diff --git a/modules/services/loki-local-config.yml b/modules/services/loki-local-config.yml
new file mode 100644
index 0000000..f82fa97
--- /dev/null
+++ b/modules/services/loki-local-config.yml
@@ -0,0 +1,55 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+
+ingester:
+  lifecycler:
+    address: 0.0.0.0
+    ring:
+      kvstore:
+        store: inmemory
+      replication_factor: 1
+    final_sleep: 0s
+  chunk_idle_period: 1h       # Any chunk not receiving new logs in this time will be flushed
+  max_chunk_age: 1h           # All chunks will be flushed when they hit this age, default is 1h
+  chunk_target_size: 1048576  # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first
+  chunk_retain_period: 30s    # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
+  max_transfer_retries: 0     # Chunk transfers disabled
+
+schema_config:
+  configs:
+    - from: 2023-12-08
+      store: boltdb-shipper
+      object_store: filesystem
+      schema: v11
+      index:
+        prefix: index_
+        period: 24h
+
+storage_config:
+  boltdb_shipper:
+    active_index_directory: /var/lib/loki/boltdb-shipper-active
+    cache_location: /var/lib/loki/boltdb-shipper-cache
+    cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
+    shared_store: filesystem
+  filesystem:
+    directory: /var/lib/loki/chunks
+
+limits_config:
+  reject_old_samples: true
+  reject_old_samples_max_age: 168h
+
+chunk_store_config:
+  max_look_back_period: 0s
+
+table_manager:
+  retention_deletes_enabled: false
+  retention_period: 0s
+
+compactor:
+  working_directory: /var/lib/loki
+  shared_store: filesystem
+  compactor_ring:
+    kvstore:
+      store: inmemory
\ No newline at end of file
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
new file mode 100644
index 0000000..0c618f0
--- /dev/null
+++ b/modules/services/metrics.nix
@@ -0,0 +1,101 @@
+{ config, lib, pkgs, options, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.metrics;
+in {
+  options.modules.services.metrics = {
+    enable = mkEnableOption "enable grafana with loki, prometheus, and promtail";
+    domain = mkOption {
+      type = types.str;
+      default = "grafana.reidlab.online";
+    };
+    port = mkOption {
+      type = types.int;
+      default = 2342;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.promtail = {
+      description = "promtail, an agent for loki";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = ''
+          ${pkgs.grafana-loki}/bin/promtail --config.file ${./promtail.yml}
+        '';
+      };
+    };
+    services = {
+      grafana = {
+        enable = true;
+
+        settings = {
+          server = {
+            domain = cfg.domain;
+            http_port = cfg.port;
+            http_addr = "127.0.0.1";
+          };
+        };
+      };
+
+      prometheus = let
+        ports = {
+          base = 9001;
+          node = 9002;
+          nginx = 9003;
+        };
+      in {
+        enable = true;
+        port = ports.base;
+
+        exporters = {
+          node = {
+            enable = true;
+            enabledCollectors = [ "systemd" ];
+            port = ports.node;
+          };
+          nginx = {
+            enable = true;
+            port = ports.nginx;
+          };
+        };
+
+        scrapeConfigs = [
+          {
+            job_name = "nixos-server-reid";
+            static_configs = [{
+              targets = [
+                "127.0.0.1:${toString ports.node}"
+                "127.0.0.1:${toString ports.nginx}"
+              ];
+            }];
+          }
+        ];
+      };
+
+      loki = {
+        enable = true;
+        configFile = ./loki-local-config.yml;
+      };
+
+      nginx.statusPage = true;
+
+      nginx.virtualHosts."${cfg.domain}" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString cfg.port}";
+          proxyWebsockets = true;
+        };
+        locations."= /robots.txt" ={
+          extraConfig = ''
+            add_header Content-Type text/plain;
+            return 200 "User-agent: *\nDisallow: /\n";
+          '';
+        };
+      };
+    };
+  };
+}
diff --git a/readme.md b/readme.md
index 813af11..f9464ed 100755
--- a/readme.md
+++ b/readme.md
@@ -14,6 +14,4 @@ this flake is built for a multi-user experience per host, enforced by [`modules/
 - move common config such as bootloader and networking settings to [`default.nix`](./default.nix)
 - swap back to hardened kernel
 - leverage nixos-hardware
-- somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup - we can always give this up if needed
-- flake-parts
-- god im ruining everything for myself. maybe just make another repo for desktops
+- unscuff metrics