From cd3824f7bc8eaa57a3d2332a0c0349715c9ea35f Mon Sep 17 00:00:00 2001
From: ztmr <1504424+ztmr@users.noreply.github.com>
Date: Thu, 8 May 2025 15:25:27 +0100
Subject: [PATCH] nixos/alloy: add environmentFile option

This is a common practice among other NixOS modules, and allows
people to inject secrets via tools like `sops-nix` and similar.
---
 nixos/modules/services/monitoring/alloy.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/modules/services/monitoring/alloy.nix b/nixos/modules/services/monitoring/alloy.nix
index fe0ed2cab8b3..e9d850b85a27 100644
--- a/nixos/modules/services/monitoring/alloy.nix
+++ b/nixos/modules/services/monitoring/alloy.nix
@@ -48,6 +48,15 @@ in
       '';
     };
 
+    environmentFile = lib.mkOption {
+      type = with lib.types; nullOr path;
+      default = null;
+      example = "/run/secrets/alloy.env";
+      description = ''
+        EnvironmentFile as defined in {manpage}`systemd.exec(5)`.
+      '';
+    };
+
     extraFlags = lib.mkOption {
       type = with lib.types; listOf str;
       default = [ ];
@@ -84,6 +93,7 @@ in
         StateDirectory = "alloy";
         WorkingDirectory = "%S/alloy";
         Type = "simple";
+        EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
       };
     };
   };