.ts @@ -69,8 +69,8 @@ export function getPrivacyFAQs(locale: string, options: PrivacyFAQOptions): FAQI ? 'Wie unabhängig ist Mana von großen Tech-Konzernen?' : 'How independent is Mana from big tech companies?', answer: isDE - ? '

Mana ist bewusst technologisch unabhängig aufgebaut:

  • Eigene Server: Alle Dienste laufen auf einem eigenen Mac Mini Server — kein AWS, kein Google Cloud, kein Azure
  • Eigene KI: Lokale KI-Modelle (Gemma, Qwen, LLaVA) laufen auf unserem eigenen GPU-Server mit NVIDIA RTX 3090 — deine Daten verlassen nie unsere Infrastruktur
  • Keine Google/Apple-Anmeldung: Eigenes Auth-System (Mana Core Auth) — kein OAuth über Drittanbieter, keine Tracking-Cookies von Google oder Facebook
  • Eigene Suche: SearXNG Meta-Suchmaschine statt Google Search API
  • Eigener Speicher: MinIO (S3-kompatibel) statt AWS S3 oder Google Cloud Storage
  • Eigene Datenbank: PostgreSQL auf eigenem Server statt Cloud-Datenbanken
  • Keine Tracking-SDKs: Kein Google Analytics, kein Facebook Pixel, kein Amplitude — eigene Analytics mit Umami

Das Ziel: Ein digitales Zuhause, das dir gehört — nicht Big Tech.

' - : '

Mana is deliberately built to be technologically independent:

  • Own servers: All services run on a dedicated Mac Mini server — no AWS, no Google Cloud, no Azure
  • Own AI: Local AI models (Gemma, Qwen, LLaVA) run on our own GPU server with NVIDIA RTX 3090 — your data never leaves our infrastructure
  • No Google/Apple login: Own auth system (Mana Core Auth) — no OAuth via third parties, no tracking cookies from Google or Facebook
  • Own search: SearXNG meta-search engine instead of Google Search API
  • Own storage: MinIO (S3-compatible) instead of AWS S3 or Google Cloud Storage
  • Own database: PostgreSQL on own server instead of cloud databases
  • No tracking SDKs: No Google Analytics, no Facebook Pixel, no Amplitude — own analytics with Umami

The goal: A digital home that belongs to you — not big tech.

', + ? '

Mana ist bewusst technologisch unabhängig aufgebaut:

  • Eigene Server: Alle Dienste laufen auf einem eigenen Mac Mini Server — kein AWS, kein Google Cloud, kein Azure
  • Eigene KI: Lokale KI-Modelle (Gemma, Qwen, LLaVA) laufen auf unserem eigenen GPU-Server mit NVIDIA RTX 3090 — deine Daten verlassen nie unsere Infrastruktur
  • Keine Google/Apple-Anmeldung: Eigenes Auth-System (Mana Core Auth) — kein OAuth über Drittanbieter, keine Tracking-Cookies von Google oder Facebook
  • Eigene Suche: SearXNG Meta-Suchmaschine statt Google Search API
  • Eigener Speicher: MinIO (S3-kompatibel) statt AWS S3 oder Google Cloud Storage
  • Eigene Datenbank: PostgreSQL auf eigenem Server statt Cloud-Datenbanken
  • Keine Tracking-SDKs: Kein Google Analytics, kein Facebook Pixel, kein Amplitude — und gar kein Web-Analytics

Das Ziel: Ein digitales Zuhause, das dir gehört — nicht Big Tech.

' + : '

Mana is deliberately built to be technologically independent:

  • Own servers: All services run on a dedicated Mac Mini server — no AWS, no Google Cloud, no Azure
  • Own AI: Local AI models (Gemma, Qwen, LLaVA) run on our own GPU server with NVIDIA RTX 3090 — your data never leaves our infrastructure
  • No Google/Apple login: Own auth system (Mana Core Auth) — no OAuth via third parties, no tracking cookies from Google or Facebook
  • Own search: SearXNG meta-search engine instead of Google Search API
  • Own storage: MinIO (S3-compatible) instead of AWS S3 or Google Cloud Storage
  • Own database: PostgreSQL on own server instead of cloud databases
  • No tracking SDKs: No Google Analytics, no Facebook Pixel, no Amplitude — and no web analytics at all

The goal: A digital home that belongs to you — not big tech.

', category: 'privacy', order: 96, language: isDE ? 'de' : 'en', diff --git a/packages/shared-utils/src/security-headers.ts b/packages/shared-utils/src/security-headers.ts index 5b2f35e93..2e2b409a2 100644 --- a/packages/shared-utils/src/security-headers.ts +++ b/packages/shared-utils/src/security-headers.ts @@ -2,7 +2,7 @@ * Shared security headers for SvelteKit web apps. * * Sets standard security headers (CSP, X-Frame-Options, etc.) - * with Umami analytics and GlitchTip error tracking pre-configured. + * with GlitchTip error tracking pre-configured. * * @example * ```typescript @@ -33,7 +33,7 @@ interface SecurityHeadersOptions { /** * Set standard security headers on a Response object. - * Includes Umami (stats.mana.how) and GlitchTip (glitchtip.mana.how) by default. + * Includes GlitchTip (glitchtip.mana.how) by default. */ export function setSecurityHeaders(response: Response, options: SecurityHeadersOptions = {}): void { const { @@ -67,10 +67,10 @@ export function setSecurityHeaders(response: Response, options: SecurityHeadersO // WebAssembly compilation, NOT eval()/new Function() — much narrower // than the legacy 'unsafe-eval' source. Supported by all evergreen // browsers. - `script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://stats.mana.how https://glitchtip.mana.how ${scriptSrc.join(' ')}`.trim(), + `script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://glitchtip.mana.how ${scriptSrc.join(' ')}`.trim(), "style-src 'self' 'unsafe-inline'", `img-src 'self' data: blob: https: ${imgSrc.join(' ')}`.trim(), - `connect-src 'self' https://stats.mana.how https://glitchtip.mana.how ${connectSrc.join(' ')}`.trim(), + `connect-src 'self' https://glitchtip.mana.how ${connectSrc.join(' ')}`.trim(), `font-src 'self' ${fontSrc.join(' ')}`.trim(), mediaSrc.length > 0 ? `media-src 'self' ${mediaSrc.join(' ')}`.trim() : '', "object-src 'none'", diff --git a/packages/website-blocks/src/analytics/Analytics.svelte b/packages/website-blocks/src/analytics/Analytics.svelte index 9d132d8a2..8f1a10f9a 100644 --- a/packages/website-blocks/src/analytics/Analytics.svelte +++ b/packages/website-blocks/src/analytics/Analytics.svelte @@ -11,11 +11,6 @@ if (block.props.scriptUrl) return block.props.scriptUrl; return 'https://plausible.io/js/script.js'; }); - - const umamiSrc = $derived.by(() => { - if (block.props.scriptUrl) return block.props.scriptUrl; - return 'https://cloud.umami.is/script.js'; - }); {#if !isPublic} @@ -30,8 +25,6 @@ {:else if configured} {#if block.props.provider === 'plausible'} - {:else if block.props.provider === 'umami'} - {/if} {/if} diff --git a/packages/website-blocks/src/analytics/AnalyticsInspector.svelte b/packages/website-blocks/src/analytics/AnalyticsInspector.svelte index 58ad0618d..b59f19417 100644 --- a/packages/website-blocks/src/analytics/AnalyticsInspector.svelte +++ b/packages/website-blocks/src/analytics/AnalyticsInspector.svelte @@ -10,7 +10,7 @@ if (provider === 'plausible') { return 'Trage hier die Domain ein, die du bei Plausible registriert hast (z.B. "meineseite.de"). Keine Cookies, DSGVO-konform.'; } - return 'Umami Website-ID (UUID). Keine Cookies, DSGVO-konform.'; + return 'Keine Cookies, DSGVO-konform.'; }); const keyLabel = $derived(provider === 'plausible' ? 'Domain' : 'Website-ID'); @@ -25,7 +25,6 @@ onchange={(e) => onChange({ provider: e.currentTarget.value as AnalyticsProps['provider'] })} > - diff --git a/packages/website-blocks/src/analytics/schema.ts b/packages/website-blocks/src/analytics/schema.ts index 98f761ed5..0ab6a64ea 100644 --- a/packages/website-blocks/src/analytics/schema.ts +++ b/packages/website-blocks/src/analytics/schema.ts @@ -2,16 +2,15 @@ import { z } from 'zod'; /** * Analytics block — injects a tracking snippet into the published - * page. Opt-in, no cookies by design (Plausible / Umami are - * cookieless). + * page. Opt-in, no cookies by design (Plausible is cookieless). * * The block renders nothing visible in edit/preview; in public mode * it emits a single