diff --git a/machines/storage01/prometheus.nix b/machines/storage01/prometheus.nix
index bcf5cfc..5868685 100644
--- a/machines/storage01/prometheus.nix
+++ b/machines/storage01/prometheus.nix
@@ -1,8 +1,26 @@
-{ config, ... }:
+{
+  config,
+  nodes,
+  lib,
+  ...
+}:
 
 let
   host = "prometheus.dgnum.eu";
   port = 9091;
+
+  nodeExporterConfigs = lib.flatten (
+    lib.mapAttrsToList (
+      node:
+      { config, ... }:
+      lib.optional config.dgn-node-monitoring.enable {
+        targets = [ "${node}.dgnum:${builtins.toString config.dgn-node-monitoring.port}" ];
+        labels = {
+          host = node;
+        };
+      }
+    ) nodes
+  );
 in
 
 {
@@ -33,6 +51,10 @@ in
         job_name = "prometheus";
         static_configs = [ { targets = [ "localhost:9090" ]; } ];
       }
+      {
+        job_name = "node_exporter";
+        static_configs = nodeExporterConfigs;
+      }
     ];
   };
 
diff --git a/machines/web02/_configuration.nix b/machines/web02/_configuration.nix
index f11afbf..f205973 100644
--- a/machines/web02/_configuration.nix
+++ b/machines/web02/_configuration.nix
@@ -8,6 +8,7 @@ lib.extra.mkConfig {
 
   enabledServices = [
     # List of services to enable
+    "monitoring"
   ];
 
   extraConfig = {
diff --git a/machines/web02/monitoring.nix b/machines/web02/monitoring.nix
new file mode 100644
index 0000000..a956127
--- /dev/null
+++ b/machines/web02/monitoring.nix
@@ -0,0 +1 @@
+{ dgn-node-monitoring.enable = false; }
diff --git a/modules/default.nix b/modules/default.nix
index 47f086f..dacde26 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -43,6 +43,7 @@
       "dgn-console"
       "dgn-fail2ban"
       "dgn-hardware"
+      "dgn-node-monitoring"
       "dgn-notify"
       "dgn-netbox-agent"
       "dgn-network"
diff --git a/modules/dgn-node-monitoring.nix b/modules/dgn-node-monitoring.nix
new file mode 100644
index 0000000..a241f05
--- /dev/null
+++ b/modules/dgn-node-monitoring.nix
@@ -0,0 +1,43 @@
+{ config, lib, ... }:
+let
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+
+    types
+    ;
+  cfg = config.dgn-node-monitoring;
+in
+
+{
+  options.dgn-node-monitoring = {
+    enable = mkEnableOption "DGNum nodes monitoring (needs a valid netbird tunnel)" // {
+      default = true;
+    };
+    port = mkOption {
+      type = types.port;
+      default = 9002;
+      description = lib.mdDoc ''
+        Port to listen on.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.prometheus = {
+      exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = [
+            "processes"
+            "systemd"
+          ];
+          inherit (cfg) port;
+          listenAddress = "0.0.0.0";
+        };
+      };
+    };
+    networking.firewall.interfaces.wt0.allowedTCPPorts = [ cfg.port ];
+  };
+}