clear logs hourly

2025-11-04 14:02:03 +00:00 · 2025-11-04 14:02:03 +00:00 · 6e507ec688
commit 6e507ec688
parent 9f40a68eb4
3 changed files with 36 additions and 7 deletions
--- a/site/index.html
+++ b/site/index.html
@ -54,7 +54,7 @@
 	    <li>Forgejo <small><a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/">[tor]</a> <a href="https://git.distrust.network">[clearnet]</a></small></li>
 	    <li>Vaultwarden <small><a href="http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion/">[tor]</a> <a href="https://vault.distrust.network">[clearnet]</a> <a title="Once you have logged in for the first time, check your inbox.">[hover]</a></small></li>
        </ul>
-        <p>All services have a strict no-logs and no-metrics policy. Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
+        <p>All services have a strict no-metrics policy, with logs being kept for at most 1 hour (for debugging purposes). Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
 	<p>The server runs a hardened NixOS config, and is updated when appropriate for any security/hardening tweaks. This NixOS config is auditable and freely accessible over <a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/root/flake">TOR</a> and <a href="https://git.distrust.network/root/flake">clearnet</a>.</p>
        <p>If you are interested, <a href="mailto:root@distrust.network?subject=ACCOUNT%20REQUEST&body=Replace%20this%20email%20body%20with%20your%20desired%20username.">email me</a> with your desired username.</p>
        <hr>
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -26,6 +26,35 @@ in {
    };
  };

-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk=P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno;16-179-196"];
+  users.users.root.hashedPassword = "!";
+  users.users.anon = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    hashedPassword = "$6$GAyfgaTQgaBipAbb$gF/9YBh2ucVa/9vDQvEu9DVjSbsqdvSoXwA5RX0kP7.xdCfLqXhGBLlSXHg0e4rkLLd6zI1gRTWd4TfMjnnpS/";
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"];
+  };
+  security.sudo.wheelNeedsPassword = true;
+
+  systemd = {
+    services.clear-var-log = {
+      description = "Clear /var/log directory";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.coreutils}/bin/rm -rf /var/log/*";
+        User = "root";
+        Group = "root";
+      };
+    };
+    timers.clear-var-log = {
+      description = "Hourly timer to clear /var/log";
+      wants = ["clear-var-log.service"];
+      timerConfig = {
+        OnCalendar = "hourly";
+        Persistent = true;
+        Unit = "clear-var-log.service";
+      };
+    };
+  };
+
  system.stateVersion = "25.05";
 }
--- a/system/networking.nix
+++ b/system/networking.nix
@ -3,10 +3,10 @@
  # details gathered from the active system.
  networking = {
    nameservers = [
-      "213.136.95.10"
-      "213.136.95.11"
-      "2a02:c207::1"
-      "8.8.8.8"
+      "9.9.9.9"
+      "149.112.112.112"
+      "2620:fe::fe"
+      "2620:fe::9"
    ];
    defaultGateway = "157.173.112.1";
    defaultGateway6 = {