diff --git a/nixos/common/modules/dns.nix b/nixos/common/modules/dns.nix
index b173ff2..8d375ec 100644
--- a/nixos/common/modules/dns.nix
+++ b/nixos/common/modules/dns.nix
@@ -22,8 +22,17 @@ in {
     openFirewall = mkOption {
       type = types.bool;
       default = false;
-      description = ''
+      description = lib.mdDoc ''
         Whether to open port 53 in the firwall for unbound dns
+        And `services.prometheus.exporters.unbound.port` for metrics (if enabled).
+      '';
+    };
+
+    enableMetrics = mkOption {
+      type = types.bool;
+      default = cfg.mode == "server";
+      description = ''
+        Enable prometheus metrics
       '';
     };
 
@@ -38,12 +47,19 @@ in {
 
   config = mkIf cfg.enable {
     networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [ 53 ];
+      allowedTCPPorts = [ 53 ] ;
       allowedUDPPorts = [ 53 ];
     };
+    services.prometheus.exporters.unbound = mkIf cfg.enableMetrics {
+      enable = true;
+      openFirewall = cfg.openFirewall;
+      controlInterface = config.services.unbound.localControlSocketPath;
+      group = config.services.unbound.group;
+    };
     services.unbound = {
       enable = true;
       package = pkgs.v.unbound;
+      localControlSocketPath = mkIf cfg.enableMetrics "/run/unbound/unbound.socket";
       settings = {
         server = mkMerge [
           {
diff --git a/nixos/hosts/olympus/dex/configuration.nix b/nixos/hosts/olympus/dex/configuration.nix
index 966a687..0c77f11 100644
--- a/nixos/hosts/olympus/dex/configuration.nix
+++ b/nixos/hosts/olympus/dex/configuration.nix
@@ -8,6 +8,7 @@ let
   db_user = "dex";
   db_name = "dex";
   inherit (config.meta.exposes.dex) port;
+  metricsPort = 5558;
 in {
   imports = [ ];
 
@@ -19,7 +20,7 @@ in {
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "23.05"; # Did you read the comment?
 
-  networking.firewall.allowedTCPPorts = [ port ];
+  networking.firewall.allowedTCPPorts = [ port metricsPort ];
 
   services.postgresql = {
     enable = true;
@@ -49,6 +50,7 @@ in {
         };
       };
       web.http = "0.0.0.0:${toString port}";
+      telemetry.http = "0.0.0.0:${toString metricsPort}";
 
       connectors = [{
         type = "gitea";
diff --git a/nixos/hosts/olympus/victoriametrics/configuration.nix b/nixos/hosts/olympus/victoriametrics/configuration.nix
index 7fed0a2..1b88cf5 100644
--- a/nixos/hosts/olympus/victoriametrics/configuration.nix
+++ b/nixos/hosts/olympus/victoriametrics/configuration.nix
@@ -72,6 +72,20 @@ in {
             labels.app = "ntfy";
           }];
         }
+        {
+          job_name = "dex";
+          static_configs = [{
+            targets = [ "dex.olympus:5558" ];
+            labels.app = "dex";
+          }];
+        }
+        {
+          job_name = "unbound";
+          static_configs = [{
+            targets = [ "dns-1.olympus:9167" "dns-2.olympus:9167" ];
+            labels.app = "dns";
+          }];
+        }
       ];
     };
   };