Use /run/current-system/sw/bin/nixos-version instead of relying on
PATH, since the systemd service may not have the system binaries in
its PATH.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use `nixos-version --json` command instead of reading files directly
- Add nixpkgs_rev and nixos_version labels to nixos_flake_info metric
- Show "unknown" for current_rev when system.configurationRevision not set
- Document configurationRevision setup in README
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The nixos_flake_info metric's current_rev label was incorrectly showing
the nixpkgs input revision (from /run/current-system/nixos-version)
instead of the flake's own revision.
Now reads from /run/current-system/configuration-revision which contains
the flake's self.rev when system.configurationRevision is set in the
NixOS configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a new info metric that exposes the current system's flake revision
and the latest remote revision as labels. This makes it easier to see
exactly which revision is deployed vs available.
Also adds version constant to Go code and extracts it in flake.nix,
providing a single source of truth for the version.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add 30-second timeout to nix flake metadata command to prevent hanging
on slow or unresponsive remotes. Add HTTP server timeouts (read, write,
idle) to protect against slowloris-style attacks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
