{
  pkgs,
  config,
  lib,
  ...
}:
{
  services.prometheus.exporters.pve = {
    enable = true;
    configFile = "/etc/prometheus-pve-exporter/pve.yml";
  };
  users.users.pve-exporter = {
    isSystemUser = true;
    group = "pve-exporter";
  };
  users.groups.pve-exporter = { };

  systemd.services."prometheus-pve-exporter".serviceConfig = {
    DynamicUser = lib.mkForce false;
  };

  sops.secrets."pve.yaml" = {
    key = "";
    path = "/etc/prometheus-pve-exporter/pve.yml";
    owner = "pve-exporter";
    group = "pve-exporter";
    mode = "0440";
    sopsFile = ../../secrets/pve.yaml;
  };

  environment.etc."alloy/pve.alloy" = {
    text = ''
      prometheus.scrape "example" {
        // Collect metrics from the default listen address.
        targets = [{
          __address__ = "127.0.0.1:9221",
          __scheme__ = "http",
          __metrics_path__ = "pve",
          __param_target__ = "94.45.255.1",
        }]

        forward_to = [prometheus.relabel.pve.receiver]
      }

      prometheus.relabel "pve" {
        forward_to = [prometheus.remote_write.default.receiver]

        rule {
          source_labels = [ "__param_target" ]
          target_label = "instance"
        }
        rule { 
          target_label = "__address__"
          replacement = "pve-exporter"
        }
      }
    '';
  };
}