{
  project.name = "stats";

  networks.dmz = {
    name = "dmz";
    external = true;
  };
  networks.internal = {};

  services = {
    grafana.service = {
      image = "grafana/grafana:10.4.4";
      user = "1000";
      container_name = "grafana";
      labels = {
        "traefik.enable" = "true";

        "traefik.http.services.grafana.loadbalancer.server.port" = "3000";
        "traefik.http.routers.grafana.service" = "grafana";
        "traefik.http.routers.grafana.rule" = "Host(`grafana.ghoscht.com`)";
        "traefik.http.routers.grafana.entrypoints" = "websecure";
        "traefik.http.routers.grafana.tls" = "true";
        "traefik.http.routers.grafana.tls.certresolver" = "letsencrypt";
      };
      volumes = [
        "/storage/dataset/docker/stats/grafana_data:/var/lib/grafana"
      ];
      networks = [
        "dmz"
        "internal"
      ];
    };
    loki.service = {
      image = "grafana/loki:3.0.0";
      volumes = [
        "/storage/dataset/docker/stats/loki_data:/etc/loki"
      ];
      ports = [
        "3100:3100"
      ];
      command = "-config.file=/etc/loki/loki-config.yml";
      networks = [
        "internal"
      ];
    };
    promtail.service = {
      image = "grafana/promtail:3.0.0";
      volumes = [
        "/var/log:/var/log"
        "/storage/dataset/docker/stats/promtail_data:/etc/promtail"
      ];
      command = "-config.file=/etc/promtail/promtail-config.yml";
      networks = [
        "internal"
      ];
    };
  };
}