diff --git a/nixos/modules/monitoring/exporters/promtail.nix b/nixos/modules/monitoring/exporters/promtail.nix
index def02568e693be99cb1fe94c3e3d15fc81df5c1b..9470cbda74bd9de0f241650c525e77e54e1ef049 100644
--- a/nixos/modules/monitoring/exporters/promtail.nix
+++ b/nixos/modules/monitoring/exporters/promtail.nix
@@ -40,19 +40,16 @@ in {
# but generally suppose that people will look at Loki instead.
services.journald.extraConfig = ''
# This tells journald it can discard log files that contain only log
- # entries that are older than 29 days.
+ # entries older than...
MaxRetentionSec=${logRetention}
# This tells journald to start a new log file once a day. Together with
# the MaxRetentionSec setting, this means that entries are kept for
- # between 29 and 30 days (plus whatever scheduling slop journald has in
- # enforcing these limits).
+ # up to a full day longer than MaxRetentionSec.
#
# https://www.freedesktop.org/software/systemd/man/journald.conf.html
# for further details about these options.
#
- # A maximum retention of 30 days conforms to the published log retention
- # policy.
MaxFileSec=1day
'';
diff --git a/nixos/modules/monitoring/policy.nix b/nixos/modules/monitoring/policy.nix
index 599d0bb4d58d90517b6b53fdf653aec53e34558e..514f1892bf2e807f8ece98d56bc630154f90bcd6 100644
--- a/nixos/modules/monitoring/policy.nix
+++ b/nixos/modules/monitoring/policy.nix
@@ -1,11 +1,14 @@
# Codify our log data retention policy
+#
+# A maximum retention of 30 days conforms to the published log retention policy,
+# see https://private.storage/privacy-policy/ .
{ options, lib, ... }: {
options.services.private-storage.monitoring.policy = {
logRetentionSeconds = lib.mkOption {
type = lib.types.int;
description = "How long do we retain logs (seconds)";
- default = 29 * (24 * 60 * 60); # 29 days.
+ default = 29 * (24 * 60 * 60); # 29 days, to accomodate for the journald log rotation (1 day).
};
};
}