diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index d144fba966224c8f23975114da34dca99d6cdb7f..ee68ce54626410f6043c4fc342c878761997967a 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -5,6 +5,9 @@ let
   pspkgs = pkgs.callPackage ./pspkgs.nix { };
   # Grab the configuration for this module for convenient access below.
   cfg = config.services.private-storage;
+  storage-node-name = "storage";
+  # TODO: This path copied from tahoe.nix.
+  tahoe-base = "/var/db/tahoe-lafs";
 in
 {
   # Upstream tahoe-lafs module conflicts with ours (since ours is a
@@ -75,7 +78,7 @@ in
   # Define configuration based on values given for our options - starting with
   # the option that says whether this is even turned on.
   config = lib.mkIf cfg.enable
-  { services.tahoe.nodes."storage" =
+  { services.tahoe.nodes."${storage-node-name}" =
     { package = config.services.private-storage.tahoe.package;
       # Each attribute in this set corresponds to a section in the tahoe.cfg
       # file.  Attributes on those sets correspond to individual assignments
@@ -89,7 +92,7 @@ in
         };
         node =
         # XXX Should try to name that is unique across the grid.
-        { nickname = "storage";
+        { nickname = "${storage-node-name}";
           # We have the web port active because the CLI uses it.  We may
           # eventually turn this off, or at least have it off by default (with
           # an option to turn it on).  I don't know how much we'll use the CLI
@@ -125,5 +128,11 @@ in
     # Let traffic destined for the storage node's Foolscap server through.
     networking.firewall.allowedTCPPorts = [ cfg.publicStoragePort ];
 
+    systemd.tmpfiles.rules =
+    # Add a rule to prevent incident reports from accumulating indefinitely.
+    # See tmpfiles.d(5).
+    [ "d ${tahoe-base}/${storage-node-name}/logs/incidents 0755 root root 29d -"
+    ];
+
   };
 }