From b078c12ec7d733b53ee747a13432930451a67212 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 1 Jun 2020 10:11:21 -0400
Subject: [PATCH] Highlight the max age by defining it separately.

This gives us a good opportunity to mention the privacy policy, too.
---
 nixos/modules/private-storage.nix | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index ee68ce54..687c9e35 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -8,6 +8,17 @@ let
   storage-node-name = "storage";
   # TODO: This path copied from tahoe.nix.
   tahoe-base = "/var/db/tahoe-lafs";
+
+  # The full path to the directory where the storage server will write
+  # incident reports.
+  incidents-dir = "${tahoe-base}/${storage-node-name}/logs/incidents";
+
+  # The maximum age that will be allowed for incident reports.  See
+  # tmpfiles.d(5) for the syntax.
+  #
+  # NOTE: This is promised by the service privacy policy.  It *may not* be
+  # raised without following the process for updating the privacy policy.
+  max-incident-age = "29d";
 in
 {
   # Upstream tahoe-lafs module conflicts with ours (since ours is a
@@ -130,8 +141,8 @@ in
 
     systemd.tmpfiles.rules =
     # Add a rule to prevent incident reports from accumulating indefinitely.
-    # See tmpfiles.d(5).
-    [ "d ${tahoe-base}/${storage-node-name}/logs/incidents 0755 root root 29d -"
+    # See tmpfiles.d(5) for the syntax.
+    [ "d ${incidents-dir} 0755 root root ${max-incident-age} -"
     ];
 
   };
-- 
GitLab