diff --git a/hosts/nihilus/default.nix b/hosts/nihilus/default.nix
index 8ce7ef9..46bda08 100644
--- a/hosts/nihilus/default.nix
+++ b/hosts/nihilus/default.nix
@@ -65,6 +65,21 @@
     };
   };
 
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9000;
+    # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+    enabledCollectors = [ "systemd" ];
+    # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter  --help
+    extraFlags = [
+      "--collector.ethtool"
+      "--collector.softirqs"
+      "--collector.tcpstat"
+      "--collector.wifi"
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 9000 ];
   boot.initrd.systemd.tpm2.enable = false;
 
   system.stateVersion = "24.11";
diff --git a/hosts/raptus/headscale/acls.nix b/hosts/raptus/headscale/acls.nix
index ae38429..cca6406 100644
--- a/hosts/raptus/headscale/acls.nix
+++ b/hosts/raptus/headscale/acls.nix
@@ -39,6 +39,13 @@ in
           [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
         )
 
+        (mkAcl
+          [
+            "${shanMeta.tailscale.ip}"
+          ]
+          [ "tag:server:9000" ]
+        )
+
         (mkAcl
           [
             "tag:guest"
diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index 6539aa7..22c2c64 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -10,6 +10,7 @@
     ./disk-config.nix
     ./adguard.nix
     ./calibre-web.nix
+    ./prometheus.nix
   ];
 
   swapDevices = [
@@ -192,6 +193,8 @@
         "fritz.ccnlc.eu" = mkVH "http://192.168.178.1" 80;
         "truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
         "calibre.ccnlc.eu" = mkVHLocal config.services.calibre-web.listen.port;
+        "prometheus.ccnlc.eu" = mkVHLocal config.services.prometheus.port;
+        "grafana.ccnlc.eu" = mkVHLocal config.services.grafana.settings.server.http_port;
         ${config.services.freshrss.virtualHost} = {
           forceSSL = true;
           useACMEHost = "ccnlc.eu";
diff --git a/hosts/shan/prometheus.nix b/hosts/shan/prometheus.nix
new file mode 100644
index 0000000..b01716a
--- /dev/null
+++ b/hosts/shan/prometheus.nix
@@ -0,0 +1,59 @@
+{ config, ... }:
+{
+  services.prometheus = {
+    enable = true;
+    webExternalUrl = "https://prometheus.ccnlc.eu";
+    scrapeConfigs = [
+      {
+        job_name = "node";
+        static_configs = [
+          {
+            targets = [
+              "nihilus:9000"
+              "shan:9000"
+            ];
+          }
+        ];
+      }
+    ];
+  };
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9000;
+    # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+    enabledCollectors = [ "systemd" ];
+    # /nix/store/zgsw0yx18v10xa58psanfabmg95nl2bb-node_exporter-1.8.1/bin/node_exporter  --help
+    extraFlags = [
+      "--collector.ethtool"
+      "--collector.softirqs"
+      "--collector.tcpstat"
+      "--collector.wifi"
+    ];
+  };
+
+  services.grafana = {
+    enable = true;
+    provision = {
+      enable = true;
+      datasources.settings.datasources = [
+        {
+          name = "Prometheus";
+          type = "prometheus";
+          url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
+        }
+      ];
+
+    };
+    settings = {
+      users = {
+        allow_sign_up = true;
+      };
+      server = {
+        protocol = "http";
+        http_addr = "127.0.0.1";
+        domain = "grafana.ccnlc.eu";
+        http_port = 9032;
+      };
+    };
+  };
+}