Use /run/current-system/sw/bin/nixos-version instead of relying on
PATH, since the systemd service may not have the system binaries in
its PATH.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use `nixos-version --json` command instead of reading files directly
- Add nixpkgs_rev and nixos_version labels to nixos_flake_info metric
- Show "unknown" for current_rev when system.configurationRevision not set
- Document configurationRevision setup in README
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The nixos_flake_info metric's current_rev label was incorrectly showing
the nixpkgs input revision (from /run/current-system/nixos-version)
instead of the flake's own revision.
Now reads from /run/current-system/configuration-revision which contains
the flake's self.rev when system.configurationRevision is set in the
NixOS configuration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a new info metric that exposes the current system's flake revision
and the latest remote revision as labels. This makes it easier to see
exactly which revision is deployed vs available.
Also adds version constant to Go code and extracts it in flake.nix,
providing a single source of truth for the version.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The flake collector needs Unix domain sockets to communicate with the
nix daemon. The RestrictAddressFamilies hardening was blocking this.
Also trim trailing newlines from stderr in error messages.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When running nix flake metadata, nix and git need writable cache
directories. System service users have home set to /var/empty which
is read-only, causing "cannot create directories" errors.
Add StateDirectory and set HOME/XDG_CACHE_HOME environment variables
to /var/lib/nixos-exporter when flake collector is enabled.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Capture stderr from nix flake metadata to show the actual error
message instead of just "exit status 1".
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The systemd service runs in a sandboxed environment without the usual
PATH. Add nix and git to the service path when flake collector is
enabled so it can run `nix flake metadata` on git+https:// URLs.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add 30-second timeout to nix flake metadata command to prevent hanging
on slow or unresponsive remotes. Add HTTP server timeouts (read, write,
idle) to protect against slowloris-style attacks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
