diff --git a/flake.nix b/flake.nix
index 41ffcdd..b0ad559 100644
--- a/flake.nix
+++ b/flake.nix
@@ -51,6 +51,21 @@
       ];
     };
 
+    nixosConfigurations.postgresql = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+        ./hosts/postgresql/configuration.nix
+      ];
+    };
+    nixosConfigurations.grafana = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+        ./hosts/grafana/configuration.nix
+      ];
+    };
+
     deploy.nodes.nginx = {
       hostname = "10.42.20.2";
       fastConnection = true;
@@ -111,6 +126,26 @@
       };
     };
 
+    deploy.nodes.postgresql = {
+      hostname = "10.42.20.8";
+      fastConnection = true;
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.postgresql;
+      };
+    };
+
+    deploy.nodes.grafana = {
+      hostname = "10.42.20.9";
+      fastConnection = true;
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos
+          self.nixosConfigurations.grafana;
+      };
+    };
+
     checks =
       builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy)
       deploy-rs.lib;
diff --git a/hosts/grafana/configuration.nix b/hosts/grafana/configuration.nix
new file mode 100644
index 0000000..b80de61
--- /dev/null
+++ b/hosts/grafana/configuration.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+let secrets = import ./secrets.nix;
+in {
+  imports = [
+    # Import common config
+    ../../common/generic-lxc.nix
+    ../../common
+  ];
+
+  networking.hostName = "grafana";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  environment.systemPackages = with pkgs; [ ];
+
+  environment.etc.adminPass = {
+    enable = true;
+    text = secrets.passwd;
+  };
+
+  environment.etc.signKey = {
+    enable = true;
+    text = secrets.secretKey;
+  };
+  
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
+  services.grafana = {
+    enable = true;
+    protocol = "http";
+    domain = "grafana.voidcorp.nl";
+    rootUrl = "https://grafana.voidcorp.nl/";
+    addr = "0.0.0.0";
+    port = 3000;
+    database = {
+      type = "postgres";
+      host = "postgresql.voidlocal";
+      user = "grafana";
+      passwordFile = "/etc/adminPass";
+    };
+    security = {
+      adminUser = secrets.adminUser;
+      adminPasswordFile = "/etc/adminPass";
+      secretKeyFile = "/etc/signKey";
+    };
+    analytics.reporting.enable = false;
+  };
+
+}
diff --git a/hosts/grafana/secrets.nix b/hosts/grafana/secrets.nix
new file mode 100644
index 0000000..36d2241
Binary files /dev/null and b/hosts/grafana/secrets.nix differ
diff --git a/hosts/nginx/configuration.nix b/hosts/nginx/configuration.nix
index b3e374d..53db57e 100644
--- a/hosts/nginx/configuration.nix
+++ b/hosts/nginx/configuration.nix
@@ -54,6 +54,7 @@ in {
     virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/";
     virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/";
     virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/";
+    virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";
   };
 
   security.acme.email = "acme@voidcorp.nl";
diff --git a/hosts/postgresql/configuration.nix b/hosts/postgresql/configuration.nix
new file mode 100644
index 0000000..d9d0d96
--- /dev/null
+++ b/hosts/postgresql/configuration.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+let
+in {
+  imports = [
+    # Import common config
+    ../../common/generic-lxc.nix
+    ../../common
+  ];
+
+  networking.hostName = "postgresql";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    authentication = "host all all 10.42.0.0/16 trust";
+    ensureDatabases = [ "prometheus" "grafana" ];
+    ensureUsers = [
+      {
+        name = "prometheus";
+        ensurePermissions = { "DATABASE \"prometheus\"" = "ALL PRIVILEGES"; };
+      }
+      {
+        name = "grafana";
+        ensurePermissions = { "DATABASE \"grafana\"" = "ALL PRIVILEGES"; };
+      }
+    ];
+    enableTCPIP = true;
+  };
+
+}