diff --git a/nixos/modules/monitoring/exporters/promtail.nix b/nixos/modules/monitoring/exporters/promtail.nix index def02568e693be99cb1fe94c3e3d15fc81df5c1b..9470cbda74bd9de0f241650c525e77e54e1ef049 100644 --- a/nixos/modules/monitoring/exporters/promtail.nix +++ b/nixos/modules/monitoring/exporters/promtail.nix @@ -40,19 +40,16 @@ in { # but generally suppose that people will look at Loki instead. services.journald.extraConfig = '' # This tells journald it can discard log files that contain only log - # entries that are older than 29 days. + # entries older than... MaxRetentionSec=${logRetention} # This tells journald to start a new log file once a day. Together with # the MaxRetentionSec setting, this means that entries are kept for - # between 29 and 30 days (plus whatever scheduling slop journald has in - # enforcing these limits). + # up to a full day longer than MaxRetentionSec. # # https://www.freedesktop.org/software/systemd/man/journald.conf.html # for further details about these options. # - # A maximum retention of 30 days conforms to the published log retention - # policy. MaxFileSec=1day ''; diff --git a/nixos/modules/monitoring/policy.nix b/nixos/modules/monitoring/policy.nix index 599d0bb4d58d90517b6b53fdf653aec53e34558e..514f1892bf2e807f8ece98d56bc630154f90bcd6 100644 --- a/nixos/modules/monitoring/policy.nix +++ b/nixos/modules/monitoring/policy.nix @@ -1,11 +1,14 @@ # Codify our log data retention policy +# +# A maximum retention of 30 days conforms to the published log retention policy, +# see https://private.storage/privacy-policy/ . { options, lib, ... }: { options.services.private-storage.monitoring.policy = { logRetentionSeconds = lib.mkOption { type = lib.types.int; description = "How long do we retain logs (seconds)"; - default = 29 * (24 * 60 * 60); # 29 days. + default = 29 * (24 * 60 * 60); # 29 days, to accomodate for the journald log rotation (1 day). }; }; }