diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml
index e522520..c5716bf 100644
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@@ -35,6 +35,8 @@ nfs_shares:
     path: /mnt/data/overleaf/redis
   - name: overleaf_mongodb
     path: /mnt/data/overleaf/mongodb
+  - name: prometheus_data
+    path: /mnt/data/prometheus/data
 
 database_passwords:
   nextcloud: !vault |
diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml
index 08378d8..a46c7d8 100644
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@@ -19,3 +19,4 @@
     - {role: pihole, tags: pihole}
     - {role: nextcloud, tags: nextcloud}
     - {role: syncthing, tags: syncthing}
+    - {role: prometheus, tags: prometheus}
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index ed3bd2b..eb97f58 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,12 +1,14 @@
-- name: setup_apt
-  src: https://github.com/sunscrapers/ansible-role-apt.git
-  scm: git
-- name: docker
-  src: https://git.kun.is/pim/ansible-role-docker
-  scm: git
-- name: cloudinit_wait
-  src: https://git.kun.is/pim/ansible-role-cloudinit-wait
-  scm: git
-- name: postgresql_database
-  src: https://git.kun.is/home/ansible-role-postgresql-database
-  scm: git
+---
+roles:
+  - name: setup_apt
+    src: https://github.com/sunscrapers/ansible-role-apt.git
+    scm: git
+  - name: docker
+    src: https://git.kun.is/pim/ansible-role-docker
+    scm: git
+  - name: cloudinit_wait
+    src: https://git.kun.is/pim/ansible-role-cloudinit-wait
+    scm: git
+  - name: postgresql_database
+    src: https://git.kun.is/home/ansible-role-postgresql-database
+    scm: git
diff --git a/ansible/roles/prometheus/docker-stack.yml.j2 b/ansible/roles/prometheus/docker-stack.yml.j2
new file mode 100644
index 0000000..a381d30
--- /dev/null
+++ b/ansible/roles/prometheus/docker-stack.yml.j2
@@ -0,0 +1,36 @@
+# vi: ft=yaml
+
+version: "3"
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/prometheus/data"
+
+services:
+  prometheus:
+    image: quay.io/prometheus/prometheus
+    networks:
+      - traefik
+    # volumes:
+    #   - type: volume
+    #     source: data
+    #     target: /prometheus
+    #     volume:
+    #       nocopy: true
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.prometheus.entrypoints=localsecure
+        - traefik.http.routers.prometheus.rule=Host(`metrics.kun.is`)
+        - traefik.http.routers.prometheus.tls=true
+        - traefik.http.routers.prometheus.tls.certresolver=letsencrypt
+        - traefik.http.routers.prometheus.service=prometheus
+        - traefik.http.services.prometheus.loadbalancer.server.port=9090
+        - traefik.docker.network=traefik
diff --git a/ansible/roles/prometheus/tasks/main.yml b/ansible/roles/prometheus/tasks/main.yml
new file mode 100644
index 0000000..dda2a32
--- /dev/null
+++ b/ansible/roles/prometheus/tasks/main.yml
@@ -0,0 +1,13 @@
+#- name: Create prometheus config
+#  docker_config:
+#    name: prometheus_config
+#    data: "{{ lookup('file', '{{ role_path }}/prometheus.yml') }}"
+#    use_ssh_client: true
+#    rolling_versions: true
+#  register: config
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: prometheus
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"