nixos/prometheus: Support environmentFile #97933
Motivation for this change
For the same reason Alertmanager supports environmentFile to pass secrets along, it is useful to support the same for Prometheus' configuration to store authentication/bearer tokens outside the Nix store.
The text was updated successfully, but these errors were encountered:
For the same reason Alertmanager supports environmentFile to pass secrets along, it is useful to support the same for Prometheus' configuration to store bearer tokens outside the Nix store. Use PrivateTmp on the systemd unit to safeguard potential secrets in the configuration file.
- Move away from PrivateTmp and instead use a private RuntimeDirectory for the substituted config file. - Improve documentation of environmentFile by including more descriptive text from existing packages (murmur and codimd). - Also include an example scrape config entry (from nixos) as well as the corresponding example for the environment file. - Pass the environment file to the systemd unit file generator as a list.