diff --git a/constants.nix b/constants.nix
index 7b3578e..aeb5aea 100644
--- a/constants.nix
+++ b/constants.nix
@@ -38,7 +38,7 @@ rec {
       port = 8085;
     };
     netdata = {
-      # fqdn = "mon." + domain;
+      fqdn = "mon." + domain;
       port = 19999;
     };
     open-webui-oci = {
diff --git a/hosts/sid/services/netdata.nix b/hosts/sid/services/netdata.nix
index 5cec75d..f4b504f 100644
--- a/hosts/sid/services/netdata.nix
+++ b/hosts/sid/services/netdata.nix
@@ -1,11 +1,32 @@
 {
   config,
+  constants,
+  lib,
   pkgs,
   ...
 }:
 
 let
   email = "sid@${config.networking.domain}";
+
+  netdata-dashboard = pkgs.stdenvNoCC.mkDerivation {
+    pname = "netdata-dashboard";
+    version = "2.31.0";
+
+    src = pkgs.fetchurl {
+      url = "https://github.com/netdata/dashboard/releases/download/v2.31.0/dashboard.tar.gz";
+      hash = "sha256-n7M7Y8LIb4tbgQ8wQIr5bMKxLT5fPDID5LnX47ayH/o=";
+    };
+
+    dontUnpack = true;
+
+    installPhase = ''
+      mkdir -p $out
+      tar -xzf $src --strip-components=1 -C $out
+    '';
+
+    meta.license = lib.licenses.gpl3Only;
+  };
 in
 {
   services.netdata = {
@@ -34,6 +55,21 @@ in
     NETDATA_USER_CONFIG_DIR = "/etc/netdata/conf.d";
   };
 
+  services.nginx.virtualHosts."${constants.services.netdata.fqdn}" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      root = netdata-dashboard;
+      tryFiles = "$uri $uri/ /index.html";
+    };
+
+    locations."~ ^/(api|v[0-9]+|netdata.conf|registry|stream)(/|$)" = {
+      proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
+      recommendedProxySettings = true;
+    };
+  };
+
   services.journald.storage = "persistent";
 
   users.users.netdata.extraGroups = [ "systemd-journal" ];