Add GoatCounter analytics, Miniflux, and update CLAUDE.md

- Add self-hosted GoatCounter via systemd binary service (stats.monotrope.au)
- Add Miniflux RSS reader via Docker Compose (reader.monotrope.au)
- Extend Ansible playbook with goatcounter and miniflux tags; all provisioning is idempotent
- Add Caddy reverse proxy blocks for both new services
- Inject GoatCounter script in baseof.html (production builds only)
- Add goatcounter and miniflux Makefile targets
- Rewrite CLAUDE.md to reflect actual project state

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

infra/Caddyfile

@@ -22,3 +22,17 @@ monotrope.au {
 www.monotrope.au {
 	redir https://monotrope.au{uri} permanent
 }
+
+# Miniflux RSS reader
+reader.monotrope.au {
+	reverse_proxy localhost:8080
+
+	encode zstd gzip
+}
+
+# GoatCounter analytics
+stats.monotrope.au {
+	reverse_proxy localhost:8081
+
+	encode zstd gzip
+}

infra/ansible/playbook.yml

@@ -7,6 +7,12 @@
     site_dir: /var/www/monotrope
     deploy_user: deploy
     deploy_pubkey: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_ed25519.pub') }}"
+    miniflux_db_password: "{{ lookup('env', 'MINIFLUX_DB_PASSWORD') }}"
+    miniflux_admin_user: "{{ lookup('env', 'MINIFLUX_ADMIN_USER') | default('admin') }}"
+    miniflux_admin_password: "{{ lookup('env', 'MINIFLUX_ADMIN_PASSWORD') }}"
+    goatcounter_version: "2.7.0"
+    goatcounter_admin_email: "{{ lookup('env', 'GOATCOUNTER_ADMIN_EMAIL') }}"
+    goatcounter_admin_password: "{{ lookup('env', 'GOATCOUNTER_ADMIN_PASSWORD') }}"
 
   tasks:
 
@@ -58,6 +64,9 @@
         group: caddy
         mode: '0640'
       notify: Restart Caddy
+      tags:
+        - miniflux
+        - goatcounter
 
     - name: Enable and start Caddy
       systemd:
@@ -149,6 +158,142 @@
         enabled: true
         state: started
 
+    # ── Miniflux ────────────────────────────────────────────────────────────
+
+    - name: Create Miniflux directory
+      file:
+        path: /opt/miniflux
+        state: directory
+        owner: root
+        group: root
+        mode: '0750'
+      tags: miniflux
+
+    - name: Copy Miniflux docker-compose.yml
+      copy:
+        src: ../miniflux/docker-compose.yml
+        dest: /opt/miniflux/docker-compose.yml
+        owner: root
+        group: root
+        mode: '0640'
+      tags: miniflux
+
+    - name: Write Miniflux .env
+      copy:
+        dest: /opt/miniflux/.env
+        owner: root
+        group: root
+        mode: '0600'
+        content: |
+          MINIFLUX_DB_PASSWORD={{ miniflux_db_password }}
+          MINIFLUX_ADMIN_USER={{ miniflux_admin_user }}
+          MINIFLUX_ADMIN_PASSWORD={{ miniflux_admin_password }}
+      no_log: true
+      tags: miniflux
+
+    - name: Pull and start Miniflux
+      command: docker compose up -d --pull always
+      args:
+        chdir: /opt/miniflux
+      tags: miniflux
+
+    # ── GoatCounter ─────────────────────────────────────────────────────────
+
+    - name: Create goatcounter system user
+      user:
+        name: goatcounter
+        system: true
+        create_home: false
+        shell: /usr/sbin/nologin
+        state: present
+      tags: goatcounter
+
+    - name: Create GoatCounter data directory
+      file:
+        path: /var/lib/goatcounter
+        state: directory
+        owner: goatcounter
+        group: goatcounter
+        mode: '0750'
+      tags: goatcounter
+
+    - name: Download GoatCounter binary
+      get_url:
+        url: "https://github.com/arp242/goatcounter/releases/download/v{{ goatcounter_version }}/goatcounter-v{{ goatcounter_version }}-linux-amd64.gz"
+        dest: /tmp/goatcounter.gz
+        mode: '0644'
+      tags: goatcounter
+
+    - name: Decompress GoatCounter binary
+      shell: gunzip -f /tmp/goatcounter.gz && mv /tmp/goatcounter /usr/local/bin/goatcounter && chmod 0755 /usr/local/bin/goatcounter
+      args:
+        creates: /usr/local/bin/goatcounter
+      tags: goatcounter
+
+    - name: Check if GoatCounter admin user has been created
+      stat:
+        path: /var/lib/goatcounter/.admin_created
+      register: goatcounter_admin_marker
+      tags: goatcounter
+
+    - name: Create GoatCounter admin user
+      command: >
+        goatcounter db create site
+        -db sqlite+/var/lib/goatcounter/goatcounter.sqlite3
+        -createdb
+        -vhost stats.monotrope.au
+        -user.email {{ goatcounter_admin_email }}
+        -user.password {{ goatcounter_admin_password }}
+      become_user: goatcounter
+      when: not goatcounter_admin_marker.stat.exists
+      no_log: true
+      tags: goatcounter
+
+    - name: Mark GoatCounter admin user as created
+      file:
+        path: /var/lib/goatcounter/.admin_created
+        state: touch
+        owner: goatcounter
+        group: goatcounter
+        mode: '0600'
+      when: not goatcounter_admin_marker.stat.exists
+      tags: goatcounter
+
+    - name: Install GoatCounter systemd service
+      copy:
+        dest: /etc/systemd/system/goatcounter.service
+        owner: root
+        group: root
+        mode: '0644'
+        content: |
+          [Unit]
+          Description=GoatCounter analytics
+          After=network.target
+
+          [Service]
+          User=goatcounter
+          Group=goatcounter
+          ExecStart=/usr/local/bin/goatcounter serve \
+            -listen localhost:8081 \
+            -db sqlite+/var/lib/goatcounter/goatcounter.sqlite3 \
+            -tls none \
+            -domain stats.monotrope.au
+          Restart=on-failure
+          RestartSec=5
+
+          [Install]
+          WantedBy=multi-user.target
+      notify: Restart GoatCounter
+      tags: goatcounter
+
+    - name: Enable and start GoatCounter
+      systemd:
+        name: goatcounter
+        enabled: true
+        state: started
+        daemon_reload: true
+      tags: goatcounter
+
     # ── Deploy user ──────────────────────────────────────────────────────────
 
     - name: Create deploy user
@@ -186,3 +331,8 @@
       systemd:
         name: caddy
         state: restarted
+
+    - name: Restart GoatCounter
+      systemd:
+        name: goatcounter
+        state: restarted

infra/miniflux/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  miniflux:
+    image: miniflux/miniflux:latest
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+    ports:
+      - "127.0.0.1:8080:8080"
+    environment:
+      DATABASE_URL: "postgres://miniflux:${MINIFLUX_DB_PASSWORD}@db/miniflux?sslmode=disable"
+      RUN_MIGRATIONS: "1"
+      CREATE_ADMIN: "1"
+      ADMIN_USERNAME: "${MINIFLUX_ADMIN_USER}"
+      ADMIN_PASSWORD: "${MINIFLUX_ADMIN_PASSWORD}"
+      BASE_URL: "https://reader.monotrope.au"
+    env_file:
+      - .env
+
+  db:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    volumes:
+      - miniflux_db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: miniflux
+      POSTGRES_USER: miniflux
+      POSTGRES_PASSWORD: "${MINIFLUX_DB_PASSWORD}"
+    env_file:
+      - .env
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  miniflux_db: