nixos: load token from systemd credentials

2026-06-03 18:24:10 +02:00 · 2024-03-02 21:24:32 +01:00 · 2024-03-02 21:24:32 +01:00 · 1c37a3195e
commit 1c37a3195e
parent e01a0f76f5
1 changed files with 4 additions and 1 deletions
--- a/module.nix
+++ b/module.nix
@ -11,7 +11,7 @@ with lib; let
    prometheus.url = cfg.prometheusAddress;
    mqtt = {
      inherit (cfg.mqtt) host username;
-      password_file = cfg.mqtt.passwordFile;
+      password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
    };
    trigger =
      map (trigger: {
@ -147,6 +147,9 @@ in {

      serviceConfig = {
        ExecStart = "${cfg.package}/bin/prometheus-edge-trigger ${configFile}";
+        LoadCredential = [
+          "mqtt_password:${cfg.mqtt.passwordFile}"
+        ];
        Restart = "on-failure";
        DynamicUser = true;
        PrivateTmp = true;