{ config, pkgs, values, ... }:
let
  metricsHost = "192.168.10.175"; # defiant.home.feal.no
in {
  services.prometheus.exporters.node = {
    enable = true;
    port = 9100;
    enabledCollectors = [ "systemd" ];
  };

  networking.firewall = {
    # TODO: Move this into the node-exporter systemd service
    allowedTCPPorts = [ 9100 ];
    extraCommands = ''
      iptables -A INPUT -p tcp -m tcp --source ${metricsHost}/32 --dport 9100 -j ACCEPT
      iptables -A INPUT -p tcp -m tcp --dport 9100 -j DROP
    '';
  };

  # TODO: Configure fluent-bit or rsyslog

}