{ config, pkgs, values, ... }: let metricsHost = "192.168.10.175" # defiant.home.feal.no in { services.prometheus.exporters.node = { enable = true; port = 9100; enabledCollectors = [ "systemd" ]; }; networking.firewall = { # TODO: Move this into the node-exporter systemd service allowedTCPPorts = [ 9100 ]; extraCommands = '' iptables -A INPUT -p tcp -m tcp --source ${metricsHost}/32 --dport 9100 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 9100 -j DROP ''; }; services.promtail = { enable = true; configuration = { server = { http_listen_port = 28183; grpc_listen_port = 0; }; clients = [ { url = "http://${metricsHost}:3100/loki/api/v1/push"; } ]; scrape_configs = [ { job_name = "systemd-journal"; journal = { max_age = "12h"; labels = { job = "systemd-journal"; host = config.networking.hostName; }; }; relabel_configs = [ { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } { source_labels = [ "__journal_priority_keyword" ]; target_label = "level"; } ]; } ]; }; }; }