From 538a780d0adcd8b26f942f13caa3df3e7eabcbd8 Mon Sep 17 00:00:00 2001
From: Collin J. Doering
Date: Sun, 30 Jun 2024 14:04:47 -0400
Subject: balg02: Use AnonIP service for nginx access log files

---
 .guix/guix-na/config/balg02.scm | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to '.guix')

diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm
index 67e6b4d..9eb9fbe 100644
--- a/.guix/guix-na/config/balg02.scm
+++ b/.guix/guix-na/config/balg02.scm
@@ -38,6 +38,23 @@
              (build '(channels guix))
              (channels %default-channels))))
 
+;; Taken from https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/berlin.scm
+(define (anonip-service file)
+  (service anonip-service-type
+           (anonip-configuration
+            (input (format #false "/var/run/anonip/~a" file))
+            (output (format #false "/var/log/anonip/~a" file)))))
+
+(define %anonip-log-files
+  ;; List of files handled by Anonip
+  '("http.access.log"
+    "https.access.log"))
+
+;; Taken from https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/berlin.scm
+(define (log-file->anonip-service-name file)
+  "Return the name of the Anonip service handling FILE, a log file."
+  (symbol-append 'anonip-/var/log/anonip/ (string->symbol file)))
+
 ;; Taken from: https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/nginx/berlin.scm
 (define publish-robots.txt
   ;; Try to prevent good-faith crawlers from downloading substitutes.  Allow
@@ -299,7 +316,7 @@ synonymous IETF language tags that should be mapped to the same $lang."
     (locations (balg02-locations %publish-url))
     (raw-content
      (list
-      "access_log  /var/run/nginx/http.access.log;"
+      "access_log  /var/run/anonip/http.access.log;"
       "proxy_set_header X-Forwarded-Host $host;"
       "proxy_set_header X-Forwarded-Port $server_port;"
       "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;")))
@@ -315,7 +332,7 @@ synonymous IETF language tags that should be mapped to the same $lang."
      (append
       %tls-settings
       (list
-       "access_log  /var/run/nginx/https.access.log;"
+       "access_log  /var/run/anonip/https.access.log;"
        "proxy_set_header X-Forwarded-Host $host;"
        "proxy_set_header X-Forwarded-Port $server_port;"
        "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;"
@@ -401,7 +418,10 @@ synonymous IETF language tags that should be mapped to the same $lang."
       (pcre_jit . on)
       (events . ((worker_connections . 1024)))))
    (extra-content
-    (string-join %extra-content "\n"))))
+    (string-join %extra-content "\n"))
+   (shepherd-requirement
+    (map log-file->anonip-service-name
+         %anonip-log-files))))
 
 (define %nginx-cache-activation
   ;; Make sure /var/cache/nginx exists on the first run.
@@ -530,6 +550,7 @@ synonymous IETF language tags that should be mapped to the same $lang."
 
    (services
     (append
+     (map anonip-service %anonip-log-files)
      (list
       (service openssh-service-type
 	       (openssh-configuration
-- 
cgit v1.2.3