diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix
index 89df797..429bd13 100644
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@@ -15,6 +15,7 @@ lib.extra.mkConfig {
     "garage"
     "netbird"
     "peertube"
+    "prometheus"
   ];
 
   extraConfig = {
diff --git a/machines/storage01/prometheus.nix b/machines/storage01/prometheus.nix
new file mode 100644
index 0000000..a58bd96
--- /dev/null
+++ b/machines/storage01/prometheus.nix
@@ -0,0 +1,43 @@
+{ config, ... }:
+
+let
+  host = "prometheus.dgnum.eu";
+  port = 9091;
+in
+
+{
+  services.prometheus = {
+    enable = true;
+
+    inherit port;
+
+    checkConfig = "syntax-only";
+    enableReload = true;
+
+    listenAddress = "127.0.0.1";
+
+    webConfigFile = config.age.secrets."prometheus-web_config_file".path;
+
+    webExternalUrl = "https://${host}";
+
+    scrapeConfigs = [
+      {
+        job_name = "prometheus";
+        static_configs = [ { targets = [ "localhost:9090" ]; } ];
+      }
+    ];
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${builtins.toString port}";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+    };
+  };
+
+  age-secrets.autoMatch = [ "prometheus" ];
+}
diff --git a/machines/storage01/secrets/prometheus-web_config_file b/machines/storage01/secrets/prometheus-web_config_file
new file mode 100644
index 0000000..ed31479
--- /dev/null
+++ b/machines/storage01/secrets/prometheus-web_config_file
@@ -0,0 +1,24 @@
+age-encryption.org/v1
+-> ssh-ed25519 rHotTw RBYiRMlYSSJqICOKMUSCKb5r5o05rS9WCS4iiC7c1k0
+dWd+dS0UqpFmlSPAsoUPcslPbMhTulikbpzDD9LRCVQ
+-> ssh-ed25519 jIXfPA clKVYR1MMXYIjDcmZQuCP69U04wdgyJ0JVWVtT/pkjI
+JygjZZkaJwJ4HIYJL31PEL1+5DPmhh+z94NlO1zrG0E
+-> ssh-ed25519 QlRB9Q SYHBZy0l+fTuJdzroI6mQPvupbiYp8RuuX/7cg38ZhE
+x7aqS5IYPC1bpGYIl7yy/KPBF0Z6xgV1PWzbVvxzXII
+-> ssh-ed25519 r+nK/Q xTImKbcn53ib31IDa/Q8LA1E7doiY+I2b6RkH7At/kI
+iNYdewo4J2o0QrnViG5E4gsXEkKPeWFoT/6WiU11njE
+-> ssh-rsa krWCLQ
+T/J5iYdgBoWsf8jgWForcwBq0MJhGZgMNdATzsAoa77eV12FV9nDgfLiJzU4WTRA
+FLruL0h/5uqT2wzZri8AC3acHsR9iAScz+GK20EX2iokNciwYZl6vRlcDIfaQkyz
+94xJrC0Rpo6K1zdICi3A9wtn/CYxRD5bo7MfJskbPmF3WwieiR2Fg1Oam7AZzwRm
+eOCj9yNgNjI1vTIB5ioaPpB+nUSRSri6ovTpTX2ycZE/QRPjZiK0G6aPwDNF3GxQ
+Bjs4l8ko0YdaPGvst5HGSSuycYDbJPi6+qEZKKAQtSHqoboiTpFd/8nhrOGBsf+x
+eFPoTDPRY2WV3rVr4wZBYg
+-> ssh-ed25519 /vwQcQ V/OLrAVr+KFWZ76alax3vFvdcb4A9oVbglgz9qqUozQ
+jPnZPOGnMWV8njpLD1F6i+8Ls/HTv+EkGYV2JQVE8Ik
+-> ssh-ed25519 0R97PA rbjVky5a9248+2JkFtyFrD0++B+GWAJHdZSDVmgl3hg
+5pyYsn9W3oFZwbT7oBHgN36KF+4rLT5F7aSqRI0Q7ko
+-> ssh-ed25519 JGx7Ng irOl4ZTWNXSM/WF202o+K8tg/hoirSxnfhhZnA4o+0U
+jxIwKHqklEIdp+rSglvnY425LH/UDcIWcl3BobbOJFY
+--- Sr6TXmrdeYpLMuEe3xDH2RYittqf2lqHzwakvlOohY4
+yš¶%$†'[‡>ÿ´F3T"#þN}2Of3]e¨>*¢{Ð5tÖQ0M»<NÜZØöw8w:û‚Æ¾ê8ø^‰ý»üÍÄ2¥OÔbk‚wé›ŸaZÇQÖèà/8^¢sôjfÃ”íp/ù3–Y&Pˆª¾XÊ$
\ No newline at end of file
diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix
index 945d75f..4b5d635 100644
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@@ -11,4 +11,5 @@ lib.setDefault { inherit publicKeys; } [
   "peertube-secrets_file"
   "peertube-service_environment_file"
   "peertube-smtp_password_file"
+  "prometheus-web_config_file"
 ]