diff --git a/common/tailscale.nix b/common/tailscale.nix
index 9722175..ce17357 100644
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@@ -1,3 +1,4 @@
 { ... }: {
   services.tailscale.enable = true;
+  networking.firewall.trustedInterfaces = ["tailsacle0"];
 }
diff --git a/roles/postgres.nix b/roles/postgres.nix
index 6811df5..464a7b1 100644
--- a/roles/postgres.nix
+++ b/roles/postgres.nix
@@ -35,4 +35,9 @@
       host all       all     ::1/128        scram-sha-256
     '';
   };
+
+  services.prometheus.exporters.postgres = {
+    enable = true;
+    runAsLocalSuperUser = true;
+  };
 }