{config, ...}: let
  vars = import ../../../../vars.nix;
in {
  virtualisation.arion = {
    projects.stats.settings = {
      imports = [./arion-compose.nix];
    };
  };

  sops.secrets."stats/oidc_client_id" = {
    owner = vars.user;
  };
  sops.secrets."stats/oidc_client_secret" = {
    owner = vars.user;
  };

  sops.templates."grafana.env" = {
    path = "/home/${vars.user}/.docker/stats/grafana.env";
    owner = vars.user;
    mode = "0775";
    content = ''
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID="${config.sops.placeholder."stats/oidc_client_id"}"
      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET="${config.sops.placeholder."stats/oidc_client_secret"}"
    '';
  };

  # systemd.services.add-loki-logging-driver = {
  #   description = "Add grafana loki docker driver";
  #   after = ["network.target"];
  #   wantedBy = ["multi-user.target"];
  #
  #   serviceConfig.Type = "oneshot";
  #   script = let
  #     dockercli = "${config.virtualisation.docker.package}/bin/docker";
  #   in ''
  #     # Put a true at the end to prevent getting non-zero return code, which will
  #     # crash the whole service.
  #     check=$(${dockercli} plugin ls | grep "loki" || true)
  #     if [ -z "$check" ]; then
  #       ${dockercli} plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
  #     else
  #       echo "loki docker driver already exists in docker"
  #     fi
  #   '';
  # };

  # virtualisation.docker.daemon.settings = {
  #   debug = true;
  #   log-driver = "loki";
  #   log-opts = {
  #     loki-url = "http://localhost:3100/loki/api/v1/push";
  #     loki-batch-size = "400";
  #     loki-max-backoff = "800ms";
  #     loki-retries = "2";
  #     loki-timeout = "1s";
  #     keep-file = "true";
  #   };
  # };
}