diff --git a/build/pluto/prometheus/default.nix b/build/pluto/prometheus/default.nix
index 3a43a876..e3ddac3d 100644
--- a/build/pluto/prometheus/default.nix
+++ b/build/pluto/prometheus/default.nix
@@ -13,6 +13,7 @@
     ./exporters/matrix-synapse.nix
     ./exporters/nixos.nix
     ./exporters/node.nix
+    ./exporters/owncast.nix
     ./exporters/packet-sd.nix
     ./exporters/packet-spot-market.nix
     ./exporters/postgresql.nix
diff --git a/build/pluto/prometheus/exporters/node.nix b/build/pluto/prometheus/exporters/node.nix
index 393d8a39..0b54dd53 100644
--- a/build/pluto/prometheus/exporters/node.nix
+++ b/build/pluto/prometheus/exporters/node.nix
@@ -18,6 +18,13 @@
             labels.role = "monitoring";
             targets = [ "pluto:9100" ];
           }
+          {
+            labels.role = "services";
+            targets = [
+              "caliban.nixos.org:9100"
+              "umbriel.nixos.org:9100"
+            ];
+          }
           {
             labels.role = "mac";
             targets = [
diff --git a/build/pluto/prometheus/exporters/owncast.nix b/build/pluto/prometheus/exporters/owncast.nix
new file mode 100644
index 00000000..3b9b583e
--- /dev/null
+++ b/build/pluto/prometheus/exporters/owncast.nix
@@ -0,0 +1,22 @@
+{ config, ... }:
+
+{
+  age.secrets.owncast-admin-password = {
+    file = ../../../secrets/owncast-admin-password.age;
+    owner = "prometheus";
+    group = "prometheus";
+  };
+
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "owncast";
+      metrics_path = "/api/admin/prometheus";
+      basic_auth = {
+        username = "admin";
+        password_file = config.age.secrets.owncast-admin-password.path;
+      };
+      scheme = "https";
+      static_configs = [ { targets = [ "live.nixos.org:443" ]; } ];
+    }
+  ];
+}
diff --git a/build/secrets.nix b/build/secrets.nix
index d6402cb5..edb310f4 100644
--- a/build/secrets.nix
+++ b/build/secrets.nix
@@ -6,6 +6,7 @@ let
     fastly-read-only-api-token = [ machines.pluto ];
     hydra-mirror-aws-credentials = [ machines.pluto ];
     hydra-mirror-git-credentials = [ machines.pluto ];
+    owncast-admin-password = [ machines.pluto ];
     packet-sd-env = [ machines.pluto ];
     pluto-backup-secret = [ machines.pluto ];
     pluto-backup-ssh-key = [ machines.pluto ];
diff --git a/build/secrets/owncast-admin-password.age b/build/secrets/owncast-admin-password.age
new file mode 100644
index 00000000..9ef53ddd
--- /dev/null
+++ b/build/secrets/owncast-admin-password.age
@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 s9hT2g zQ6WzOL+1nkg75J8o4SCxzvVZi6gYdSkUSCd+f0oUQk
+dxItcKGnxUUhzuQWUNs3hmJwPaJF8Rhn4FJbom9tc0A
+-> ssh-ed25519 Gr9EaQ USWQtUTQsy1B1p4rGOgdfBYg2ch0fDAxHRA7m6gj9ho
+UCA2ExE91+5aMHiRk2OmU4NSPySTzEWtXTpmN/q9RI0
+-> ssh-ed25519 3ENwVg 3dpO8ExOR5pr9aIuRjzO7+JEJWCMfDawefoHNcyw0S8
+zF9V5KuZU6hiCtxzYDfrZ1tO6dU3HRZtjQz7ihteBG8
+-> ssh-rsa MuWD+w
+ewDKxmREQzA0Ryc1CfXZ3DnctZ3LjdYhFZuEY97nQdywX4yrijjY/KecNpgI3AKy
+yjBdS1cvrlXW5JY40kvwNGnsC2wAL74ccrBBxkPFxbenOTU8xdUBBSXLj3Ad392I
+RvepOJBVg4i6JvBKZXfuDVEKijcmuuaa7QGfnnIawhGOu1crltU+SPW48V2ryH1N
+xG35dle3FoND9jWoxsf6Ftznyn96pqj1t3g5BJYPvofaO8iqkBQr/zbQjimQm10n
+HzIF9S7qf5I8kadvRFPf6nd7nWDCaT0LeSwzc4hA0FzqrfzU0VvM/K/XdO9hFR3N
+K3kxQZg43pae4nt5Eqn1iA
+-> ssh-ed25519 92bXiA hggcpARKLg5rZ3zufQO/ArpFFd2eEfMdCBvuvjJSOX8
+seMbAuoEf5X7tjS2rPfQoBS45Vyy2Im8EBn32zDeJz4
+--- Y10ci1xFNmo/Hnf+XctF0uDe82ZLV0yPI9n5qcREOpg
+ž½…?/ŽÉÕÿ³ZÙð¹må– $j;0‹€wo-Ý{œ÷KÖ›ª`AG\v~Ï0Ù¹I÷4õ'7ÜD§d
\ No newline at end of file
diff --git a/non-critical-infra/hosts/caliban.nixos.org/default.nix b/non-critical-infra/hosts/caliban.nixos.org/default.nix
index 561bc7f0..159504c6 100644
--- a/non-critical-infra/hosts/caliban.nixos.org/default.nix
+++ b/non-critical-infra/hosts/caliban.nixos.org/default.nix
@@ -11,6 +11,7 @@
     ../../modules/element-web.nix
     ../../modules/matrix-synapse.nix
     ../../modules/owncast.nix
+    ../../modules/prometheus/node-exporter.nix
     ../../modules/vaultwarden.nix
     ./limesurvey-tmp.nix
   ];
diff --git a/non-critical-infra/hosts/umbriel.nixos.org/default.nix b/non-critical-infra/hosts/umbriel.nixos.org/default.nix
index da0aed92..63503c85 100644
--- a/non-critical-infra/hosts/umbriel.nixos.org/default.nix
+++ b/non-critical-infra/hosts/umbriel.nixos.org/default.nix
@@ -7,6 +7,7 @@
     inputs.srvos.nixosModules.hardware-hetzner-cloud-arm
     ../../modules/common.nix
     ../../modules/mjolnir.nix
+    ../../modules/prometheus/node-exporter.nix
   ];
 
   # Bootloader.
diff --git a/non-critical-infra/modules/prometheus/node-exporter.nix b/non-critical-infra/modules/prometheus/node-exporter.nix
new file mode 100644
index 00000000..13c07e40
--- /dev/null
+++ b/non-critical-infra/modules/prometheus/node-exporter.nix
@@ -0,0 +1,8 @@
+{
+  networking.firewall.allowedTCPPorts = [ 9100 ];
+
+  services.prometheus.exporters.node = {
+    enable = true;
+    enabledCollectors = [ "systemd" ];
+  };
+}