clear logs hourly

site/index.html

@@ -54,7 +54,7 @@
 	    <li>Forgejo <small><a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/">[tor]</a> <a href="https://git.distrust.network">[clearnet]</a></small></li>
 	    <li>Vaultwarden <small><a href="http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion/">[tor]</a> <a href="https://vault.distrust.network">[clearnet]</a> <a title="Once you have logged in for the first time, check your inbox.">[hover]</a></small></li>
         </ul>
-        <p>All services have a strict no-logs and no-metrics policy. Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
+        <p>All services have a strict no-metrics policy, with logs being kept for at most 1 hour (for debugging purposes). Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
 	<p>The server runs a hardened NixOS config, and is updated when appropriate for any security/hardening tweaks. This NixOS config is auditable and freely accessible over <a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/root/flake">TOR</a> and <a href="https://git.distrust.network/root/flake">clearnet</a>.</p>
         <p>If you are interested, <a href="mailto:root@distrust.network?subject=ACCOUNT%20REQUEST&body=Replace%20this%20email%20body%20with%20your%20desired%20username.">email me</a> with your desired username.</p>
         <hr>

system/configuration.nix

@@ -26,6 +26,35 @@ in {
     };
   };
 
-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk=P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno;16-179-196"];
+  users.users.root.hashedPassword = "!";
+  users.users.anon = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    hashedPassword = "$6$GAyfgaTQgaBipAbb$gF/9YBh2ucVa/9vDQvEu9DVjSbsqdvSoXwA5RX0kP7.xdCfLqXhGBLlSXHg0e4rkLLd6zI1gRTWd4TfMjnnpS/";
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"];
+  };
+  security.sudo.wheelNeedsPassword = true;
+
+  systemd = {
+    services.clear-var-log = {
+      description = "Clear /var/log directory";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.coreutils}/bin/rm -rf /var/log/*";
+        User = "root";
+        Group = "root";
+      };
+    };
+    timers.clear-var-log = {
+      description = "Hourly timer to clear /var/log";
+      wants = ["clear-var-log.service"];
+      timerConfig = {
+        OnCalendar = "hourly";
+        Persistent = true;
+        Unit = "clear-var-log.service";
+      };
+    };
+  };
+
   system.stateVersion = "25.05";
 }

system/networking.nix

@@ -3,10 +3,10 @@
   # details gathered from the active system.
   networking = {
     nameservers = [
-      "213.136.95.10"
+      "9.9.9.9"
-      "213.136.95.11"
+      "149.112.112.112"
-      "2a02:c207::1"
+      "2620:fe::fe"
-      "8.8.8.8"
+      "2620:fe::9"
     ];
     defaultGateway = "157.173.112.1";
     defaultGateway6 = {