{ pkgs, ... }:
{
  boot.kernelParams = [ "psi=1" ];

  networking.firewall.interfaces.wg0.allowedTCPPorts = [
    9100
    9882
  ];

  virtualisation.quadlet.containers = {
    prometheus-node-exporter.containerConfig = {
      image = "docker-archive:${pkgs.dockerImages.prometheus-node-exporter}";
      # Allow collecting host metrics, port :9100 by default
      networks = [ "host" ];
      podmanArgs = [
        "--pid"
        "host"
      ];
      volumes = [
        "/:/host:ro,rslave"
        "/run/udev:/run/udev:ro"
        "/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
        "/etc/static/os-release:/host/etc/os-release:ro"
      ];
      exec = [
        "--log.level=warn"
        "--path.rootfs=/host"
        "--no-collector.arp"
        "--no-collector.bonding"
        "--no-collector.edac"
        "--no-collector.fibrechannel"
        "--no-collector.infiniband"
        "--no-collector.ipvs"
        "--no-collector.mdadm"
        "--no-collector.nfs"
        "--no-collector.nfsd"
        "--no-collector.selinux"
        "--no-collector.xfs"
        "--no-collector.zfs"
        "--collector.cpu_vulnerabilities"
        "--collector.drm"
        "--collector.ethtool"
        "--collector.processes"
        "--collector.systemd"
      ];
    };

    prometheus-podman-exporter.containerConfig = {
      image = "docker-archive:${pkgs.dockerImages.prometheus-podman-exporter}";
      publishPorts = [ "9882:9882/tcp" ];
      volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
      exec = [ "--collector.enable-all" ];
    };
  };
}