Package: guix-patches;
Reported by: Ricardo Wurmus <rekado <at> elephly.net>
Date: Thu, 30 Jun 2022 23:17:02 UTC
Severity: normal
Tags: patch
Done: Ricardo Wurmus <rekado <at> elephly.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 56330 in the body.
You can then email your comments to 56330 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#56330; Package guix-patches.
(Thu, 30 Jun 2022 23:17:02 GMT) Full text and rfc822 format available.Ricardo Wurmus <rekado <at> elephly.net>:guix-patches <at> gnu.org.
(Thu, 30 Jun 2022 23:17:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ricardo Wurmus <rekado <at> elephly.net> To: guix-patches <at> gnu.org Cc: Ricardo Wurmus <rekado <at> elephly.net> Subject: [PATCH] services: Add anonip-service-type. Date: Fri, 1 Jul 2022 01:15:51 +0200
* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-log-file, anonip-configuration-fifo-directory,
anonip-configuration-output-directory): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
doc/guix.texi | 58 +++++++++++++++++++++++++++++++++-
gnu/services/web.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 130 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index b8c49099a4..d23d3b1fbc 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
Copyright @copyright{} 2014 Pierre-Antoine Rault@*
Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
Copyright @copyright{} 2016 Ben Woodcroft@*
Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,62 @@ String or gexp denoting the corresponding mcron job schedule
@end table
@end deftp
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+ (anonip-configuration
+ (log-file "https.access.log")))
+@end lisp
+
+The directories to store the FIFO and the filtered log can be changed
+with @code{fifo-directory} and @code{output-directory}, respectively.
+In the following example the filtered log file would be written to
+@file{/var/web-logs/https.access.log}.
+
+@lisp
+(service anonip-service-type
+ (anonip-configuration
+ (log-file "https.access.log")
+ (output-directory "/var/web-logs/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{log-file}
+The file name of the log file to process. This name is used in the FIFO
+as well as in the filtered log file. This must not be an absolute file
+name.
+
+@item @code{fifo-directory} (default: @code{"/var/run/anonip"})
+The directory where the FIFO file is created.
+
+@item @code{output-directory} (default: @code{"/var/log/anonip"})
+The directory to which the filtered log file will be written.
+
+@end table
+@end deftp
+
+
@node Networking Setup
@subsection Networking Setup
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4f06d4e0bb..641a928e41 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby <at> inria.fr>
;;; Copyright © 2018 Marius Bakke <mbakke <at> fastmail.com>
;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian <at> pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado <at> elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac <at> systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust <at> gmail.com>
@@ -204,6 +204,14 @@ (define-module (gnu services web)
tailon-service-type
+ anonip-configuration
+ anonip-configuration?
+ anonip-configuration-anonip
+ anonip-configuration-log-file
+ anonip-configuration-fifo-directory
+ anonip-configuration-output-directory
+ anonip-service-type
+
varnish-configuration
varnish-configuration?
varnish-configuration-package
@@ -1343,6 +1351,70 @@ (define tailon-service-type
files))))))))
(default-value (tailon-configuration))))
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+ anonip-configuration make-anonip-configuration
+ anonip-configuration?
+ (anonip anonip-configuration-anonip ;file-like
+ (default anonip))
+ (log-file anonip-configuration-log-file) ;string
+ (fifo-directory anonip-configuration-fifo-directory
+ (default "/var/run/anonip")) ;string
+ (output-directory anonip-configuration-output-directory
+ (default "/var/log/anonip"))) ;string
+
+(define (anonip-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (for-each
+ (lambda (directory)
+ (mkdir-p directory)
+ (chmod directory #o755))
+ (list #$(anonip-configuration-output-directory config)
+ #$(anonip-configuration-fifo-directory config))))))
+
+(define (anonip-shepherd-service config)
+ (let ((log-file (anonip-configuration-log-file config))
+ (fifos (anonip-configuration-fifo-directory config))
+ (outputs (anonip-configuration-output-directory config)))
+ (list (shepherd-service
+ (provision (list (symbol-append 'anonip- (string->symbol log-file))))
+ (requirement '(user-processes))
+ (documentation "Anonimyze the given log file location with anonip.")
+ (start #~(lambda _
+ (let ((fifo #$(format #false "~a/~a" fifos log-file)))
+ (unless (file-exists? fifo)
+ (mknod fifo 'fifo #o600 0))
+ (let ((pid (fork+exec-command
+ (list #$(file-append (anonip-configuration-anonip config)
+ "/bin/anonip")
+ (string-append "--input=" fifo)
+ (string-append "--output=" #$(format #false "~a/~a" outputs log-file)))
+ ;; Run in a UTF-8 locale
+ #:environment-variables
+ (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ "/lib/locale")
+ "LC_ALL=en_US.utf8"))))
+ pid))))
+ (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+ (service-type
+ (name 'anonip)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ anonip-shepherd-service)
+ (service-extension activation-service-type
+ anonip-activation)))
+ (description
+ "Provide web server log anonymization with @command{anonip}.")))
+
;;;
;;; Varnish
--
2.36.1
guix-patches <at> gnu.org:bug#56330; Package guix-patches.
(Sun, 03 Jul 2022 10:53:01 GMT) Full text and rfc822 format available.Message #8 received at 56330 <at> debbugs.gnu.org (full text, mbox):
From: Ricardo Wurmus <rekado <at> elephly.net> To: 56330 <at> debbugs.gnu.org Cc: Ricardo Wurmus <rekado <at> elephly.net> Subject: [PATCH v2] services: Add anonip-service-type. Date: Sun, 3 Jul 2022 12:52:16 +0200
* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
doc/guix.texi | 71 +++++++++++++++++++++++++++-
gnu/services/web.scm | 110 ++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 179 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index cf373b6cbd..a22a7f59ec 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
Copyright @copyright{} 2014 Pierre-Antoine Rault@*
Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
Copyright @copyright{} 2016 Ben Woodcroft@*
Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,75 @@ String or gexp denoting the corresponding mcron job schedule
@end table
@end deftp
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+ (anonip-configuration
+ (input "/var/run/anonip/https.access.log")
+ (output "/var/log/anonip/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{input}
+The file name of the input log file to process. The service creates a
+FIFO of this name. The web server should write its logs to this FIFO.
+
+@item @code{output}
+The file name of the processed log file.
+@end table
+
+The following optional settings may be provided:
+
+@table @asis
+@item @code{skip-private?}
+When @code{#true} do not mask addresses in private ranges.
+
+@item @code{column}
+A 1-based indexed column number. Assume IP address is in the specified
+column (default is 1).
+
+@item @code{replacement}
+Replacement string in case address parsing fails, e.g. @code{"0.0.0.0"}.
+
+@item @code{ipv4mask}
+Number of bits to mask in IPv4 addresses.
+
+@item @code{ipv6mask}
+Number of bits to mask in IPv6 addresses.
+
+@item @code{increment}
+Increment the IP address by the given number. By default this is zero.
+
+@item @code{delimiter}
+Log delimiter string.
+
+@item @code{regex}
+Regular expression for detecting IP addresses. Use this instead of @code{column}.
+@end table
+@end deftp
+
+
@node Networking Setup
@subsection Networking Setup
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..1480a751e2 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby <at> inria.fr>
;;; Copyright © 2018 Marius Bakke <mbakke <at> fastmail.com>
;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian <at> pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado <at> elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac <at> systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust <at> gmail.com>
@@ -205,6 +205,21 @@ (define-module (gnu services web)
tailon-service-type
+ anonip-configuration
+ anonip-configuration?
+ anonip-configuration-anonip
+ anonip-configuration-input
+ anonip-configuration-output
+ anonip-configuration-skip-private?
+ anonip-configuration-column
+ anonip-configuration-replacement
+ anonip-configuration-ipv4mask
+ anonip-configuration-ipv6mask
+ anonip-configuration-increment
+ anonip-configuration-delimiter
+ anonip-configuration-regex
+ anonip-service-type
+
varnish-configuration
varnish-configuration?
varnish-configuration-package
@@ -1355,6 +1370,99 @@ (define tailon-service-type
files))))))))
(default-value (tailon-configuration))))
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+ anonip-configuration make-anonip-configuration
+ anonip-configuration?
+ (anonip anonip-configuration-anonip ;file-like
+ (default anonip))
+ (input anonip-configuration-input) ;string
+ (output anonip-configuration-output) ;string
+ (skip-private? anonip-configuration-skip-private? ;boolean
+ (default #f))
+ (column anonip-configuration-column ;number
+ (default #f))
+ (replacement anonip-configuration-replacement ;string
+ (default #f))
+ (ipv4mask anonip-configuration-ipv4mask ;number
+ (default #f))
+ (ipv6mask anonip-configuration-ipv6mask ;number
+ (default #f))
+ (increment anonip-configuration-increment ;number
+ (default #f))
+ (delimiter anonip-configuration-delimiter ;string
+ (default #f))
+ (regex anonip-configuration-regex ;string
+ (default #f)))
+
+(define (anonip-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (for-each
+ (lambda (directory)
+ (mkdir-p directory)
+ (chmod directory #o755))
+ (list (dirname #$(anonip-configuration-input config))
+ (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+ (let ((input (anonip-configuration-input config))
+ (output (anonip-configuration-output config)))
+ (list (shepherd-service
+ (provision (list (symbol-append 'anonip- (string->symbol output))))
+ (requirement '(user-processes))
+ (documentation "Anonimyze the given log file location with anonip.")
+ (start #~(lambda _
+ (let ((optional
+ (lambda (accessor option)
+ (or (and=> (accessor config)
+ (lambda (value)
+ (list
+ (format #false "~a=~a"
+ option (accessor config)))))
+ (list)))))
+ (unless (file-exists? input)
+ (mknod input 'fifo #o600 0))
+ (let ((pid (fork+exec-command
+ (append
+ (list #$(file-append (anonip-configuration-anonip config)
+ "/bin/anonip")
+ (string-append "--input=" input)
+ (string-append "--output=" output))
+ (if (anonip-configuration-skip-private? config)
+ '("--skip-private") (list))
+ (optional anonip-configuration-column "--column")
+ (optional anonip-configuration-ipv4mask "--ipv4mask")
+ (optional anonip-configuration-ipv6mask "--ipv6mask")
+ (optional anonip-configuration-increment "--increment")
+ (optional anonip-configuration-replacement "--replacement")
+ (optional anonip-configuration-delimiter "--delimiter")
+ (optional anonip-configuration-regex "--regex"))
+ ;; Run in a UTF-8 locale
+ #:environment-variables
+ (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ "/lib/locale")
+ "LC_ALL=en_US.utf8"))))
+ pid))))
+ (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+ (service-type
+ (name 'anonip)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ anonip-shepherd-service)
+ (service-extension activation-service-type
+ anonip-activation)))
+ (description
+ "Provide web server log anonymization with @command{anonip}.")))
+
;;;
;;; Varnish
--
2.36.1
guix-patches <at> gnu.org:bug#56330; Package guix-patches.
(Sun, 03 Jul 2022 11:55:01 GMT) Full text and rfc822 format available.Message #11 received at 56330 <at> debbugs.gnu.org (full text, mbox):
From: Ricardo Wurmus <rekado <at> elephly.net> To: 56330 <at> debbugs.gnu.org Cc: Ricardo Wurmus <rekado <at> elephly.net> Subject: [PATCH v3] services: Add anonip-service-type. Date: Sun, 3 Jul 2022 13:53:57 +0200
* gnu/services/web.scm (anonip-configuration): New record type.
(anonip-configuration?, anonip-configuration-anonip,
anonip-configuration-input, anonip-configuration-output,
anonip-configuration-skip-private?, anonip-configuration-column,
anonip-configuration-replacement, anonip-configuration-ipv4mask,
anonip-configuration-ipv6mask, anonip-configuration-increment,
anonip-configuration-delimiter, anonip-configuration-regex): New procedures.
(anonip-service-type): New service type.
* doc/guix.texi (Log Rotation): Add subheading for Anonip Service.
---
doc/guix.texi | 71 +++++++++++++++++++++++++++-
gnu/services/web.scm | 110 ++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 179 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index cf373b6cbd..a22a7f59ec 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -30,7 +30,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
Copyright @copyright{} 2014 Pierre-Antoine Rault@*
Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
Copyright @copyright{} 2015, 2016, 2017, 2019, 2020, 2021 Leo Famulari@*
-Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ricardo Wurmus@*
+Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022 Ricardo Wurmus@*
Copyright @copyright{} 2016 Ben Woodcroft@*
Copyright @copyright{} 2016, 2017, 2018, 2021 Chris Marusich@*
Copyright @copyright{} 2016, 2017, 2018, 2019, 2020, 2021, 2022 Efraim Flashner@*
@@ -18700,6 +18700,75 @@ String or gexp denoting the corresponding mcron job schedule
@end table
@end deftp
+@cindex logging, anonymization
+@subheading Anonip Service
+
+Anonip is a privacy filter that removes IP address from web server logs.
+This service creates a FIFO and filters any written lines with anonip
+before writing the filtered log to a target file.
+
+The following example sets up the FIFO
+@file{/var/run/anonip/https.access.log} and writes the filtered log file
+@file{/var/log/anonip/https.access.log}.
+
+@lisp
+(service anonip-service-type
+ (anonip-configuration
+ (input "/var/run/anonip/https.access.log")
+ (output "/var/log/anonip/https.access.log")))
+@end lisp
+
+Configure your web server to write its logs to the FIFO at
+@file{/var/run/anonip/https.access.log} and collect the anonymized log
+file at @file{/var/web-logs/https.access.log}.
+
+@deftp {Data Type} anonip-configuration
+This data type represents the configuration of anonip.
+It has the following parameters:
+
+@table @asis
+@item @code{anonip} (default: @code{anonip})
+The anonip package to use.
+
+@item @code{input}
+The file name of the input log file to process. The service creates a
+FIFO of this name. The web server should write its logs to this FIFO.
+
+@item @code{output}
+The file name of the processed log file.
+@end table
+
+The following optional settings may be provided:
+
+@table @asis
+@item @code{skip-private?}
+When @code{#true} do not mask addresses in private ranges.
+
+@item @code{column}
+A 1-based indexed column number. Assume IP address is in the specified
+column (default is 1).
+
+@item @code{replacement}
+Replacement string in case address parsing fails, e.g. @code{"0.0.0.0"}.
+
+@item @code{ipv4mask}
+Number of bits to mask in IPv4 addresses.
+
+@item @code{ipv6mask}
+Number of bits to mask in IPv6 addresses.
+
+@item @code{increment}
+Increment the IP address by the given number. By default this is zero.
+
+@item @code{delimiter}
+Log delimiter string.
+
+@item @code{regex}
+Regular expression for detecting IP addresses. Use this instead of @code{column}.
+@end table
+@end deftp
+
+
@node Networking Setup
@subsection Networking Setup
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4434fecf02..f0c7e90cbf 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby <at> inria.fr>
;;; Copyright © 2018 Marius Bakke <mbakke <at> fastmail.com>
;;; Copyright © 2019, 2020 Florian Pelz <pelzflorian <at> pelzflorian.de>
-;;; Copyright © 2020 Ricardo Wurmus <rekado <at> elephly.net>
+;;; Copyright © 2020, 2022 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2020 Arun Isaac <arunisaac <at> systemreboot.net>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust <at> gmail.com>
@@ -205,6 +205,21 @@ (define-module (gnu services web)
tailon-service-type
+ anonip-configuration
+ anonip-configuration?
+ anonip-configuration-anonip
+ anonip-configuration-input
+ anonip-configuration-output
+ anonip-configuration-skip-private?
+ anonip-configuration-column
+ anonip-configuration-replacement
+ anonip-configuration-ipv4mask
+ anonip-configuration-ipv6mask
+ anonip-configuration-increment
+ anonip-configuration-delimiter
+ anonip-configuration-regex
+ anonip-service-type
+
varnish-configuration
varnish-configuration?
varnish-configuration-package
@@ -1355,6 +1370,99 @@ (define tailon-service-type
files))))))))
(default-value (tailon-configuration))))
+
+
+;;;
+;;; Log anonymization
+;;;
+
+(define-record-type* <anonip-configuration>
+ anonip-configuration make-anonip-configuration
+ anonip-configuration?
+ (anonip anonip-configuration-anonip ;file-like
+ (default anonip))
+ (input anonip-configuration-input) ;string
+ (output anonip-configuration-output) ;string
+ (skip-private? anonip-configuration-skip-private? ;boolean
+ (default #f))
+ (column anonip-configuration-column ;number
+ (default #f))
+ (replacement anonip-configuration-replacement ;string
+ (default #f))
+ (ipv4mask anonip-configuration-ipv4mask ;number
+ (default #f))
+ (ipv6mask anonip-configuration-ipv6mask ;number
+ (default #f))
+ (increment anonip-configuration-increment ;number
+ (default #f))
+ (delimiter anonip-configuration-delimiter ;string
+ (default #f))
+ (regex anonip-configuration-regex ;string
+ (default #f)))
+
+(define (anonip-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (for-each
+ (lambda (directory)
+ (mkdir-p directory)
+ (chmod directory #o755))
+ (list (dirname #$(anonip-configuration-input config))
+ (dirname #$(anonip-configuration-output config)))))))
+
+(define (anonip-shepherd-service config)
+ (let ((input (anonip-configuration-input config))
+ (output (anonip-configuration-output config))
+ (optional
+ (lambda (accessor option)
+ (or (and=> (accessor config)
+ (lambda (value)
+ (list
+ (format #false "~a=~a"
+ option value))))
+ (list)))))
+ (list (shepherd-service
+ (provision (list (symbol-append 'anonip- (string->symbol output))))
+ (requirement '(user-processes))
+ (documentation "Anonimyze the given log file location with anonip.")
+ (start #~(lambda _
+ (unless (file-exists? #$input)
+ (mknod #$input 'fifo #o600 0))
+ (let ((pid (fork+exec-command
+ (append
+ (list #$(file-append (anonip-configuration-anonip config)
+ "/bin/anonip")
+ (string-append "--input=" #$input)
+ (string-append "--output=" #$output))
+ (if #$(anonip-configuration-skip-private? config)
+ '("--skip-private") (list))
+ '#$(optional anonip-configuration-column "--column")
+ '#$(optional anonip-configuration-ipv4mask "--ipv4mask")
+ '#$(optional anonip-configuration-ipv6mask "--ipv6mask")
+ '#$(optional anonip-configuration-increment "--increment")
+ '#$(optional anonip-configuration-replacement "--replacement")
+ '#$(optional anonip-configuration-delimiter "--delimiter")
+ '#$(optional anonip-configuration-regex "--regex"))
+ ;; Run in a UTF-8 locale
+ #:environment-variables
+ (list (string-append "GUIX_LOCPATH=" #$glibc-utf8-locales
+ "/lib/locale")
+ "LC_ALL=en_US.utf8"))))
+ pid)))
+ (stop #~(make-kill-destructor))))))
+
+(define anonip-service-type
+ (service-type
+ (name 'anonip)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ anonip-shepherd-service)
+ (service-extension activation-service-type
+ anonip-activation)))
+ (description
+ "Provide web server log anonymization with @command{anonip}.")))
+
;;;
;;; Varnish
--
2.36.1
Ricardo Wurmus <rekado <at> elephly.net>:Ricardo Wurmus <rekado <at> elephly.net>:Message #16 received at 56330-done <at> debbugs.gnu.org (full text, mbox):
From: Ricardo Wurmus <rekado <at> elephly.net> To: 56330-done <at> debbugs.gnu.org Subject: Re: [PATCH v3] services: Add anonip-service-type. Date: Sun, 03 Jul 2022 15:03:19 +0200
Ricardo Wurmus <rekado <at> elephly.net> writes: > * gnu/services/web.scm (anonip-configuration): New record type. > (anonip-configuration?, anonip-configuration-anonip, > anonip-configuration-input, anonip-configuration-output, > anonip-configuration-skip-private?, anonip-configuration-column, > anonip-configuration-replacement, anonip-configuration-ipv4mask, > anonip-configuration-ipv6mask, anonip-configuration-increment, > anonip-configuration-delimiter, anonip-configuration-regex): New procedures. > (anonip-service-type): New service type. > * doc/guix.texi (Log Rotation): Add subheading for Anonip Service. Merged. -- Ricardo
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Mon, 01 Aug 2022 11:24:04 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.