diff --git a/cluster/services/patroni/default.nix b/cluster/services/patroni/default.nix
index 75a418c..8d7e53e 100644
--- a/cluster/services/patroni/default.nix
+++ b/cluster/services/patroni/default.nix
@@ -19,7 +19,10 @@
       haproxy = [ "checkmate" "VEGAS" "prophet" ];
     };
     nixos = {
-      worker = ./worker.nix;
+      worker = [
+        ./worker.nix
+        ./metrics.nix
+      ];
       haproxy = ./haproxy.nix;
     };
   };
diff --git a/cluster/services/patroni/metrics.nix b/cluster/services/patroni/metrics.nix
new file mode 100644
index 0000000..e5bf79f
--- /dev/null
+++ b/cluster/services/patroni/metrics.nix
@@ -0,0 +1,25 @@
+{ config, cluster, ... }:
+
+let
+  inherit (cluster.config) links vars;
+
+  getMeshIp = name: vars.mesh.${name}.meshIp;
+in
+
+{
+  age.secrets.postgres-metrics-db-credentials.file = ./passwords/metrics.age;
+
+  services.grafana-agent = {
+    settings.integrations.postgres_exporter = {
+      enabled = true;
+      instance = vars.hostName;
+      data_source_names = [
+        "postgresql://metrics:\${PG_METRICS_DB_PASSWORD}@${getMeshIp vars.hostName}:${links.patroni-pg-internal.portStr}/postgres?sslmode=disable"
+      ];
+      autodiscover_databases = true;
+    };
+    credentials = {
+      PG_METRICS_DB_PASSWORD = config.age.secrets.postgres-metrics-db-credentials.path;
+    };
+  };
+}
diff --git a/cluster/services/patroni/passwords/metrics.age b/cluster/services/patroni/passwords/metrics.age
new file mode 100644
index 0000000..7c62829
--- /dev/null
+++ b/cluster/services/patroni/passwords/metrics.age
@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A UZDVDyrbgLGKKnssXfhpvQoKLhI/RAxys+DM4Jka4iQ
+X1hNCTU8G6aatngQyq7LvkHTfbpUDPOhGzulr8Nzc4k
+-> ssh-ed25519 5/zT0w gv8U5Wa08WWJNkhi0S4V8Ug7sgyPnNLBMc6jYsMU4xM
+m7SGWdD/cnse3m+9KdkdobgoKcsV0wzbjwQTZu7b2T4
+-> ssh-ed25519 FfIUuQ fB/7/JIl4FA8iqAI/dlUNUZuEM0vMep7wSBmpmharz4
+Gt3uKzVi++lRcKodWlGgeDKE2ogk9O1JUFSlc7LxeSg
+-> ssh-ed25519 d3WGuA WN8M0MQORIKi2YjyaJB4UvHopOtEbN+dpleL1ms64SM
+ZbjoLTxXWGagSvcfpqVQsGhtAKUKhqc1yS9hlWFym+I
+-> ssh-ed25519 YIaSKQ ij5ROzrXgYT6dTiONqflPz2+oVz9lRaE0Dcc1+A+h30
+TYWRVn97qM3ocd5keHi+1IPjgARfcri57oGr2+fZTrE
+-> FP.Bh-grease uS|AoN& 0cdpf
+GeHSrkswVd5L7QmFWL8wHld2NmQz
+--- 2iy6cb/bcbHol77a7GoPWckCKIsnnvIQbTwfKQ2+Gyw
+Êd1ˆ>D¹Ñ’$Ó¶gÒ%{"V¸Úúhxè‰Iº]MÂ¦~µ±c¬Ûíbô#Kí4«êþïèïH	îáÏê¹×	¹\`‚¾ãÃÂÿÎ²šªÑm¡*‚.ÆáPô€ËF­aTÎôt#Í.*õÛ.{46HÙQ+˜M,Ÿ4¢Î=!_mù†»mBT“µÍD}Ýë¼YPJ­íƒ¥[Óµ(FDÕeû7œ
\ No newline at end of file
diff --git a/secrets.nix b/secrets.nix
index 754ca53..c4dadfc 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -26,6 +26,7 @@ in with hosts;
   "cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
+  "cluster/services/patroni/passwords/metrics.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
   "cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
   "cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
   "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];