diff --git a/hosts/arr/default.nix b/hosts/arr/default.nix
index 33ca856..80db34a 100644
--- a/hosts/arr/default.nix
+++ b/hosts/arr/default.nix
@@ -10,13 +10,12 @@
 
     networking.tailscale = {
       enable = false;
-      exitNode = "vps";
+      exitNode = "vps.neon-dory.ts.net";
       # authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
     };
 
-    services.download-pod = {
+    services.media-mgr = {
       programs.enable = true;
-      proxy.enable = false;
     };
 
     virtualisation = {
diff --git a/hosts/metrics/default.nix b/hosts/metrics/default.nix
index 87c624b..53df9ba 100644
--- a/hosts/metrics/default.nix
+++ b/hosts/metrics/default.nix
@@ -4,25 +4,45 @@
   lib,
   ...
 }:
+let
+  tailscaleMagicDNS = "neon-dory.ts.net";
+in
 {
 
   age.secrets = {
     tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
-    cloudflare-tegola-apiKey = {
-      file = ../../secrets/cloudflare-tegola-apiKey.age;
-      mode = "440";
-      owner = config.services.caddy.user;
-      group = config.services.caddy.group;
-    };
   };
 
   my = {
     utils.commons.enable = true;
 
-    networking.tailscale = {
-      enable = true;
-      exitNode = "vps";
-      authKeyFile = config.age.secrets.tailscale-authKey.path;
+    services.media-mgr = {
+      exportMetrics.enable = true;
+      proxy = {
+        enable = true;
+        domain = "tegola.pro";
+        host = "arr.internal";
+      };
+    };
+
+    monitoring = {
+      prometheus = {
+        enable = true;
+        proxy = {
+          domain = "tegola.pro";
+          host = "metrics.internal";
+        };
+      };
+    };
+
+    networking = {
+      tailscale = {
+        enable = true;
+        magicDNSDomain = tailscaleMagicDNS;
+        authKeyFile = config.age.secrets.tailscale-authKey.path;
+      };
+
+      caddy.enable = true;
     };
 
     virtualisation = {
@@ -38,11 +58,24 @@
   services = {
     openssh.enable = true;
 
-    prometheus = {
-      enable = true;
-    };
+    prometheus.scrapeConfigs = [
+      {
+        job_name = "metrics-host";
+        static_configs = [
+          { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+        ];
+      }
+    ];
 
+    prometheus.exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+      };
+    };
   };
 
+  networking.nameservers = [ "192.168.1.2" ];
+
   system.stateVersion = "24.05";
 }
diff --git a/modules/default.nix b/modules/default.nix
index b0b86ed..4f04743 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,6 +2,7 @@
   imports = [
     # Folders
     ./desktop
+    ./monitoring
     ./networking
     ./services
     ./systems
diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
new file mode 100644
index 0000000..4288fa8
--- /dev/null
+++ b/modules/monitoring/default.nix
@@ -0,0 +1 @@
+{ imports = [ ./prometheus.nix ]; }
diff --git a/modules/monitoring/prometheus.nix b/modules/monitoring/prometheus.nix
new file mode 100644
index 0000000..b98ff44
--- /dev/null
+++ b/modules/monitoring/prometheus.nix
@@ -0,0 +1,77 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+with lib;
+
+let
+  cfg = config.my.monitoring.prometheus;
+
+in
+{
+  options.my.monitoring.prometheus = {
+    enable = lib.mkEnableOption "Enable prometheus as a data scraper";
+
+    proxy = {
+      enable = lib.mkEnableOption "Set the proxy entry for this service";
+
+      domain = lib.mkOption {
+        default = "example.com";
+        type = lib.types.str;
+        description = ''
+          The domain where Caddy is reachable
+        '';
+      };
+
+      host = lib.mkOption {
+        default = "localhost";
+        type = lib.types.str;
+        description = ''
+          Host name where the download manager stack is running
+        '';
+      };
+
+    };
+
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+
+      services.prometheus = {
+        enable = true;
+        scrapeConfigs = [
+          {
+            job_name = "download-mgr-stack";
+            static_configs = [
+              {
+                targets = [
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-lidarr.port}"
+                  "localhost:${toString config.services.prometheus.exporters.exportarr-readarr.port}"
+                ];
+              }
+            ];
+          }
+        ];
+      };
+
+      networking.firewall.allowedTCPPorts = [ 9090 ];
+
+    })
+
+    (lib.mkIf (cfg.proxy != { }) {
+      services.caddy = with cfg.proxy; {
+        virtualHosts."prometheus.${domain}".extraConfig = ''
+          reverse_proxy http://${host}:9090
+          import cloudflare
+        '';
+      };
+    })
+  ];
+
+}
diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix
index 2789a34..1fb7140 100644
--- a/modules/networking/tailscale.nix
+++ b/modules/networking/tailscale.nix
@@ -1,7 +1,8 @@
-{ lib
-, config
-, pkgs
-, ...
+{
+  lib,
+  config,
+  pkgs,
+  ...
 }:
 with lib;
 let
@@ -26,6 +27,15 @@ in
       '';
     };
 
+    magicDNSDomain = mkOption {
+      type = types.str;
+      default = "";
+      example = "example.ts.net";
+      description = ''
+        This unique name is used when registering DNS entries, sharing your device to other tailnets, and issuing TLS certificates
+      '';
+    };
+
     exitNode = mkOption {
       type = types.str;
       default = "";
@@ -53,6 +63,12 @@ in
       useRoutingFeatures = if cfg.exitNode == "" then "none" else "both";
       extraUpFlags = [ "--exit-node=${cfg.exitNode}" ] ++ cfg.extraUpFlags;
     };
+
+    networking = {
+      nameservers = [ "100.100.100.100" ];
+      search = [ cfg.magicDNSDomain ];
+    };
+
   };
 
 }