diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2022-07-01 01:08:34 +0200 |
---|---|---|
committer | Ricardo Wurmus <rekado@elephly.net> | 2022-07-03 14:12:32 +0200 |
commit | cba98b58bf09f22dfbfb338884b80ab831e0be46 (patch) | |
tree | 44521c19750d637ada05fe241171bc909f50bca9 /gnu/services/web.scm | |
parent | e0d2f8164e6a1c15fdcae6f7dadb05c0c9e25352 (diff) |
services: Add anonip-service-type.
* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
Diffstat (limited to 'gnu/services/web.scm')
-rw-r--r-- | gnu/services/web.scm | 110 |
1 files changed, 109 insertions, 1 deletions
diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 4434fecf02..f0c7e90cbf 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr> ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de> -;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com> @@ -205,6 +205,21 @@ tailon-service-type + anonip-configuration + anonip-configuration? + anonip-configuration-anonip + anonip-configuration-input + anonip-configuration-output + anonip-configuration-skip-private? + anonip-configuration-column + anonip-configuration-replacement + anonip-configuration-ipv4mask + anonip-configuration-ipv6mask + anonip-configuration-increment + anonip-configuration-delimiter + anonip-configuration-regex + anonip-service-type + varnish-configuration varnish-configuration? varnish-configuration-package @@ -1355,6 +1370,99 @@ files.") files)))))))) (default-value (tailon-configuration)))) + + +;;; +;;; Log anonymization +;;; + +(define-record-type* <anonip-configuration> + anonip-configuration make-anonip-configuration + anonip-configuration? + (anonip anonip-configuration-anonip ;file-like + (default anonip)) + (input anonip-configuration-input) ;string + (output anonip-configuration-output) ;string + (skip-private? anonip-configuration-skip-private? ;boolean + (default #f)) + (column anonip-configuration-column ;number + (default #f)) + (replacement anonip-configuration-replacement ;string + (default #f)) + (ipv4mask anonip-configuration-ipv4mask ;number + (default #f)) + (ipv6mask anonip-configuration-ipv6mask ;number + (default #f)) + (increment anonip-configuration-increment ;number + (default #f)) + (delimiter anonip-configuration-delimiter ;string + (default #f)) + (regex anonip-configuration-regex ;string + (default #f))) + +(define (anonip-activation config) + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (for-each + (lambda (directory) + (mkdir-p directory) + (chmod directory #o755)) + (list (dirname #$(anonip-configuration-input config)) + (dirname #$(anonip-configuration-output config))))))) + +(define (anonip-shepherd-service config) + (let ((input (anonip-configuration-input config)) + (output (anonip-configuration-output config)) + (optional + (lambda (accessor option) + (or (and=> (accessor config) + (lambda (value) + (list + (format #false "~a=~a" + option value)))) + (list))))) + (list (shepherd-service + (provision (list (symbol-append 'anonip- (string->symbol output)))) + (requirement '(user-processes)) + (documentation "Anonimyze the given log file location with anonip.") + (start #~(lambda _ + (unless (file-exists? #$input) + (mknod #$input 'fifo #o600 0)) + (let ((pid (fork+exec-command + (append + (list #$(file-append (anonip-configuration-anonip config) + "/bin/anonip") + (string-append "--input=" #$input) + (string-append "--output=" #$output)) + (if #$(anonip-configuration-skip-private? config) + '("--skip-private") (list)) + '#$(optional anonip-configuration-column "--column") + '#$(optional anonip-configuration-ipv4mask "--ipv4mask") + '#$(optional anonip-configuration-ipv6mask "--ipv6mask") + '#$(optional anonip-configuration-increment "--increment") + '#$(optional anonip-configuration-replacement "--replacement") + '#$(optional anonip-configuration-delimiter "--delimiter") + '#$(optional anonip-configuration-regex "--regex")) + ;; Run in a UTF-8 locale + #:environment-variables + (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales + "/lib/locale") + "LC_ALL=en_US.utf8")))) + pid))) + (stop #~(make-kill-destructor)))))) + +(define anonip-service-type + (service-type + (name 'anonip) + (extensions + (list (service-extension shepherd-root-service-type + anonip-shepherd-service) + (service-extension activation-service-type + anonip-activation))) + (description + "Provide web server log anonymization with @command{anonip}."))) + ;;; ;;; Varnish |