Commit c0affcbade1b

@@ -23,6 +23,14 @@
   # Only keep the last 500MiB of systemd journal.
   services.journald.extraConfig = "SystemMaxUse=500M";
 
+  # Clear out /tmp after a fortnight and give all normal users a ~/tmp
+  # cleaned out weekly.
+  systemd.tmpfiles.rules = [ "d /tmp 1777 root root 14d" ] ++
+    (
+      let mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
+      in mapAttrsToList mkTmpDir (filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
+    );
+
   systemd.services."status-email-root@" = {
     description = "status email for %i to vincent";
     serviceConfig = {