diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..b69fd0fcbdd6d71da22b50da25fd0ef51deb7179
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.tar.gz
+tmp/
+sha256sums.txt
diff --git a/install-node_exporter.sh b/install-node_exporter.sh
new file mode 100755
index 0000000000000000000000000000000000000000..c31cd88eacab77035558e7207c28ade2299f3920
--- /dev/null
+++ b/install-node_exporter.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+ver="1.6.1"
+file="node_exporter-${ver}.linux-amd64.tar.gz"
+sha256=sha256sums.txt
+
+# cd to the script directory, in case the user has run it from another directory
+sriptdir=$(cd "$(dirname "$0")" && pwd)
+cd $sriptdir
+
+if [[ ! -f $file ]]; then
+  echo "Downloading $file from Github"
+  curl -L https://github.com/prometheus/node_exporter/releases/download/v${ver}/${file} -o $file
+fi
+
+echo "Downloading the $sha256 checksum file"
+curl -L https://github.com/prometheus/node_exporter/releases/download/v${ver}/$sha256 -o $sha256
+
+if ! grep $file $sha256 | sha256sum -c -; then
+	echo "checksum failed for $file, exitting" >&2
+	exit 1
+else
+	echo "Checksum of $file: OK"
+fi
+
+if [[ ! -d tmp/${file%.tar.gz} ]]; then
+	echo "Extracting $file to tmp/"
+  tar -zxf $file -C tmp/
+fi
+
+echo "Adding system user: node_exporter"
+useradd -rs /bin/false node_exporter
+
+echo "Copying node_exporter binary to /usr/local/bin"
+systemctl is-active --quiet node_exporter.service && systemctl stop node_exporter.service
+cp tmp/${file%.tar.gz}/node_exporter /usr/local/bin/
+chown root:root /usr/local/bin/node_exporter
+
+echo "Creating /etc/systemd/system/node_exporter.service file"
+cp node_exporter.service /etc/systemd/system/
+
+echo "Starting node_exporter.service"
+systemctl daemon-reload
+systemctl enable node_exporter.service
+systemctl start node_exporter.service
+
+## Host based firewall rules to allow incoming scrapes on `9100/tcp`
+## from the Prometheus public IP
+
+#echo "Creating firewalld rule to allow Prometheus server access to 9100/tcp"
+#firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="172.20.0.99" port protocol="tcp" port="9100" accept'
+#firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="172.20.0.99" port protocol="tcp" port="9100" accept'
diff --git a/node_exporter.service b/node_exporter.service
new file mode 100644
index 0000000000000000000000000000000000000000..724dd2c67da477f0077f5cf2fed3a4cea4b43b0a
--- /dev/null
+++ b/node_exporter.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Node Exporter
+After=network.target
+
+[Service]
+User=node_exporter
+Group=node_exporter
+Type=simple
+ExecStart=/usr/local/bin/node_exporter --collector.filesystem.mount-points-exclude "^/(dev|proc|run/user/.+|run/credentials/.+|sys|var/lib/docker/.+)($|/)" --collector.filesystem.fs-types-exclude "^(autofs|binfmt_misc|bpf|cgroup|tmpfs|sunrpc|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"
+
+[Install]
+WantedBy=multi-user.target