pkg_add prometheus grafana

scrape_configs: 
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. 
  - job_name: 'prometheus' 
    static_configs: 
    - targets: ['localhost:9090'] 
  - job_name: 'unbound' 
    static_configs: 
    - targets: ['dns-unbound:9167'] 
      labels: 
        instance: 'dns-unbound'

rcctl enable prometheus
rcctl enable grafana
rcctl start prometheus
rcctl start grafana

server:
       statistics-interval: 0 
       statistics-cumulative: no 
       extended-statistics: yes
remote-control:
       control-enable: yes

unbound-control-setup

pkg_add go monit

go install github.com/letsencrypt/unbound_exporter@latest
doas cp ./go/bin/unbound_exporter /root/
doas chmod +x /root/unbound_exporter

set daemon 60 with start delay 60 
set pidfile /var/run/monit.pid 
set log syslog 
set idfile /var/monit/id 
set statefile /var/monit/state 
set httpd 
    port 2812 
    allow 0.0.0.0/0.0.0.0 
#    allow admin:monit      # require user 'admin' with password 'monit' 
#    allow ro:"readonly" read-only 
check program lookup path "/usr/bin/host www.google.com" every 1 cycles 
    if status != 0 then exec "/bin/sh /usr/sbin/rcctl restart unbound" 
check process unbound with pidfile "/var/run/unbound.pid" every 1 cycles 
    start program = "/bin/sh /usr/sbin/rcctl start unbound" 
    stop program = "/bin/sh /usr/sbin/rcctl stop unbound" 
    restart program = "/bin/sh /usr/sbin/rcctl restart unbound" 
    if not exist then restart 
check process exporter with matching exporter every 1 cycles 
    start program = "/usr/bin/tmux new -d -s exporter /root/unbound_exporter -unbound.ca /var/unbound/etc/unbound_server.pem -unbound.cert /var/unbound/etc/unbound_control.pem -unbound.key /var/unbound/etc/unbound_control.key" 
    stop program = "/usr/bin/tmux kill-session -t exporter" 
    if not exist then restart 
    depends on unbound 
#

rcctl enable monit
rcctl start monit