From 1ff369a26119a9a5d421fdd9b05406f12e73919f Mon Sep 17 00:00:00 2001
From: Alex Chan <alexc@tailscale.com>
Date: Fri, 10 Apr 2026 09:36:22 +0100
Subject: [PATCH] tka: keep the CompactionDefaults alongside the other limits

Updates #cleanup

Change-Id: Ib5e481d5a9c7ec7ac3e6b3913909ab1bf21d7a4d
Signed-off-by: Alex Chan <alexc@tailscale.com>
---
 ipn/ipnlocal/network-lock.go |  9 ++-------
 tka/disabled_stub.go         |  6 ++++++
 tka/limits.go                | 11 +++++++++++
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/ipn/ipnlocal/network-lock.go b/ipn/ipnlocal/network-lock.go
index 535d9803d..a0a57f85c 100644
--- a/ipn/ipnlocal/network-lock.go
+++ b/ipn/ipnlocal/network-lock.go
@@ -45,11 +45,6 @@ import (
 var (
 	errMissingNetmap        = errors.New("missing netmap: verify that you are logged in")
 	errNetworkLockNotActive = errors.New("tailnet-lock is not active")
-
-	tkaCompactionDefaults = tka.CompactionOptions{
-		MinChain: 24,                  // Keep at minimum 24 AUMs since head.
-		MinAge:   14 * 24 * time.Hour, // Keep 2 weeks of AUMs.
-	}
 )
 
 type tkaState struct {
@@ -92,7 +87,7 @@ func (b *LocalBackend) initTKALocked() error {
 			return fmt.Errorf("initializing tka: %v", err)
 		}
 
-		if err := authority.Compact(storage, tkaCompactionDefaults); err != nil {
+		if err := authority.Compact(storage, tka.CompactionDefaults); err != nil {
 			b.logf("tka compaction failed: %v", err)
 		}
 
@@ -360,7 +355,7 @@ func (b *LocalBackend) tkaSyncIfNeeded(nm *netmap.NetworkMap, prefs ipn.PrefsVie
 		//
 		// We run this on every sync so that clients compact consistently. In many
 		// cases this will be a no-op.
-		if err := b.tka.authority.Compact(b.tka.storage, tkaCompactionDefaults); err != nil {
+		if err := b.tka.authority.Compact(b.tka.storage, tka.CompactionDefaults); err != nil {
 			return fmt.Errorf("tka compact: %w", err)
 		}
 	}
diff --git a/tka/disabled_stub.go b/tka/disabled_stub.go
index d14473e5e..f3cabd491 100644
--- a/tka/disabled_stub.go
+++ b/tka/disabled_stub.go
@@ -8,6 +8,7 @@ package tka
 import (
 	"crypto/ed25519"
 	"errors"
+	"time"
 
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
@@ -158,3 +159,8 @@ func SignByCredential(privKey []byte, wrapped *NodeKeySignature, nodeKey key.Nod
 }
 
 func (s NodeKeySignature) String() string { return "" }
+
+type CompactionOptions struct {
+	MinChain int
+	MinAge   time.Duration
+}
diff --git a/tka/limits.go b/tka/limits.go
index 7f5b8dccd..a644df061 100644
--- a/tka/limits.go
+++ b/tka/limits.go
@@ -3,6 +3,10 @@
 
 package tka
 
+import (
+	"time"
+)
+
 const (
 	// Upper bound on checkpoint elements, chosen arbitrarily. Intended
 	// to cap the size of large AUMs.
@@ -22,3 +26,10 @@ const (
 	// Limit on scanning AUM trees, chosen arbitrarily.
 	maxScanIterations = 2000
 )
+
+var (
+	CompactionDefaults = CompactionOptions{
+		MinChain: 24,                  // Keep at minimum 24 AUMs since head.
+		MinAge:   14 * 24 * time.Hour, // Keep 2 weeks of AUMs.
+	}
+)