diff --git a/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-password.age b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-password.age
new file mode 100644
index 0000000..53a61ef
--- /dev/null
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget-password.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBQY3lv
+SG9kNkN1S3RZdE80cWJTd0k0UkdiNmZXT085Um9Vd0FGYWpObHc0CnQvVjF4L0xu
+ajNvQkFueVREaWxLWFhyNGkvL2ZlOHdEYXdTRkowbk9WUUUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIE5aT3ZlMDJjNkJaZmFDV3ZKSHo5UEhnTlM5dHk1R0dYSXFNOWxJ
+OThEaGcKcmNsMVUxaTI1b0FtbFdtMzlVYVZxcnllVmlwaDRuUkR4d3BNbm12eU5x
+OAotPiBzc2gtZWQyNTUxOSBuanZYNUEgR3BmQk5Nd0E3RC9UQ1ZoWmxTNlhubjVZ
+Vi8xL3V3YTNqUVh2ZVZrRkNtawpLaWhxY1FQajJZeGJzakd3ZDhrbmd4T2JNVlUy
+dzFOMGcwRmJML3hPTzRBCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBDNTQzZ0syVHNS
+TTJPUm9OMUcyNTY5VGZkNEVESmt2eVQrSzJlUEgwS0E4ClRqbk9FTGZNRG9zSHlC
+UXQyN0N1WDN4MHNrNFgrUjdQQUc4aU8xajRVdkEKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IHpiaEsvbCtwMlkyMWpJMS9XWExudDRpaE4xMmQ4eXIzU2RaTGd3TUg3eHMK
+anpIV01KVDdvZGI5M1dmME1KaC9jcFkrVlN4TmlXN21tUnhIYnlEMEdHcwotLS0g
+dy9LeGpiNkowQkNwOFNFeHUveGRveDRhajVtNEU3SWE0MEhOYTl6ZHM0QQq/Dg+2
+OrqL8yCAai3J8djSktSmhAc/jdbEnHVdl3943Enyrn+Zz2HcUe96RySrleCt+QxL
+Dezprhehi7jK7KmIAGOspicA0e/4GQ8txsb2fQ==
+-----END AGE ENCRYPTED FILE-----
diff --git a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget.nix
similarity index 65%
rename from platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
rename to platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget.nix
index 7df169d..f16a54d 100644
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget/actualbudget.nix
@@ -38,6 +38,7 @@ in
       "d /var/lib/actualbudget 0770 actualbudget shared"
     ];
 
+    # TODO: switch to NixOS service
     virtualisation.oci-containers.containers.actualbudget = {
       workdir = null;
       volumes = [ "/var/lib/actualbudget:/data" ];
@@ -61,6 +62,35 @@ in
       autoStart = true;
     };
 
+    virtualisation.oci-containers.containers.actualbudget-prometheus-exporter = {
+      workdir = null;
+      user = builtins.toString config.users.users.actualbudget.uid;
+      pull = "missing";
+      privileged = false;
+      ports = [ "127.0.0.1:${builtins.toString cfg.port}:5007" ];
+      networks = [ ];
+      log-driver = "journald";
+      labels = {
+        app = "actualbudget-prometheus-exporter";
+      };
+      image = "docker.io/sakowicz/actual-budget-prometheus-exporter:1.1.6";
+      hostname = null;
+      environmentFiles = [ config.secrets.actualbudget.dest ];
+      environment = {
+        ACTUAL_SERVER_URL = "http://127.0.0.1:5006";
+        ACTUAL_BUDGET_ID_1 = "My-Finances-1daef08";
+      };
+      dependsOn = [ "actualbudget" ];
+      autoStart = true;
+    };
+
+    secrets.actualbudget = {
+      source = ./actualbudget-password.age;
+      dest = "${config.secretsDirectory}/actualbudget-password";
+      owner = builtins.toString config.users.users.actualbudget.uid;
+      group = builtins.toString config.users.users.actualbudget.uid;
+    };
+
     # Allow web traffic to Caddy
     nmasur.presets.services.caddy.routes = [
       {