diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 63e61e4..30ed09b 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -223,6 +223,15 @@ secret_pleroma_signing_salt: !vault |
           3563396435643363620a646337346561393863366361643536356363626334343264343861663131
           3466
 
+# For PostgreSQL
+secret_postgresql_monitoring_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30346136383035313162316264356632396564353732346638363133396630363664363433653762
+          3031373836393536393662393833303935306339666666620a396162643861663639643064346433
+          33303865353332353565383635353466626430363933316330373338313833626633626637323161
+          3135313737356434610a373664303334393733313666336263383864383139373265366135626262
+          62626239303335666135333439316239383230653234343261313838333234396465
+
 # For SNMP
 secret_snmp_internal_username: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/playbooks/db.yml b/playbooks/db.yml
index 4377099..f510d2d 100755
--- a/playbooks/db.yml
+++ b/playbooks/db.yml
@@ -10,7 +10,7 @@
       vars:
         postgresql_global_config_options:
           - option: listen_addresses
-            value: 192.168.164.156
+            value: 192.168.164.156,127.0.0.1
           - option: max_connections
             value: 60
           - option: shared_buffers
@@ -27,6 +27,8 @@
             password: "{{ secret_gitea_db_pass }}"
           - name: gulagbot-desultd
             password: "{{ secret_gulagbot_db_pass }}"
+          - name: nagios
+            password: "{{ secret_postgresql_monitoring_password }}"
           - name: netbox-desultd
             password: "{{ secret_netbox_db_pass }}"
           - name: nextcloud-desultd
diff --git a/playbooks/nrpe.yml b/playbooks/nrpe.yml
index 14c4455..fb92130 100755
--- a/playbooks/nrpe.yml
+++ b/playbooks/nrpe.yml
@@ -28,6 +28,9 @@
           check_load:
             script: check_load
             option: -r -w 0.8,0.8,0.8 -c 1.0,0.9,0.9
+          check_pgsql:
+            script: check_pgsql
+            option: "-H localhost -l nagios -p {{ secret_postgresql_monitoring_password }} -w 2 -c 5
           check_swap:
             script: check_swap
             option: -w 20% -c 10%
diff --git a/playbooks/tasks/web/nagios-hosts.cfg.j2 b/playbooks/tasks/web/nagios-hosts.cfg.j2
index a032a31..9c6a2e1 100644
--- a/playbooks/tasks/web/nagios-hosts.cfg.j2
+++ b/playbooks/tasks/web/nagios-hosts.cfg.j2
@@ -145,13 +145,18 @@ define service {
 	check_command		check_nrpe!check_systemd_docker_service
 	hostgroup_name		nagios-nrpe
 }
-# Swap
 define service {
 	use			ansible-generic-service
 	service_description	Swap Usage
 	check_command		check_nrpe!check_swap
 	hostgroup_name		nagios-nrpeswap
 }
+define service {
+	use			ansible-generic-service
+	service_description	PostgreSQL
+	check_command		check_nrpe!check_pgsql
+	hostgroup_name		nagios-checkpgsql
+}
 
 # Hostgroups
 # Everything here is dynamically-generated based on tags from Netbox