diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml
index 8719e89..8311c56 100644
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@@ -130,4 +130,76 @@
     - { regexp: '^PasswordAuthentication', line: 'PasswordAuthentication no' }
     - { regexp: '^PermitRootLogin', line: 'PermitRootLogin prohibit-password' }
     - { regexp: '^PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
-  notify: restart ssh
\ No newline at end of file
+  notify: restart ssh
+
+  # ========== Node Exporter Installation ==========
+- name: Create node_exporter system user
+  ansible.builtin.user:
+    name: node_exporter
+    system: yes
+    shell: /usr/sbin/nologin
+    create_home: no
+
+- name: Download and extract node_exporter binary
+  ansible.builtin.unarchive:
+    src: "https://github.com/prometheus/node_exporter/releases/download/v1.8.2/node_exporter-1.8.2.linux-amd64.tar.gz"
+    dest: /tmp
+    remote_src: yes
+    creates: /usr/local/bin/node_exporter
+
+- name: Install node_exporter binary
+  ansible.builtin.copy:
+    src: /tmp/node_exporter-1.8.2.linux-amd64/node_exporter
+    dest: /usr/local/bin/node_exporter
+    owner: root
+    group: root
+    mode: '0755'
+    remote_src: yes
+
+- name: Create textfile collector directory
+  ansible.builtin.file:
+    path: /var/lib/node_exporter/textfile_collector
+    state: directory
+    owner: node_exporter
+    group: node_exporter
+    mode: '0755'
+
+- name: Deploy node_exporter systemd service
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Node Exporter
+      After=network.target
+
+      [Service]
+      Type=simple
+      User=node_exporter
+      ExecStart=/usr/local/bin/node_exporter \
+        --collector.systemd \
+        --collector.processes \
+        --collector.textfile.directory=/var/lib/node_exporter/textfile_collector \
+        --web.listen-address=:9100
+      Restart=always
+      RestartSec=5
+
+      [Install]
+      WantedBy=multi-user.target
+    dest: /etc/systemd/system/node_exporter.service
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Reload systemd and start node_exporter
+  ansible.builtin.systemd:
+    name: node_exporter
+    state: started
+    enabled: yes
+    daemon_reload: yes
+
+- name: Allow port 9100 in ufw (if enabled)
+  ansible.builtin.ufw:
+    rule: allow
+    port: 9100
+    proto: tcp
+    comment: "Prometheus Node Exporter"
+  when: ansible_facts.services["ufw.service"] is defined and ansible_facts.services["ufw.service"]["state"] == "running"
\ No newline at end of file