diff --git a/base/default.nix b/base/default.nix
index c4245db..741d79e 100644
--- a/base/default.nix
+++ b/base/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, fp, ... }:
+{
+  pkgs,
+  lib,
+  fp,
+  ...
+}:
 
 {
   imports = [
@@ -8,6 +13,7 @@
     ./networking.nix
     ./nix.nix
     ./vm.nix
+    ./flake-input-exporter.nix
 
     ./services/acme.nix
     ./services/uptimed.nix
@@ -57,11 +63,11 @@
   # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
   # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
   programs.bash.shellInit = ''
-   if [ -n "''${BASH_VERSION:-}" ]; then
-     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
-      [[ -f ~/.bashrc ]] && . ~/.bashrc
-     fi
-   fi
+    if [ -n "''${BASH_VERSION:-}" ]; then
+      if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+       [[ -f ~/.bashrc ]] && . ~/.bashrc
+      fi
+    fi
   '';
 
   programs.zsh.enable = true;
diff --git a/base/flake-input-exporter.nix b/base/flake-input-exporter.nix
new file mode 100644
index 0000000..0b6b3d9
--- /dev/null
+++ b/base/flake-input-exporter.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  values,
+  ...
+}:
+let
+  data = lib.flip lib.mapAttrs inputs (
+    name: input: {
+      inherit (input)
+        lastModified
+        ;
+    }
+  );
+  folder = pkgs.writeTextDir "share/flake-inputs" (
+    lib.concatMapStringsSep "\n" (
+      { name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
+    ) (lib.attrsToList data)
+  );
+  port = 9102;
+in
+{
+  services.nginx.virtualHosts."${config.networking.fqdn}" = {
+    serverAliases = [
+      "${config.networking.hostName}.pvv.org"
+    ];
+    locations."/metrics" = {
+      root = "${folder}/share";
+      tryFiles = "/flake-inputs =404";
+      extraConfig = ''
+        default_type text/plain;
+      '';
+    };
+    listen = [
+      {
+        inherit port;
+        addr = "0.0.0.0";
+      }
+    ];
+    extraConfig = ''
+      allow ${values.hosts.ildkule.ipv4}/32;
+      allow ${values.hosts.ildkule.ipv6}/32;
+      allow 129.241.210.128/25;
+      allow 2001:700:300:1900::/64;
+      deny all;
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+}