diff --git a/Justfile b/Justfile
index 8e5c2da8..20d3bd79 100644
--- a/Justfile
+++ b/Justfile
@@ -107,7 +107,7 @@ ruby:
 kana:
   colmena apply --on '@kana'
 
-tailscale_gw:
+tsgw:
   colmena apply --on '@tailscale_gw'
 
 pve-image:
diff --git a/hosts/homelab_tailscale_gw/proxy.nix b/hosts/homelab_tailscale_gw/proxy.nix
index b4ff387a..16097029 100644
--- a/hosts/homelab_tailscale_gw/proxy.nix
+++ b/hosts/homelab_tailscale_gw/proxy.nix
@@ -1,10 +1,34 @@
 {
-  # dae(running on aquamarine) do not provides http/socks5 proxy server, so we use v2ray here.
-  # https://github.com/v2fly
+  # dae(running on aquamarine) do not provides http/socks5 proxy server; so we use v2ray here.
+  # https=//github.com/v2fly
   services.v2ray = {
     enable = true;
     config = {
+      # for monitoring
+      "stats" = {};
+      "api" = {
+        "tag" = "api";
+        "services" = [
+          "StatsService"
+        ];
+      };
+      "policy" = {
+        "levels" = {
+          "0" = {
+            "statsUserUplink" = true;
+            "statsUserDownlink" = true;
+          };
+        };
+        "system" = {
+          "statsInboundUplink" = true;
+          "statsInboundDownlink" = true;
+          "statsOutboundUplink" = true;
+          "statsOutboundDownlink" = true;
+        };
+      };
+
       inbounds = [
+        # core inbound
         {
           listen = "0.0.0.0";
           port = 7890;
@@ -19,6 +43,17 @@
             udp = true;
           };
         }
+
+        # for monitoring
+        {
+          "tag" = "api";
+          "listen" = "127.0.0.1";
+          "port" = 54321;
+          "protocol" = "dokodemo-door";
+          "settings" = {
+            "address" = "127.0.0.1";
+          };
+        }
       ];
       outbounds = [
         # forward traffic directly via system's default network(to dae proxy running on aquamarine)
@@ -27,6 +62,28 @@
           tag = "freedom";
         }
       ];
+
+      # for monitoring
+      "routing" = {
+        "rules" = [
+          {
+            "inboundTag" = [
+              "api"
+            ];
+            "outboundTag" = "api";
+            "type" = "field";
+          }
+        ];
+      };
     };
   };
+
+  # https://github.com/wi1dcard/v2ray-exporter
+  services.prometheus.exporters.v2ray = {
+    enable = true;
+    listenAddress = "0.0.0.0";
+    port = 9153;
+    openFirewall = false;
+    v2rayEndpoint = "127.0.0.1:54321";
+  };
 }
diff --git a/hosts/idols_aquamarine/router.nix b/hosts/idols_aquamarine/router.nix
index 5affe9a0..4a887b53 100644
--- a/hosts/idols_aquamarine/router.nix
+++ b/hosts/idols_aquamarine/router.nix
@@ -165,6 +165,14 @@ in {
     };
   };
 
+  # monitoring with prometheus
+  services.prometheus.exporters.dnsmasq = {
+    enable = true;
+    listenAddress = "0.0.0.0";
+    port = 9153;
+    openFirewall = false;
+  };
+
   # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of
   # letting the first CPU core to handle everything.
   # This is supposed to increase performance by hitting CPU cache more often.