summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/web.scm110
1 files changed, 109 insertions, 1 deletions
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..f0c7e90cbf 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian@pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
@@ -205,6 +205,21 @@
 
             tailon-service-type
 
+            anonip-configuration
+            anonip-configuration?
+            anonip-configuration-anonip
+            anonip-configuration-input
+            anonip-configuration-output
+            anonip-configuration-skip-private?
+            anonip-configuration-column
+            anonip-configuration-replacement
+            anonip-configuration-ipv4mask
+            anonip-configuration-ipv6mask
+            anonip-configuration-increment
+            anonip-configuration-delimiter
+            anonip-configuration-regex
+            anonip-service-type
+
             varnish-configuration
             varnish-configuration?
             varnish-configuration-package
@@ -1355,6 +1370,99 @@ files.")
                                  files))))))))
    (default-value (tailon-configuration))))
 
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+  anonip-configuration make-anonip-configuration
+  anonip-configuration?
+  (anonip            anonip-configuration-anonip       ;file-like
+                     (default anonip))
+  (input             anonip-configuration-input)       ;string
+  (output            anonip-configuration-output)      ;string
+  (skip-private?     anonip-configuration-skip-private? ;boolean
+                     (default #f))
+  (column            anonip-configuration-column       ;number
+                     (default #f))
+  (replacement       anonip-configuration-replacement  ;string
+                     (default #f))
+  (ipv4mask          anonip-configuration-ipv4mask     ;number
+                     (default #f)) 
+  (ipv6mask          anonip-configuration-ipv6mask     ;number
+                     (default #f))
+  (increment         anonip-configuration-increment    ;number
+                     (default #f))
+  (delimiter         anonip-configuration-delimiter    ;string
+                     (default #f))
+  (regex             anonip-configuration-regex        ;string
+                     (default #f)))
+
+(define (anonip-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (for-each
+         (lambda (directory)
+           (mkdir-p directory)
+           (chmod directory #o755))
+         (list (dirname #$(anonip-configuration-input config))
+               (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+  (let ((input (anonip-configuration-input config))
+        (output (anonip-configuration-output config))
+        (optional
+         (lambda (accessor option)
+           (or (and=> (accessor config)
+                      (lambda (value)
+                        (list
+                         (format #false "~a=~a"
+                                 option value))))
+               (list)))))
+    (list (shepherd-service
+           (provision (list (symbol-append 'anonip- (string->symbol output))))
+           (requirement '(user-processes))
+           (documentation "Anonimyze the given log file location with anonip.")
+           (start #~(lambda _
+                      (unless (file-exists? #$input)
+                          (mknod #$input 'fifo #o600 0))
+                      (let ((pid (fork+exec-command
+                                  (append
+                                      (list #$(file-append (anonip-configuration-anonip config)
+                                                           "/bin/anonip")
+                                            (string-append "--input=" #$input)
+                                            (string-append "--output=" #$output))
+                                      (if #$(anonip-configuration-skip-private? config)
+                                          '("--skip-private") (list))
+                                    '#$(optional anonip-configuration-column "--column")
+                                    '#$(optional anonip-configuration-ipv4mask "--ipv4mask")
+                                    '#$(optional anonip-configuration-ipv6mask "--ipv6mask")
+                                    '#$(optional anonip-configuration-increment "--increment")
+                                    '#$(optional anonip-configuration-replacement "--replacement")
+                                    '#$(optional anonip-configuration-delimiter "--delimiter")
+                                    '#$(optional anonip-configuration-regex "--regex"))
+                                  ;; Run in a UTF-8 locale
+                                  #:environment-variables
+                                  (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+                                                       "/lib/locale")
+                                        "LC_ALL=en_US.utf8"))))
+                        pid)))
+           (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+  (service-type
+   (name 'anonip)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             anonip-shepherd-service)
+          (service-extension activation-service-type
+                             anonip-activation)))
+   (description
+    "Provide web server log anonymization with @command{anonip}.")))
+
 
 ;;;
 ;;; Varnish