{ config, pkgs, hostname, ... }: {
  # Promtail Logging
  
  # Set up the secret for the password:
  sops.secrets."services/promtail" = {
    owner = "promtail";
    sopsFile = ../../../secrets/secrets.yaml;
    restartUnits = [ "promtail.service" ];
  };

  # Install the package
  environment.systemPackages = with pkgs; [
    promtail
  ];

  # Configure the package:
  # https://mynixos.com/nixpkgs/option/services.promtail.configuration
  services.promtail = {
    enable = true;
    configuration = {
      server = {
        http_listen_port = 3031;
        grpc_listen_port = 0;
      };
      positions = {
        filename = "/tmp/positions.yaml";
      };
      clients = [{
        url = "https://loki.sysctl.io/loki/api/v1/push";
        basic_auth = {
          username = "loki-sa";
          password_file = config.sops.secrets."services/promtail".path;
        };
      }];
      scrape_configs = [{
        job_name = "journal";
        journal = {
          max_age = "12h";
          labels = {
            job = "systemd-journal";
            host = "${hostname}";
          };
        };
        relabel_configs = [{
          source_labels = [ "__journal__systemd_unit" ];
          target_label = "unit";
        }];
      }];
    };
  };
}