SELinux denial when using EnvironmentFile in Systemd service on Silverblue

I’m trying to have my backup script load its passwords etc from an EnvironmentFile specified in its systemd service unit file.

My script is in /usr/local/bin
and the configuration file is in /usr/local/etc

When I try to start my service, I get the following selinux error:

type=AVC msg=audit(1565254080.89:556): avc:  denied  { read } for  pid=1 comm="systemd" name="restic-environment.env" dev="dm-4" ino=27395017 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file permissive=0

What am I doing wrong here?

I’m running a Fedora Silverblue 30 system.