[PATCH] services: Add anonip-service-type.

Ricardo Wurmus wrote on 1 Jul 01:15 +0200

Recipients:(address . guix-patches@gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)

Message-ID:20220630231551.16188-1-rekado@elephly.net

* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-log-file, anonip-configuration-fifo-directory,
anonip-configuration-output-directory): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
 doc/guix.texi        | 58 +++++++++++++++++++++++++++++++++-
 gnu/services/web.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 130 insertions(+), 2 deletions(-)

Toggle diff (177 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index b8c49099a4..d23d3b1fbc 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
 Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
 Copyright @copyright{} 2016 Ben Woodcroft@*
 Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
 Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,62 @@ String or gexp denoting the corresponding mcron job schedule
 @end table
 @end deftp
 
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+         (anonip-configuration
+           (log-file "https.access.log")))
+@end lisp
+
+The directories to store the FIFO and the filtered log can be changed
+with @code{fifo-directory} and @code{output-directory}, respectively.
+In the following example the filtered log file would be written to
+@file{/var/web-logs/https.access.log}.
+
+@lisp
+(service anonip-service-type
+         (anonip-configuration
+           (log-file "https.access.log")
+           (output-directory "/var/web-logs/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{log-file}
+The file name of the log file to process.  This name is used in the FIFO
+as well as in the filtered log file.  This must not be an absolute file
+name.
+
+@item @code{fifo-directory} (default: @code{"/var/run/anonip"})
+The directory where the FIFO file is created.
+
+@item @code{output-directory} (default: @code{"/var/log/anonip"})
+The directory to which the filtered log file will be written.
+
+@end table
+@end deftp
+
+
 @node Networking Setup
 @subsection Networking Setup
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4f06d4e0bb..641a928e41 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
@@ -204,6 +204,14 @@ (define-module (gnu services web)
 
             tailon-service-type
 
+            anonip-configuration
+            anonip-configuration?
+            anonip-configuration-anonip
+            anonip-configuration-log-file
+            anonip-configuration-fifo-directory
+            anonip-configuration-output-directory
+            anonip-service-type
+
             varnish-configuration
             varnish-configuration?
             varnish-configuration-package
@@ -1343,6 +1351,70 @@ (define tailon-service-type
                                  files))))))))
    (default-value (tailon-configuration))))
 
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+  anonip-configuration make-anonip-configuration
+  anonip-configuration?
+  (anonip            anonip-configuration-anonip ;file-like
+                     (default anonip))
+  (log-file          anonip-configuration-log-file)          ;string
+  (fifo-directory    anonip-configuration-fifo-directory
+                     (default "/var/run/anonip"))            ;string
+  (output-directory  anonip-configuration-output-directory
+                     (default "/var/log/anonip")))           ;string
+
+(define (anonip-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (for-each
+         (lambda (directory)
+           (mkdir-p directory)
+           (chmod directory #o755))
+         (list #$(anonip-configuration-output-directory config)
+               #$(anonip-configuration-fifo-directory config))))))
+
+(define (anonip-shepherd-service config)
+  (let ((log-file (anonip-configuration-log-file config))
+        (fifos    (anonip-configuration-fifo-directory config))
+        (outputs  (anonip-configuration-output-directory config)))
+    (list (shepherd-service
+           (provision (list (symbol-append 'anonip- (string->symbol log-file))))
+           (requirement '(user-processes))
+           (documentation "Anonimyze the given log file location with anonip.")
+           (start #~(lambda _
+                      (let ((fifo #$(format #false "~a/~a" fifos log-file)))
+                        (unless (file-exists? fifo)
+                          (mknod fifo 'fifo #o600 0))
+                        (let ((pid (fork+exec-command
+                                    (list #$(file-append (anonip-configuration-anonip config)
+                                                         "/bin/anonip")
+                                          (string-append "--input=" fifo)
+                                          (string-append "--output=" #$(format #false "~a/~a" outputs log-file)))
+                                    ;; Run in a UTF-8 locale
+                                    #:environment-variables
+                                    (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+                                                         "/lib/locale")
+                                          "LC_ALL=en_US.utf8"))))
+                          pid))))
+           (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+  (service-type
+   (name 'anonip)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             anonip-shepherd-service)
+          (service-extension activation-service-type
+                             anonip-activation)))
+   (description
+    "Provide web server log anonymization with @command{anonip}.")))
+
 
 ;;;
 ;;; Varnish
-- 
2.36.1

Ricardo Wurmus wrote on 3 Jul 12:52 +0200

[PATCH v2] services: Add anonip-service-type.

Recipients:(address . 56330@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)

Message-ID:20220703105216.8843-1-rekado@elephly.net

* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
 doc/guix.texi        |  71 +++++++++++++++++++++++++++-
 gnu/services/web.scm | 110 ++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 179 insertions(+), 2 deletions(-)

Toggle diff (226 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index cf373b6cbd..a22a7f59ec 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
 Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
 Copyright @copyright{} 2016 Ben Woodcroft@*
 Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
 Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,75 @@ String or gexp denoting the corresponding mcron job schedule
 @end table
 @end deftp
 
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+         (anonip-configuration
+           (input  "/var/run/anonip/https.access.log")
+           (output "/var/log/anonip/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{input}
+The file name of the input log file to process.  The service creates a
+FIFO of this name.  The web server should write its logs to this FIFO.
+
+@item @code{output}
+The file name of the processed log file.
+@end table
+
+The following optional settings may be provided:
+
+@table @asis
+@item @code{skip-private?}
+When @code{#true} do not mask addresses in private ranges.
+
+@item @code{column}
+A 1-based indexed column number.  Assume IP address is in the specified
+column (default is 1).
+
+@item @code{replacement}
+Replacement string in case address parsing fails, e.g. @code{"0.0.0.0"}.
+
+@item @code{ipv4mask}
+Number of bits to mask in IPv4 addresses.
+
+@item @code{ipv6mask}
+Number of bits to mask in IPv6 addresses.
+
+@item @code{increment}
+Increment the IP address by the given number.  By default this is zero.
+
+@item @code{delimiter}
+Log delimiter string.
+
+@item @code{regex}
+Regular expression for detecting IP addresses.  Use this instead of @code{column}.
+@end table
+@end deftp
+
+
 @node Networking Setup
 @subsection Networking Setup
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..1480a751e2 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
@@ -205,6 +205,21 @@ (define-module (gnu services web)
 
             tailon-service-type
 
+            anonip-configuration
+            anonip-configuration?
+            anonip-configuration-anonip
+            anonip-configuration-input
+            anonip-configuration-output
+            anonip-configuration-skip-private?
+            anonip-configuration-column
+            anonip-configuration-replacement
+            anonip-configuration-ipv4mask
+            anonip-configuration-ipv6mask
+            anonip-configuration-increment
+            anonip-configuration-delimiter
+            anonip-configuration-regex
+            anonip-service-type
+
             varnish-configuration
             varnish-configuration?
             varnish-configuration-package
@@ -1355,6 +1370,99 @@ (define tailon-service-type
                                  files))))))))
    (default-value (tailon-configuration))))
 
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+  anonip-configuration make-anonip-configuration
+  anonip-configuration?
+  (anonip            anonip-configuration-anonip       ;file-like
+                     (default anonip))
+  (input             anonip-configuration-input)       ;string
+  (output            anonip-configuration-output)      ;string
+  (skip-private?     anonip-configuration-skip-private? ;boolean
+                     (default #f))
+  (column            anonip-configuration-column       ;number
+                     (default #f))
+  (replacement       anonip-configuration-replacement  ;string
+                     (default #f))
+  (ipv4mask          anonip-configuration-ipv4mask     ;number
+                     (default #f)) 
+  (ipv6mask          anonip-configuration-ipv6mask     ;number
+                     (default #f))
+  (increment         anonip-configuration-increment    ;number
+                     (default #f))
+  (delimiter         anonip-configuration-delimiter    ;string
+                     (default #f))
+  (regex             anonip-configuration-regex        ;string
+                     (default #f)))
+
+(define (anonip-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (for-each
+         (lambda (directory)
+           (mkdir-p directory)
+           (chmod directory #o755))
+         (list (dirname #$(anonip-configuration-input config))
+               (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+  (let ((input (anonip-configuration-input config))
+        (output (anonip-configuration-output config)))
+    (list (shepherd-service
+           (provision (list (symbol-append 'anonip- (string->symbol output))))
+           (requirement '(user-processes))
+           (documentation "Anonimyze the given log file location with anonip.")
+           (start #~(lambda _
+                      (let ((optional
+                             (lambda (accessor option)
+                               (or (and=> (accessor config)
+                                          (lambda (value)
+                                            (list
+                                             (format #false "~a=~a"
+                                                     option (accessor config)))))
+                                   (list)))))
+                        (unless (file-exists? input)
+                          (mknod input 'fifo #o600 0))
+                        (let ((pid (fork+exec-command
+                                    (append
+                                      (list #$(file-append (anonip-configuration-anonip config)
+                                                           "/bin/anonip")
+                                            (string-append "--input=" input)
+                                            (string-append "--output=" output))
+                                      (if (anonip-configuration-skip-private? config)
+                                          '("--skip-private") (list))
+                                      (optional anonip-configuration-column "--column")
+                                      (optional anonip-configuration-ipv4mask "--ipv4mask")
+                                      (optional anonip-configuration-ipv6mask "--ipv6mask")
+                                      (optional anonip-configuration-increment "--increment")
+                                      (optional anonip-configuration-replacement "--replacement")
+                                      (optional anonip-configuration-delimiter "--delimiter")
+                                      (optional anonip-configuration-regex "--regex"))
+                                    ;; Run in a UTF-8 locale
+                                    #:environment-variables
+                                    (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+                                                         "/lib/locale")
+                                          "LC_ALL=en_US.utf8"))))
+                          pid))))
+           (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+  (service-type
+   (name 'anonip)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             anonip-shepherd-service)
+          (service-extension activation-service-type
+                             anonip-activation)))
+   (description
+    "Provide web server log anonymization with @command{anonip}.")))
+
 
 ;;;
 ;;; Varnish
-- 
2.36.1

Ricardo Wurmus wrote on 3 Jul 13:53 +0200

[PATCH v3] services: Add anonip-service-type.

Recipients:(address . 56330@debbugs.gnu.org)(name . Ricardo Wurmus)(address . rekado@elephly.net)

Message-ID:20220703115357.20195-1-rekado@elephly.net

* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
 doc/guix.texi        |  71 +++++++++++++++++++++++++++-
 gnu/services/web.scm | 110 ++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 179 insertions(+), 2 deletions(-)

Toggle diff (226 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index cf373b6cbd..a22a7f59ec 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
 Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
 Copyright @copyright{} 2016 Ben Woodcroft@*
 Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
 Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,75 @@ String or gexp denoting the corresponding mcron job schedule
 @end table
 @end deftp
 
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+         (anonip-configuration
+           (input  "/var/run/anonip/https.access.log")
+           (output "/var/log/anonip/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{input}
+The file name of the input log file to process.  The service creates a
+FIFO of this name.  The web server should write its logs to this FIFO.
+
+@item @code{output}
+The file name of the processed log file.
+@end table
+
+The following optional settings may be provided:
+
+@table @asis
+@item @code{skip-private?}
+When @code{#true} do not mask addresses in private ranges.
+
+@item @code{column}
+A 1-based indexed column number.  Assume IP address is in the specified
+column (default is 1).
+
+@item @code{replacement}
+Replacement string in case address parsing fails, e.g. @code{"0.0.0.0"}.
+
+@item @code{ipv4mask}
+Number of bits to mask in IPv4 addresses.
+
+@item @code{ipv6mask}
+Number of bits to mask in IPv6 addresses.
+
+@item @code{increment}
+Increment the IP address by the given number.  By default this is zero.
+
+@item @code{delimiter}
+Log delimiter string.
+
+@item @code{regex}
+Regular expression for detecting IP addresses.  Use this instead of @code{column}.
+@end table
+@end deftp
+
+
 @node Networking Setup
 @subsection Networking Setup
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..f0c7e90cbf 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
@@ -205,6 +205,21 @@ (define-module (gnu services web)
 
             tailon-service-type
 
+            anonip-configuration
+            anonip-configuration?
+            anonip-configuration-anonip
+            anonip-configuration-input
+            anonip-configuration-output
+            anonip-configuration-skip-private?
+            anonip-configuration-column
+            anonip-configuration-replacement
+            anonip-configuration-ipv4mask
+            anonip-configuration-ipv6mask
+            anonip-configuration-increment
+            anonip-configuration-delimiter
+            anonip-configuration-regex
+            anonip-service-type
+
             varnish-configuration
             varnish-configuration?
             varnish-configuration-package
@@ -1355,6 +1370,99 @@ (define tailon-service-type
                                  files))))))))
    (default-value (tailon-configuration))))
 
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+  anonip-configuration make-anonip-configuration
+  anonip-configuration?
+  (anonip            anonip-configuration-anonip       ;file-like
+                     (default anonip))
+  (input             anonip-configuration-input)       ;string
+  (output            anonip-configuration-output)      ;string
+  (skip-private?     anonip-configuration-skip-private? ;boolean
+                     (default #f))
+  (column            anonip-configuration-column       ;number
+                     (default #f))
+  (replacement       anonip-configuration-replacement  ;string
+                     (default #f))
+  (ipv4mask          anonip-configuration-ipv4mask     ;number
+                     (default #f)) 
+  (ipv6mask          anonip-configuration-ipv6mask     ;number
+                     (default #f))
+  (increment         anonip-configuration-increment    ;number
+                     (default #f))
+  (delimiter         anonip-configuration-delimiter    ;string
+                     (default #f))
+  (regex             anonip-configuration-regex        ;string
+                     (default #f)))
+
+(define (anonip-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (for-each
+         (lambda (directory)
+           (mkdir-p directory)
+           (chmod directory #o755))
+         (list (dirname #$(anonip-configuration-input config))
+               (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+  (let ((input (anonip-configuration-input config))
+        (output (anonip-configuration-output config))
+        (optional
+         (lambda (accessor option)
+           (or (and=> (accessor config)
+                      (lambda (value)
+                        (list
+                         (format #false "~a=~a"
+                                 option value))))
+               (list)))))
+    (list (shepherd-service
+           (provision (list (symbol-append 'anonip- (string->symbol output))))
+           (requirement '(user-processes))
+           (documentation "Anonimyze the given log file location with anonip.")
+           (start #~(lambda _
+                      (unless (file-exists? #$input)
+                          (mknod #$input 'fifo #o600 0))
+                      (let ((pid (fork+exec-command
+                                  (append
+                                      (list #$(file-append (anonip-configuration-anonip config)
+                                                           "/bin/anonip")
+                                            (string-append "--input=" #$input)
+                                            (string-append "--output=" #$output))
+                                      (if #$(anonip-configuration-skip-private? config)
+                                          '("--skip-private") (list))
+                                    '#$(optional anonip-configuration-column "--column")
+                                    '#$(optional anonip-configuration-ipv4mask "--ipv4mask")
+                                    '#$(optional anonip-configuration-ipv6mask "--ipv6mask")
+                                    '#$(optional anonip-configuration-increment "--increment")
+                                    '#$(optional anonip-configuration-replacement "--replacement")
+                                    '#$(optional anonip-configuration-delimiter "--delimiter")
+                                    '#$(optional anonip-configuration-regex "--regex"))
+                                  ;; Run in a UTF-8 locale
+                                  #:environment-variables
+                                  (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+                                                       "/lib/locale")
+                                        "LC_ALL=en_US.utf8"))))
+                        pid)))
+           (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+  (service-type
+   (name 'anonip)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             anonip-shepherd-service)
+          (service-extension activation-service-type
+                             anonip-activation)))
+   (description
+    "Provide web server log anonymization with @command{anonip}.")))
+
 
 ;;;
 ;;; Varnish
-- 
2.36.1

Ricardo Wurmus wrote on 3 Jul 15:03 +0200

Recipients:(address . 56330-done@debbugs.gnu.org)

Message-ID:871qv25ows.fsf@elephly.net

Ricardo Wurmus <rekado@elephly.net> writes:

Toggle quote (10 lines)> * gnu/services/web.scm (anonip-configuration): New record type.
> (anonip-configuration?, anonip-configuration-anonip,
> anonip-configuration-input, anonip-configuration-output,
> anonip-configuration-skip-private?, anonip-configuration-column,
> anonip-configuration-replacement, anonip-configuration-ipv4mask,
> anonip-configuration-ipv6mask, anonip-configuration-increment,
> anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
> (anonip-service-type): New service type.
> * doc/guix.texi (Log Rotation): Add subheading for Anonip Service.

Merged.

Ricardo

Closed

Your comment

This issue is archived.

To comment on this conversation send email to 56330@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date