diff --git a/hosts/monitoring/default.nix b/hosts/monitoring/default.nix
new file mode 100644
index 0000000..fb2e323
--- /dev/null
+++ b/hosts/monitoring/default.nix
@@ -0,0 +1,42 @@
+{ ... }:
+
+{
+  imports = [
+    ../common.nix
+    ../../services/openssh.nix
+    ../../services/nginx.nix
+    #./nginx.nix
+    #./prometheus.nix
+    #./grafana.nix
+  ];
+
+  networking = {
+    hostName = "monitoring";
+    firewall = {
+      allowedTCPPorts = [
+        80 # HTTP/1
+        443 # HTTP/2
+      ];
+      allowedUDPPorts = [
+        443 # HTTP/3
+      ];
+    };
+  };
+
+  services = {
+    openssh.banner = ''
+                                    __
+                                 __/\ \__                __
+        ___ ___     ___     ___ /\_\ \ ,_\   ___   _ __ /\_\    ___      __
+      /' __` __`\  / __`\ /' _ `\/\ \ \ \/  / __`\/\`'__\/\ \ /' _ `\  /'_ `\
+      /\ \/\ \/\ \/\ \L\ \/\ \/\ \ \ \ \ \_/\ \L\ \ \ \/ \ \ \/\ \/\ \/\ \L\ \
+      \ \_\ \_\ \_\ \____/\ \_\ \_\ \_\ \__\ \____/\ \_\  \ \_\ \_\ \_\ \____ \
+       \/_/\/_/\/_/\/___/  \/_/\/_/\/_/\/__/\/___/  \/_/   \/_/\/_/\/_/\/___L\ \
+                                                                         /\____/
+                                                                         \_/__/
+    '';
+  };
+
+  system.stateVersion = "25.11";
+}
+
diff --git a/hosts/monitoring/nginx.nix b/hosts/monitoring/nginx.nix
new file mode 100644
index 0000000..f3fbe4e
--- /dev/null
+++ b/hosts/monitoring/nginx.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+  services.nginx.virtualHosts."monitoring.${config.networking.domain}" = {
+    default = true;
+    quic = true;
+    kTLS = true;
+    forceSSL = true;
+    enableACME = true;
+    #basicAuthFile = config.age.secrets.grafana_basic_auth.path;
+    locations = {
+      "/" = {
+        proxyPass = "http://";
+        recommendedProxySettings = true;
+      };
+    };
+  };
+}
+