nixos-servers/services/nats/default.nix

{ ... }:
{
  homelab.monitoring.scrapeTargets = [
    {
      job_name = "nats";
      port = 7777;
    }
  ];

  services.prometheus.exporters.nats = {
    enable = true;
    url = "http://localhost:8222";
    extraFlags = [
      "-varz" # General server info
      "-connz" # Connection info
      "-jsz=all" # JetStream info
    ];
  };

  services.nats = {
    enable = true;
    jetstream = true;
    serverName = "nats1";
    settings = {
      http_port = 8222;
      accounts = {
        ADMIN = {
          users = [
            {
              nkey = "UA44ZINQKUBTV7CX3RE7MVHOEQOQK2VQGCI4GL4M7XBJB4S66URHLW7A";
            }
          ];
        };

        HOMELAB = {
          jetstream = "enabled";
          users = [
            {
              nkey = "UASLNKLWGICRTZMIXVD3RXLQ57XRIMCKBHP5V3PYFFRNO3E3BIJBCYMZ";
            }
          ];
        };

        DEPLOY = {
          users = [
            # Shared listener (all hosts use this)
            {
              nkey = "UCCZJSUGLCSLBBKHBPL4QA66TUMQUGIXGLIFTWDEH43MGWM3LDD232X4";
              permissions = {
                subscribe = [
                  "deploy.test.>"
                  "deploy.prod.>"
                  "deploy.discover"
                ];
                publish = [
                  "deploy.responses.>"
                  "deploy.discover"
                ];
              };
            }
            # Test deployer (MCP without admin)
            {
              nkey = "UBR66CX2ZNY5XNVQF5VBG4WFAF54LSGUYCUNNCEYRILDQ4NXDAD2THZU";
              permissions = {
                publish = [
                  "deploy.test.>"
                  "deploy.discover"
                ];
                subscribe = [
                  "deploy.responses.>"
                  "deploy.discover"
                ];
              };
            }
            # Admin deployer (full access)
            {
              nkey = "UD2BFB7DLM67P5UUVCKBUJMCHADIZLGGVUNSRLZE2ZC66FW2XT44P73Y";
              permissions = {
                publish = [ "deploy.>" ];
                subscribe = [ "deploy.>" ];
              };
            }
          ];
        };
      };
      system_account = "ADMIN";
      jetstream = {
        max_mem = "1G";
        max_file = "1G";
      };
    };
  };
}