diff --git a/bundles/netdata/files/netdata.conf b/bundles/netdata/files/netdata.conf
new file mode 100644
index 0000000..9b7eb8c
--- /dev/null
+++ b/bundles/netdata/files/netdata.conf
@@ -0,0 +1,14 @@
+[global]
+    run as user = netdata
+    hostname = ${node.name}
+    memory mode = dbengine
+    page cache size = 128
+    dbengine multihost disk space = 2048
+
+[web]
+    web files owner = root
+    web files group = root
+    bind to = 0.0.0.0
+
+[registry]
+    enabled = no
diff --git a/bundles/netdata/items.py b/bundles/netdata/items.py
new file mode 100644
index 0000000..f8a5d40
--- /dev/null
+++ b/bundles/netdata/items.py
@@ -0,0 +1,17 @@
+files = {
+    '/etc/netdata/netdata.conf': {
+        'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:netdata:restart',
+        }
+    },
+}
+
+svc_systemd = {
+    'netdata': {
+        'needs': {
+            'pkg_apt:netdata',
+            'file:/etc/netdata/netdata.conf',
+        },
+    },
+}
diff --git a/bundles/netdata/metadata.py b/bundles/netdata/metadata.py
new file mode 100644
index 0000000..b019eb8
--- /dev/null
+++ b/bundles/netdata/metadata.py
@@ -0,0 +1,28 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'netdata': {},
+        },
+    },
+}
+
+
+@metadata_reactor
+def iptables(metadata):
+    interfaces = metadata.get('netdata/restrict_to_interfaces', set())
+    iptables = []
+
+    if len(interfaces):
+        for iface in sorted(interfaces):
+            iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 19999 -j ACCEPT')
+
+    else:
+        iptables.append('iptables -A INPUT -p tcp --dport 19999 -j ACCEPT')
+
+    return {
+        'iptables': {
+            'bundle_rules': {
+                'netdata': iptables,
+            },
+        },
+    }
diff --git a/nodes/home/nas.py b/nodes/home/nas.py
index bb398be..4c96ba0 100644
--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@@ -2,6 +2,7 @@ nodes['home.nas'] = {
     'hostname': '172.19.138.20',
     'bundles': {
         'backup-server',
+        'netdata',
         'nfs-server',
         'vmhost',
         'zfs',
diff --git a/nodes/home/router.py b/nodes/home/router.py
index 0b4eaed..124e4ba 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -4,6 +4,7 @@ nodes['home.router'] = {
     'hostname': '172.19.138.1',
     'bundles': {
         'iptables',
+        'netdata',
         'pppd',
         'radvd',
         'dhcpd',
@@ -52,6 +53,11 @@ nodes['home.router'] = {
         'nameservers': atomic({
             '9.9.9.10',
         }),
+        'netdata': {
+            'restrict-to-interfaces': {
+                'enp1s0.42',
+            },
+        },
         'radvd': {
             'integrate-with-pppd': True,
             'interfaces': {