From b078c12ec7d733b53ee747a13432930451a67212 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Mon, 1 Jun 2020 10:11:21 -0400 Subject: [PATCH] Highlight the max age by defining it separately. This gives us a good opportunity to mention the privacy policy, too. --- nixos/modules/private-storage.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix index ee68ce54..687c9e35 100644 --- a/nixos/modules/private-storage.nix +++ b/nixos/modules/private-storage.nix @@ -8,6 +8,17 @@ let storage-node-name = "storage"; # TODO: This path copied from tahoe.nix. tahoe-base = "/var/db/tahoe-lafs"; + + # The full path to the directory where the storage server will write + # incident reports. + incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents"; + + # The maximum age that will be allowed for incident reports. See + # tmpfiles.d(5) for the syntax. + # + # NOTE: This is promised by the service privacy policy. It *may not* be + # raised without following the process for updating the privacy policy. + max-incident-age = "29d"; in { # Upstream tahoe-lafs module conflicts with ours (since ours is a @@ -130,8 +141,8 @@ in systemd.tmpfiles.rules = # Add a rule to prevent incident reports from accumulating indefinitely. - # See tmpfiles.d(5). - [ "d ${tahoe-base}/${storage-node-name}/logs/incidents 0755 root root 29d -" + # See tmpfiles.d(5) for the syntax. + [ "d ${incidents-dir} 0755 root root ${max-incident-age} -" ]; }; -- GitLab