diff --git a/hosts/jokum/services/matrix/synapse.nix b/hosts/jokum/services/matrix/synapse.nix
index 4e4652e..a88aa24 100644
--- a/hosts/jokum/services/matrix/synapse.nix
+++ b/hosts/jokum/services/matrix/synapse.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, values, ... }:
 
 let
   cfg = config.services.matrix-synapse-next;
@@ -190,6 +190,10 @@ in {
   ({
     locations."/metrics/master/1" = {
       proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
+      extraConfig = ''
+        allow ${values.ildkule.ipv4};
+        deny all;
+      '';
     };
 
     locations."/metrics/" = let
@@ -209,6 +213,10 @@ in {
           { targets = endpoints;
             labels = { };
           }]) + "/";
+      extraConfig = ''
+        allow ${values.ildkule.ipv4};
+        deny all;
+      '';
     };
   })];
 }
diff --git a/misc/metrics-exporters.nix b/misc/metrics-exporters.nix
index 7d0b929..35c220d 100644
--- a/misc/metrics-exporters.nix
+++ b/misc/metrics-exporters.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, values, ... }:
 
 {
   services.prometheus.exporters.node = {
@@ -7,6 +7,11 @@
     enabledCollectors = [ "systemd" ];
   };
 
+  systemd.services.prometheus-node-exporter.serviceConfig = {
+    IPAddressDeny = "any";
+    IPAddressAllow = values.ildkule.ipv4;
+  };
+
   services.promtail = {
     enable = true;
     configuration = {