# revad log rotation
#
# Rotates /var/log/revad/revad.log weekly, keeps 12 weeks of history,
# compresses old logs, and signals revad to reopen its log file via
# its standard reload mechanism after rotation.

/var/log/revad/revad.log {
    # Drop privileges to the revad user before opening the log directory.
    # Required because /var/log/revad is writable by the revad user (the
    # daemon needs to write its log there). Without `su`, logrotate would
    # operate on that directory as root, which is a privilege-escalation
    # vector if the revad user could replace the log file with a symlink.
    su revad revad

    weekly
    rotate 12
    compress
    delaycompress
    missingok
    notifempty
    create 0640 revad revad
    sharedscripts
    postrotate
        /usr/bin/systemctl reload revad.service > /dev/null 2>&1 || true
    endscript
}
