diff --git a/hosts/flora-6/apps/prometheus.nix b/hosts/flora-6/apps/prometheus.nix
index c6d2072..ee49050 100644
--- a/hosts/flora-6/apps/prometheus.nix
+++ b/hosts/flora-6/apps/prometheus.nix
@@ -25,6 +25,21 @@
           };
         }];
       }
+      {
+        job_name = "https-targets";
+        scheme = "https";
+        metrics_path = "/metrics";
+        basic_auth = {
+          username = "hakkonaut";
+          password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}";
+        };
+        static_configs = [{
+          targets = [ "nachtigall.pub.solar" ];
+          labels = {
+            instance = "nachtigall";
+          };
+        }];
+      }
     ];
   };
 }
diff --git a/hosts/nachtigall/apps/nginx-prometheus-exporters.nix b/hosts/nachtigall/apps/nginx-prometheus-exporters.nix
new file mode 100644
index 0000000..6b383db
--- /dev/null
+++ b/hosts/nachtigall/apps/nginx-prometheus-exporters.nix
@@ -0,0 +1,19 @@
+{ config, flake, ... }:
+
+{
+  age.secrets.nachtigall-metrics-basic-auth = {
+    file = "${flake.self}/secrets/nachtigall-metrics-basic-auth.age";
+    mode = "600";
+    owner = "nginx";
+  };
+  services.nginx.virtualHosts = {
+    "nachtigall.pub.solar" = {
+      enableACME = true;
+      addSSL = true;
+      basicAuthFile = "${config.age.secrets.nachtigall-metrics-nginx-basic-auth.path}";
+      locations."/metrics" = {
+        proxyPass = "http://127.0.0.1:${toString(config.services.prometheus.exporters.node.port)}";
+      };
+    };
+  };
+}
diff --git a/hosts/nachtigall/apps/prometheus-exporters.nix b/hosts/nachtigall/apps/prometheus-exporters.nix
new file mode 100644
index 0000000..07f6335
--- /dev/null
+++ b/hosts/nachtigall/apps/prometheus-exporters.nix
@@ -0,0 +1,14 @@
+{
+  config,
+  ...
+}: {
+  services.prometheus = {
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+        port = 9002;
+      };
+    };
+  };
+}
diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix
index a7729a2..63a5cd5 100644
--- a/hosts/nachtigall/default.nix
+++ b/hosts/nachtigall/default.nix
@@ -21,9 +21,11 @@
       ./apps/owncast.nix
       ./apps/nginx-mastodon.nix
       ./apps/nginx-mastodon-files.nix
+      ./apps/nginx-prometheus-exporters.nix
       ./apps/nginx-website.nix
       ./apps/opensearch.nix
       ./apps/postgresql.nix
+      ./apps/prometheus-exporters.nix
       ./apps/searx.nix
 
       ./apps/matrix/mautrix-telegram.nix
diff --git a/secrets/nachtigall-metrics-basic-auth.age b/secrets/nachtigall-metrics-basic-auth.age
new file mode 100644
index 0000000..b84edc0
--- /dev/null
+++ b/secrets/nachtigall-metrics-basic-auth.age
@@ -0,0 +1,31 @@
+age-encryption.org/v1
+-> ssh-ed25519 Y0ZZaw FWuk2kYGB+GfoY3rWfeCosoBOLvUHrH7SR8Fv18o+XI
+YyOTULtyOJ3vfAOnYSMzeCCyipJ4Fqrr3PJgRtbElJg
+-> ssh-ed25519 iDKjwg Bq6lNuS5MOhsU/7ypHw/E70BktIA+SmN6e3pvrIqRBQ
+Xo0OOUXfOkPQfArhqSJyiAkH5lxcJIAO7M5krkCZNfc
+-> ssh-ed25519 uYcDNw EfB1B4CSNk8Oe5B7T+KSl9O5OsCrulaLOjR3PBtxpSk
+xJxkmBSENc5JosdRiEAC3a41WI6TmTlTxm+lclup+g4
+-> ssh-rsa kFDS0A
+dYH3A43wClFnDQp8m3ZnhTK5d8LeG6ZkqDQ5dS1yB//4G5TaUnMqOp5Q2G1gbgXY
+Zu9qYOHdUydn5HIRSwBXj/KbBm5xJ1zFImOszn7S5mk4iReHFyTnSzAi4utatQcY
+DEjGnvKKRoc7ih08+F44kq6DYnhUBFqF8eigQZIsyeWpiW6C1FzasL0KnXoedPG2
+AYJForNB8zKp7a2Evxi0MY7a+ldHAekktz1Fta2u9MvrWUtqP/yLqJhCwCNvos7J
+kG+XO4j0kiOQCIO9TOeLAu59+VCVM64mY+dp+xc8tX0fWuu7ItSAh6jRHzfgSKjC
+qDJc/1YpUG1EnYSH39mfVox3ndeMuVrG6Q1h509jZuxsw/zoDsbY3bbhTaUQ3X8Y
+5ShCponnEGBLqeSm1gALCAnlgu8IS4gL6ePKuAhN0qMYj6iiXP/Ugp3lTcv1TvFD
+KINnV/tas1CO3PApQm6JgijHEPT9zyUbqR/xN06+OCWbg4hHuEix+0OhM1T5w2xC
+KvKF30iUK0tU2hZvKdku2MpbP4N0cQLqBEWiyrUKHRMCdXi3kyO5D84UdWXvETAt
+BfEvZ8ZG5fiSXzbPLxVqObXFZUirLuWomWtstqkDuadL9xJkTcsbr8ZCCNpPhxdL
+oOfao+tox3RBilAS3AfQVhrPvD2rVUptm+0nPtnO3rY
+-> ssh-ed25519 YFSOsg T2OdtA0kY4DqDIxE1QxMV5aCygvKlI5LgXQ+QYYuOko
+l0Kzo02jGISCT1zrGf5soXYj7FMVrN/9REF3Zscbmik
+-> ssh-ed25519 iHV63A 75daRGD2TQ/mXRsckaH9sGGkHMkLxgHFhn0eDdkDsU8
+TXeoLqfU0ywQucPayYoG43Gr56uZoYIWaK9F2YJJ0FM
+-> ssh-ed25519 BVsyTA J/xNtG1CAzfoiKPsnWwDp4pId7d3MywXpfhKAmpze3I
+8uMO07Se/6krP79flt+XZfjIsw12kWsoD6LqZyLG70M
+-> B-grease y3$t@ ; Bs *w
+dUrvWB09znCDyvO7RnduMguc9pWTn19q1fc0MHFUXk7WQWns+4kpJIX1qljB5hz/
+NPAbNzwMDQKj6awHAth1iFLaEw
+--- rI4jrrXCiUpV/EzGsla+lxONmL5/Eel/LODoIM80jcM
+˜_°0àÆ7Jˆq•[÷çè'/ù‘õŽi„ÜÒl°mÙ
+ÌÂ!JPþ¼>œ…wk¡ž·³¤+ é™)ÚÈPhUÜóç²O=>k=?ÂTÐ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3abf74f..b71d808 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -66,4 +66,6 @@ in {
   "grafana-admin-password.age".publicKeys = flora6Keys ++ baseKeys;
   "grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ baseKeys;
   "grafana-smtp-password.age".publicKeys = flora6Keys ++ baseKeys;
+
+  "nachtigall-metrics-basic-auth.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
 }