diff --git a/defaults/main.yml b/defaults/main.yml
index 742c355..942c76a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -46,8 +46,9 @@ prometheus_agent:
       enable: False
       config:
         server:
-          disable: true
+          http_listen_address: '::1'
           http_listen_port: 9080
+          grpc_listen_address: '::1'
           grpc_listen_port: 0
         positions:
           filename: /var/lib/promtail/positions.yaml
diff --git a/templates/node-scraper.j2 b/templates/node-scraper.j2
index ca3d152..1db63b9 100644
--- a/templates/node-scraper.j2
+++ b/templates/node-scraper.j2
@@ -90,6 +90,28 @@
 {% endfor %}
 {% endif %}
 
+{% if prometheus_agent.scrapers[item].promtail|d(False) and prometheus_agent.agents.promtail.enable %}
+- job_name: "prometheus-agent - promtail : {{ inventory_hostname }}"
+  scheme: https
+{% for i in ['scrape_timeout', 'scrape_interval'] if prometheus_agent[i] %}
+  {{ i }}: {{ prometheus_agent[i] }}
+{% endfor %}
+  static_configs:
+  - targets:
+    - {{ inventory_hostname }}:{{ prometheus_agent.scrapers[item].promtail }}
+    labels: {{ merged_prometheus_labels|to_json }}
+  tls_config:
+    ca_file: /etc/prometheus/targetcerts/{{ inventory_hostname }}.crt
+    cert_file: /etc/ssl/prometheus_scraper.crt
+    key_file: /etc/ssl/private/prometheus_scraper.key
+  relabel_configs:
+  - source_labels: [__address__]
+    regex: '([^:]+):\d+'
+    target_label: instance
+  - replacement: 'promtail'
+    target_label: job
+{% endif %}
+
 {% for j in prometheus_agent.scrapers[item].proxy|d({}) %}
 - job_name: "prometheus-agent - proxy - {{ j }} : {{ inventory_hostname }}"
   scheme: https
diff --git a/templates/stunnel-client.conf.j2 b/templates/stunnel-client.conf.j2
index 2099242..8f51337 100644
--- a/templates/stunnel-client.conf.j2
+++ b/templates/stunnel-client.conf.j2
@@ -52,6 +52,19 @@ verifyPeer  = yes
 CAfile      = /etc/ssl/scraper_{{ i }}.crt
 {% endfor %}
 
+{% for i in prometheus_agent.scrapers if "promtail" in prometheus_agent.scrapers[i] and prometheus_agent.agents.promtail.enable %}
+; promtail
+[scraper {{ i }} promtail]
+client      = no
+requireCert = yes
+accept      = :::{{ prometheus_agent.scrapers[i].promtail }}
+connect     = {{ prometheus_agent.agents.promtail.config.server.http_listen_address|replace('[', '')|replace(']', '') }}:{{ prometheus_agent.agents.promtail.config.server.http_listen_port }}
+cert        = /etc/ssl/prometheus_agent.crt
+key         = /etc/ssl/private/prometheus_agent.key
+verifyPeer  = yes
+CAfile      = /etc/ssl/scraper_{{ i }}.crt
+{% endfor %}
+
 ; proxy
 {% for i in prometheus_agent.scrapers if "proxy" in prometheus_agent.scrapers[i] %}
 {% for j in prometheus_agent.scrapers[i].proxy|d({}) %}