summaryrefslogtreecommitdiff
path: root/gnu/services/web.scm
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2022-07-01 01:08:34 +0200
committerRicardo Wurmus <rekado@elephly.net>2022-07-03 14:12:32 +0200
commitcba98b58bf09f22dfbfb338884b80ab831e0be46 (patch)
tree44521c19750d637ada05fe241171bc909f50bca9 /gnu/services/web.scm
parente0d2f8164e6a1c15fdcae6f7dadb05c0c9e25352 (diff)
services: Add anonip-service-type.
* gnu/services/web.scm (anonip-configuration): New record type. (anonip-configuration?, anonip-configuration-anonip, anonip-configuration-input, anonip-configuration-output, anonip-configuration-skip-private?, anonip-configuration-column, anonip-configuration-replacement, anonip-configuration-ipv4mask, anonip-configuration-ipv6mask, anonip-configuration-increment, anonip-configuration-delimiter, anonip-configuration-regex): New procedures. (anonip-service-type): New service type. * doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
Diffstat (limited to 'gnu/services/web.scm')
-rw-r--r--gnu/services/web.scm110
1 files changed, 109 insertions, 1 deletions
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..f0c7e90cbf 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
@@ -205,6 +205,21 @@
tailon-service-type
+ anonip-configuration
+ anonip-configuration?
+ anonip-configuration-anonip
+ anonip-configuration-input
+ anonip-configuration-output
+ anonip-configuration-skip-private?
+ anonip-configuration-column
+ anonip-configuration-replacement
+ anonip-configuration-ipv4mask
+ anonip-configuration-ipv6mask
+ anonip-configuration-increment
+ anonip-configuration-delimiter
+ anonip-configuration-regex
+ anonip-service-type
+
varnish-configuration
varnish-configuration?
varnish-configuration-package
@@ -1355,6 +1370,99 @@ files.")
files))))))))
(default-value (tailon-configuration))))
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+ anonip-configuration make-anonip-configuration
+ anonip-configuration?
+ (anonip anonip-configuration-anonip ;file-like
+ (default anonip))
+ (input anonip-configuration-input) ;string
+ (output anonip-configuration-output) ;string
+ (skip-private? anonip-configuration-skip-private? ;boolean
+ (default #f))
+ (column anonip-configuration-column ;number
+ (default #f))
+ (replacement anonip-configuration-replacement ;string
+ (default #f))
+ (ipv4mask anonip-configuration-ipv4mask ;number
+ (default #f))
+ (ipv6mask anonip-configuration-ipv6mask ;number
+ (default #f))
+ (increment anonip-configuration-increment ;number
+ (default #f))
+ (delimiter anonip-configuration-delimiter ;string
+ (default #f))
+ (regex anonip-configuration-regex ;string
+ (default #f)))
+
+(define (anonip-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (for-each
+ (lambda (directory)
+ (mkdir-p directory)
+ (chmod directory #o755))
+ (list (dirname #$(anonip-configuration-input config))
+ (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+ (let ((input (anonip-configuration-input config))
+ (output (anonip-configuration-output config))
+ (optional
+ (lambda (accessor option)
+ (or (and=> (accessor config)
+ (lambda (value)
+ (list
+ (format #false "~a=~a"
+ option value))))
+ (list)))))
+ (list (shepherd-service
+ (provision (list (symbol-append 'anonip- (string->symbol output))))
+ (requirement '(user-processes))
+ (documentation "Anonimyze the given log file location with anonip.")
+ (start #~(lambda _
+ (unless (file-exists? #$input)
+ (mknod #$input 'fifo #o600 0))
+ (let ((pid (fork+exec-command
+ (append
+ (list #$(file-append (anonip-configuration-anonip config)
+ "/bin/anonip")
+ (string-append "--input=" #$input)
+ (string-append "--output=" #$output))
+ (if #$(anonip-configuration-skip-private? config)
+ '("--skip-private") (list))
+ '#$(optional anonip-configuration-column "--column")
+ '#$(optional anonip-configuration-ipv4mask "--ipv4mask")
+ '#$(optional anonip-configuration-ipv6mask "--ipv6mask")
+ '#$(optional anonip-configuration-increment "--increment")
+ '#$(optional anonip-configuration-replacement "--replacement")
+ '#$(optional anonip-configuration-delimiter "--delimiter")
+ '#$(optional anonip-configuration-regex "--regex"))
+ ;; Run in a UTF-8 locale
+ #:environment-variables
+ (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ "/lib/locale")
+ "LC_ALL=en_US.utf8"))))
+ pid)))
+ (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+ (service-type
+ (name 'anonip)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ anonip-shepherd-service)
+ (service-extension activation-service-type
+ anonip-activation)))
+ (description
+ "Provide web server log anonymization with @command{anonip}.")))
+
;;;
;;; Varnish