Add Prometheus bitcoin exporter to btc-node #25

Merged

AlexCaswen merged 2 commits from 34-btc-prometheus-exporter into main

2026-05-07 02:48:22 +00:00

AlexCaswen commented

2026-05-07 02:44:35 +00:00

(Migrated from gitlab.com)

What

Adds jvstein/bitcoin-prometheus-exporter (nixpkgs: prometheus-bitcoin-exporter) to the btc-node container, and wires the scrape target into the monitoring container.

Changes

btc-node/configuration.nix:

Add prometheus RPC user with HMAC auth
Whitelist RPC methods to read-only monitoring calls only
Enable services.prometheus.exporters.bitcoin on port 9332
Open firewall port 9332

monitoring/configuration.nix:

Add btc-node scrape target at 10.121.25.10:9332 (30s interval)

RPC Security

The prometheus RPC user is restricted via rpcwhitelist to: getblockchaininfo, getnetworkinfo, getmempoolinfo, getpeerinfo, getnettotals, getmininginfo, uptime, getblockcount, getdifficulty, getbestblockhash, getblock.

No wallet, transaction, or write methods are permitted.

Metrics Available

After deploy, curl http://10.121.25.10:9332/metrics will expose: block height, peer count, mempool size/fees, difficulty, network hash rate, verification progress, connection counts, and bandwidth totals.

Notes

Password stored in Nix store via pkgs.writeText — acceptable for a whitelist-restricted, container-local monitoring user. TODO: move to setec when exchange credentials are stored (#8).
30s scrape interval chosen to minimize RPC load. Can be tuned after observing exporter latency in Grafana.
Exporter uses the NixOS module from nixpkgs (tested upstream in nixos/tests/prometheus-exporters.nix).

Verification

After deploy:

curl http://10.121.25.10:9332/metrics | grep bitcoin_blocks — confirms exporter is running
Grafana → Explore → Prometheus → bitcoin_blocks — confirms scraping works
Import dashboard from jvstein/bitcoin-prometheus-exporter/dashboard/bitcoin-grafana.json (Grafana dashboard ID: 11274)

Closes #34
Related: #23, #38

## What Adds [jvstein/bitcoin-prometheus-exporter](https://github.com/jvstein/bitcoin-prometheus-exporter) (nixpkgs: `prometheus-bitcoin-exporter`) to the btc-node container, and wires the scrape target into the monitoring container. ## Changes **btc-node/configuration.nix:** - Add `prometheus` RPC user with HMAC auth - Whitelist RPC methods to read-only monitoring calls only - Enable `services.prometheus.exporters.bitcoin` on port 9332 - Open firewall port 9332 **monitoring/configuration.nix:** - Add `btc-node` scrape target at `10.121.25.10:9332` (30s interval) ## RPC Security The `prometheus` RPC user is restricted via `rpcwhitelist` to: `getblockchaininfo`, `getnetworkinfo`, `getmempoolinfo`, `getpeerinfo`, `getnettotals`, `getmininginfo`, `uptime`, `getblockcount`, `getdifficulty`, `getbestblockhash`, `getblock`. No wallet, transaction, or write methods are permitted. ## Metrics Available After deploy, `curl http://10.121.25.10:9332/metrics` will expose: block height, peer count, mempool size/fees, difficulty, network hash rate, verification progress, connection counts, and bandwidth totals. ## Notes - Password stored in Nix store via `pkgs.writeText` — acceptable for a whitelist-restricted, container-local monitoring user. TODO: move to setec when exchange credentials are stored (#8). - 30s scrape interval chosen to minimize RPC load. Can be tuned after observing exporter latency in Grafana. - Exporter uses the NixOS module from nixpkgs (tested upstream in `nixos/tests/prometheus-exporters.nix`). ## Verification After deploy: 1. `curl http://10.121.25.10:9332/metrics | grep bitcoin_blocks` — confirms exporter is running 2. Grafana → Explore → Prometheus → `bitcoin_blocks` — confirms scraping works 3. Import dashboard from `jvstein/bitcoin-prometheus-exporter/dashboard/bitcoin-grafana.json` (Grafana dashboard ID: 11274) Closes #34 Related: #23, #38

AlexCaswen (Migrated from gitlab.com) approved these changes

2026-05-07 02:44:35 +00:00

AlexCaswen commented

2026-05-07 02:47:41 +00:00

(Migrated from gitlab.com)

assigned to @AlexCaswen