diff --git a/hosts/sql/default.nix b/hosts/sql/default.nix
index 50c94ce..5058379 100644
--- a/hosts/sql/default.nix
+++ b/hosts/sql/default.nix
@@ -6,6 +6,7 @@
     ../../services/openssh.nix
     ../../services/prometheus-node.nix
     ./postgres.nix
+    ./prometheus-postgres.nix
   ];
 
   networking = {
diff --git a/hosts/sql/prometheus-postgres.nix b/hosts/sql/prometheus-postgres.nix
new file mode 100644
index 0000000..456188b
--- /dev/null
+++ b/hosts/sql/prometheus-postgres.nix
@@ -0,0 +1,13 @@
+{ config, ... }:
+
+{
+  services.prometheus.exporters.postgres = {
+    enable = true;
+    openFirewall = true;
+    firewallRules = ''
+      ip saddr 195.160.173.14/32 tcp dport ${toString config.services.prometheus.exporters.postgres.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+      ip6 saddr 2001:678:760:cccb::14/128 tcp dport ${toString config.services.prometheus.exporters.postgres.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+    '';
+  };
+}
+