diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 6d9a51b2e62002044be0f04990c43e6fa6227b84..f00dabe6baaa76e4c34fa580f75e97f6ccd226b0 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -38,6 +38,8 @@ import ../../lib/make-grid.nix {
       monitoringvpnIPv4 = "172.23.23.1";
       inherit vpnClientIPs;
       inherit sshUsers;
+      nodeExporterHostNames = [ ];
+      nginxExporterHostNames = [ ];
       hardware = import ./virtual-hardware.nix ({ inherit publicIPv4; });
       stateVersion = "19.09";
     } // cfg);
diff --git a/morph/lib/make-monitoring.nix b/morph/lib/make-monitoring.nix
index a169732c8758c382600c303806e025d02aaa9487..93385f7e1f83aa18e7047c9e666f30fb2c6032b5 100644
--- a/morph/lib/make-monitoring.nix
+++ b/morph/lib/make-monitoring.nix
@@ -9,6 +9,8 @@
 , stateVersion
 , monitoringvpnIPv4
 , vpnClientIPs
+, nodeExporterHostNames
+, nginxExporterHostNames
 , ... }: rec {
 
   deployment = {
@@ -38,6 +40,7 @@
     hardware
     ../../nixos/modules/monitoring/vpn/server.nix
     ../../nixos/modules/monitoring/server/grafana.nix
+    ../../nixos/modules/monitoring/server/prometheus.nix
   ];
 
   services.private-storage.monitoring.vpn.server = {
@@ -52,5 +55,10 @@
     lokiUrl = "http://localhost:3100/";
   };
 
+  services.private-storage.monitoring.prometheus = {
+    nodeExporterTargets = nodeExporterHostNames;
+    nginxExporterTargets = nginxExporterHostNames;
+  };
+
   system.stateVersion = stateVersion;
 }
diff --git a/nixos/modules/monitoring/server/prometheus.nix b/nixos/modules/monitoring/server/prometheus.nix
index cffb126ddd3a80a715799bee6037f709adf97fc2..3a85bbd01049711bc6235fa30d5bf60f4a746e31 100644
--- a/nixos/modules/monitoring/server/prometheus.nix
+++ b/nixos/modules/monitoring/server/prometheus.nix
@@ -24,11 +24,11 @@ in {
   };
 
   config = rec {
-    networking.firewall.allowedTCPPorts = [ services.prometheus.port ];
+    # networking.firewall.allowedTCPPorts = [ services.prometheus.port ];
 
     services.prometheus = {
       enable = true;
-      port = 9090; # Option only in recent (20.09?) nixpkgs, 9090 default
+      # port = 9090; # Option only in recent (20.09?) nixpkgs, 9090 default
       scrapeConfigs = [
         {
           job_name = "node-exporters";