{ config, pkgs, lib, ... }: {

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "prometheus.${config.networking.hostName}.private" = {
        extraConfig = ''
          allow ${config.tinc.private.subnet};
          deny all;
        '';
        locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; };
      };
    };
  };

  services.prometheus = {
    checkConfig = "syntax-only";
    enable = true;

    exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
        port = 9002;
      };
    };

  };
}