···

       
7
       
7
       
 
       
  '';

     

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
  allowSystemdJournal = cfg.configuration ? scrape_configs && lib.any (v: v ? journal) cfg.configuration.scrape_configs;

     

       
10
       
10
       
+
       


     

       
11
       
11
       
+
       
  allowPositionsFile = !lib.hasPrefix "/var/cache/promtail" positionsFile;

     

       
12
       
12
       
+
       
  positionsFile = cfg.configuration.positions.filename;

     

       
10
       
13
       
 
       
in {

     

       
11
       
14
       
 
       
  options.services.promtail = with types; {

     

       
12
       
15
       
 
       
    enable = mkEnableOption "the Promtail ingresser";

     
···

       
53
       
56
       
 
       
        RestrictSUIDSGID = true;

     

       
54
       
57
       
 
       
        PrivateMounts = true;

     

       
55
       
58
       
 
       
        CacheDirectory = "promtail";

     

       
59
       
59
       
+
       
        ReadWritePaths = lib.optional allowPositionsFile (builtins.dirOf positionsFile);

     

       
56
       
60
       
 
       


     

       
57
       
61
       
 
       
        User = "promtail";

     

       
58
       
62
       
 
       
        Group = "promtail";