diff --git a/hosts/hijiri-vm/default.nix b/hosts/hijiri-vm/default.nix
index 8ef2489..c1a6366 100644
--- a/hosts/hijiri-vm/default.nix
+++ b/hosts/hijiri-vm/default.nix
@@ -22,5 +22,7 @@
 
       networking.domain = "hijiri";
       networking.hostName = "vm";
+
+      services.prometheus.exporters.node.enable = lib.mkForce false;
     };
 }
diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix
index c4faafd..e7cdeb1 100644
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@@ -19,6 +19,7 @@
         ./ntfy.nix
         ./zitadel.nix
         ./forgejo.nix
+        ./prometheus.nix
       ];
 
       nixpkgs.hostPlatform = "aarch64-linux";
diff --git a/hosts/kazuki/prometheus.nix b/hosts/kazuki/prometheus.nix
new file mode 100644
index 0000000..17d798b
--- /dev/null
+++ b/hosts/kazuki/prometheus.nix
@@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+{
+  age.secrets.rab-lol-cf = {
+    file = ../../secrets/rab-lol-cf.age;
+    owner = config.services.nginx.user;
+  };
+
+  services.prometheus = {
+    enable = true;
+    scrapeConfigs =
+      let
+        nodeExporter = nixos: nixos.config.services.prometheus.exporters.node;
+        configurations = lib.filterAttrs (
+          _: nixos: (nodeExporter nixos).enable
+        ) inputs.settei.nixosConfigurations;
+      in
+      lib.mapAttrsToList (name: nixos: {
+        job_name = "${name}-node";
+        static_configs = [ { targets = [ "${name}:${toString (nodeExporter nixos).port}" ]; } ];
+      }) configurations;
+  };
+
+  services.grafana = {
+    enable = true;
+    settings.server.http_port = 3030;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts."monitor.rab.lol" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://grafana";
+        proxyWebsockets = true;
+      };
+    };
+
+    upstreams.grafana.servers =
+      let
+        inherit (config.services.grafana.settings.server) http_addr http_port;
+      in
+      {
+        "${http_addr}:${toString http_port}" = { };
+      };
+  };
+
+  security.acme.certs."monitor.rab.lol" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.rab-lol-cf.path;
+  };
+}
diff --git a/modules/system/common/default.nix b/modules/system/common/default.nix
index 0bf6e29..8693f1e 100644
--- a/modules/system/common/default.nix
+++ b/modules/system/common/default.nix
@@ -52,6 +52,11 @@ let
     settei.user.config = {
       services.ssh-agent.enable = true;
     };
+
+    services.prometheus.exporters.node = {
+      enable = true;
+      enabledCollectors = [ "systemd" ];
+    };
   };
 
   darwinConfig = lib.optionalAttrs (!isLinux) {