diff --git a/.secrets.baseline b/.secrets.baseline
index e12a6d0..3756304 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -100,10 +100,10 @@
         "filename": "cache.nomad",
         "hashed_secret": "d969831eb8a99cff8c02e681f43289e5d3d69664",
         "is_verified": false,
-        "line_number": 181,
+        "line_number": 186,
         "is_secret": false
       }
     ]
   },
-  "generated_at": "2021-12-29T07:57:30Z"
+  "generated_at": "2022-05-23T07:45:11Z"
 }
diff --git a/alertmanager.nomad b/alertmanager.nomad
index 50ec74d..40dd765 100644
--- a/alertmanager.nomad
+++ b/alertmanager.nomad
@@ -2,7 +2,11 @@ job "alertmanager" {
   datacenters = ["dc1"]
 
   type = "service"
-
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   group "alerting" {
     count = 1
 
diff --git a/cache.nomad b/cache.nomad
index 7d1bbd4..bdcabe4 100644
--- a/cache.nomad
+++ b/cache.nomad
@@ -1,6 +1,11 @@
 job "cache" {
   datacenters = ["dc1"]
   type = "service"
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   constraint {
      attribute = "${attr.kernel.name}"
      value     = "linux"
diff --git a/fabio.nomad b/fabio.nomad
index aa5f555..6f672e1 100644
--- a/fabio.nomad
+++ b/fabio.nomad
@@ -1,7 +1,11 @@
 job "fabio" {
   datacenters = ["dc1"]
   type = "system"
-
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   group "fabio" {
     network {
       port "lb" {
@@ -20,7 +24,7 @@ job "fabio" {
         mode = "file"
       }
 
-      driver = "raw_exec"
+      driver = "exec"
 
       config {
         command = "local/fabio"
diff --git a/grafana.nomad b/grafana.nomad
index 23a987f..1849347 100644
--- a/grafana.nomad
+++ b/grafana.nomad
@@ -1,60 +1,101 @@
+variable "grafana_version" {
+  type = string
+  default = "8.5.0"
+  description = "Grafana version"
+}
+
+// locals {
+//   grafana_arm = "https://dl.grafana.com/oss/release/grafana-${var.grafana_version}.linux-armv6.tar.gz"
+//   grafana_64 = "https://dl.grafana.com/oss/release/grafana-${var.grafana_version}.linux-arm64.tar.gz"
+//   grafana_url = "${attr.cpu.arch == "arm64" ? local.grafana_64 : local.grafana_arm}"
+// }
+
 job "dashboard" {
-  datacenters = ["dc1"]
 
+  datacenters = ["dc1"]
   type = "service"
 
   # Select ARMv7 machines
   constraint {
     attribute = "${attr.cpu.arch}"
     operator  = "="
-    value     = "arm"
+    value     = "arm64"
   }
 
   # select machines with more than 4GB of RAM
   constraint {
     attribute = "${attr.memory.totalbytes}"
-    value     = "2GB"
-    operator  = ">"
+    value     = "1GB"
+    operator  = ">="
   }
-
-  constraint {
-    attribute = "${node.class}"
-    value     = "32"
-  }
-
   update {
     max_parallel      = 1
     min_healthy_time  = "20s"
     healthy_deadline  = "7m"
     progress_deadline = "15m"
     auto_revert       = true
+    auto_promote = true
     canary            = 1
   }
 
   migrate {
-    max_parallel = 2
-
-    # Specifies the mechanism in which allocations health is determined. The
-    # potential values are "checks" or "task_states".
+    max_parallel = 1
     health_check = "checks"
-
-    # Specifies the minimum time the allocation must be in the healthy state
-    # before it is marked as healthy and unblocks further allocations from being
-    # migrated. This is specified using a label suffix like "30s" or "15m".
     min_healthy_time = "15s"
-
-    # Specifies the deadline in which the allocation must be marked as healthy
-    # after which the allocation is automatically transitioned to unhealthy. This
-    # is specified using a label suffix like "2m" or "1h".
     healthy_deadline = "5m"
   }
 
-  group "server" {
+  group "db" {
     count = 1
+    network {
+      port "mysql_server" {
+        to = 3306
+      }
+    }
+    service {
+      name = "mysql"
+      tags = ["db", "dashboard"]
+      port = "mysql_server"
+
+      check {
+        type = "tcp"
+        port = "mysql_server"
+        name = "mysql_alive"
+        interval = "20s"
+        timeout = "2s"
+      }
+    }
+
+    restart {
+      attempts = 1
+      interval = "2m"
+      delay = "15s"
+      mode = "fail"
+    }
+    task "mysql" {
+      driver = "docker"
+      config {
+        image = "arm64v8/mysql:oracle"
+        ports = ["mysql_server"]
+      }
+      env {
+        MYSQL_ROOT_PASSWORD = "password" # pragma: allowlist secret
+        MYSQL_USER = "mysql"
+        MYSQL_PASSWORD = "password" # pragma: allowlist secret
+      }
+      resources {
+        cpu    = 125
+        memory = 512
+      }
+    }
+  }
 
+
+  group "grafana" {
+    count = 1
     network {
       port "grafana_server" {
-        to = 3000
+        static = 3000
       }
     }
 
@@ -63,143 +104,71 @@ job "dashboard" {
       tags = ["monitoring", "dashboard"]
       port = "grafana_server"
 
-      # The "check" stanza instructs Nomad to create a Consul health check for
-      # this service. A sample check is provided here for your convenience;
-      # uncomment it to enable it. The "check" stanza is documented in the
-      # "service" stanza documentation.
-
       check {
-        name     = "api"
+        port = "grafana_server"
+        name     = "grafana-api"
         path     = "/api/health"
-        type     = "tcp"
+        type     = "http"
         interval = "20s"
         timeout  = "5s"
       }
     }
 
     restart {
-      # The number of attempts to run the job within the specified interval.
-      attempts = 2
-      interval = "10m"
-
-      # The "delay" parameter specifies the duration to wait before restarting
-      # a task after it has failed.
+      attempts = 1
+      interval = "2m"
       delay = "15s"
-
-      # The "mode" parameter controls what happens when a task has restarted
-      # "attempts" times within the interval. "delay" mode delays the next
-      # restart until the next interval. "fail" mode does not restart the task
-      # if "attempts" has been hit within the interval.
       mode = "fail"
     }
 
-    # The "ephemeral_disk" stanza instructs Nomad to utilize an ephemeral disk
-    # instead of a hard disk requirement. Clients using this stanza should
-    # not specify disk requirements in the resources stanza of the task. All
-    # tasks in this group will share the same ephemeral disk.
-    #
-    # For more information and examples on the "ephemeral_disk" stanza, please
-    # see the online documentation at:
-    #
-    #     https://www.nomadproject.io/docs/job-specification/ephemeral_disk
-    #
     ephemeral_disk {
-      # When sticky is true and the task group is updated, the scheduler
-      # will prefer to place the updated allocation on the same node and
-      # will migrate the data. This is useful for tasks that store data
-      # that should persist across allocation updates.
-      # sticky = true
-      #
-      # Setting migrate to true results in the allocation directory of a
-      # sticky allocation directory to be migrated.
-      # migrate = true
-      #
-      # The "size" parameter specifies the size in MB of shared ephemeral disk
-      # between tasks in the group.
       size = 300
     }
-
-    affinity {
-      attribute = "${node.datacenter}"
-      value     = "dc1"
-      weight    = 100
-    }
-
-    # The "spread" stanza allows operators to increase the failure tolerance of
-    # their applications by specifying a node attribute that allocations
-    # should be spread over.
-    #
-    # For more information and examples on the "spread" stanza, please
-    # see the online documentation at:
-    #
-    #     https://www.nomadproject.io/docs/job-specification/spread
-    #
-    # spread {
-    # attribute specifies the name of a node attribute or metadata
-    # attribute = "${node.datacenter}"
-
-
-    # targets can be used to define desired percentages of allocations
-    # for each targeted attribute value.
-    #
-    #   target "us-east1" {
-    #     percent = 60
-    #   }
-    #   target "us-west1" {
-    #     percent = 40
-    #   }
-    #  }
-
-    # The "task" stanza creates an individual unit of work, such as a Docker
-    # container, web application, or batch processing.
-    #
-    # For more information and examples on the "task" stanza, please see
-    # the online documentation at:
-    #
-    #     https://www.nomadproject.io/docs/job-specification/task
-    #
     task "grafana" {
-      # The "driver" parameter specifies the task driver that should be used to
-      # run the task.
-      driver = "raw_exec"
-
-      artifact {
-        source = "https://dl.grafana.com/oss/release/grafana-8.3.3.linux-armv7.tar.gz"
-
-        options {
-          checksum = "sha256:9abddf9be0b5c4e7086676a1de5289fd4fc08faec3c27b653811535c4f0fc9fa"
-        }
-      }
-
+      driver = "exec"
       logs {
         max_files     = 10
         max_file_size = 15
       }
-
+      artifact {
+        // source = local.grafana_url
+        source = "https://dl.grafana.com/oss/release/grafana-${var.grafana_version}.linux-arm64.tar.gz"
+        destination = "${NOMAD_ALLOC_DIR}"
+      }
       resources {
-        cpu    = 1500
-        memory = 2048
+        cpu    = 1000
+        memory = 1024
       }
 
       config {
-        command = "local/grafana-8.3.3/bin/grafana-server"
-        args    = ["-homepath=local/grafana-8.3.3", "--config=local/conf.ini"]
+        command = "${NOMAD_ALLOC_DIR}/grafana-${var.grafana_version}/bin/grafana-server"
+        args = [
+          "-homepath=${NOMAD_ALLOC_DIR}/grafana-${var.grafana_version}",
+          "-config=${NOMAD_ALLOC_DIR}/grafana-${var.grafana_version}/conf/conf.ini"
+        ]
       }
 
       template {
         data = <<EOT
+[auth.anonymous]
+enabled = true
+[database]
+type = mysql
+host = "mysql:${NOMAD_HOST_PORT_mysql}"
+user = root
+password = """password"""
 [paths]
-data = local/data/
-logs = local/log/
-plugins = local/plugins
+data = ${NOMAD_ALLOC_DIR}/data/
+logs = ${NOMAD_ALLOC_DIR}/log/
+plugins = ${NOMAD_ALLOC_DIR}/plugins
 [analytics]
 reporting_enabled = false
 [snapshots]
 external_enabled = false
 EOT
 
-        destination = "local/conf.ini"
-      }
-    }
-  }
+        destination = "${NOMAD_ALLOC_DIR}/grafana-${var.grafana_version}/conf/conf.ini"
+      } // Configuration template
+    } // Grafana server task
+  } // grafana server group
 }
diff --git a/loki.nomad b/loki.nomad
index 54977ac..ba8c619 100644
--- a/loki.nomad
+++ b/loki.nomad
@@ -8,8 +8,25 @@ job "loki" {
   type = "service"
   name = "loki"
   // migrate {}
+  meta {
+    auto-backup = true
+    backup-schedule = "@hourly"
+    backup-target-db = "postgres"
+  }
+  update {
+    max_parallel = 2
+    health_check = "checks"
+    min_healthy_time = "5s"
+    healthy_deadline = "60s"
+    progress_deadline = "3m"
+    auto_revert = true
+    auto_promote = true
+    canary = 1
+  }
   priority = 80
   group "log-server" {
+    count = 2
+
     network {
       port "loki_http_listen" {
         static = 3100
@@ -17,16 +34,10 @@ job "loki" {
       port "loki_grpc_listen" {
         static = 9096
       }
-      port "promtail_http_listen" {
-        static = 9080
-      }
-      port "promtail_grpc_listen" {
-        static = 0
-      }
     }
     service {
       name = "loki-http-server"
-      tags = ["logs", "loki", "observability"]
+      tags = ["logs", "loki", "observability", "urlprefix-/loki"]
       port = "loki_http_listen"
 
       check {
@@ -35,6 +46,15 @@ job "loki" {
         interval = "10s"
         timeout = "3s"
       }
+
+      check {
+        name = "loki_http_ready"
+        type = "http"
+        path = "/ready"
+        port = "loki_http_listen"
+        interval = "10s"
+        timeout = "3s"
+      }
     }
     task "server" {
       driver = "raw_exec"
@@ -48,23 +68,23 @@ job "loki" {
         source = "local/loki.yml.tpl"
         destination = "local/loki.yml"
       }
-      // artifact {
-      //   source = "https://github.com/grafana/loki/releases/download/${var.loki_version}/loki-linux-${attr.cpu.arch}.zip"
-      //   options { # checksum depends on the cpu arch
-      //   }
-      //   destination = "local/loki"
-      //   mode = "file"
-      // }
       artifact {
-        source = "http://minio-deploy-run.service.consul:9000/loki-bin/loki-linux-${attr.cpu.arch}.zip"
+        source = "https://github.com/grafana/loki/releases/download/${var.loki_version}/loki-linux-${attr.cpu.arch}.zip"
+        options { # checksum depends on the cpu arch
+        }
         destination = "local/loki"
         mode = "file"
       }
-      artifact {
-        source = "http://minio-deploy-run.service.consul:9000/loki-config/loki.hcl.tpl"
-        destination = "local/loki.yml.tpl"
-        mode = "file"
-      }
+      // artifact {
+      //   source = "http://minio-deploy-run.service.consul:9000/loki-bin/loki-linux-${attr.cpu.arch}.zip"
+      //   destination = "local/loki"
+      //   mode = "file"
+      // }
+      // artifact {
+      //   source = "http://minio-deploy-run.service.consul:9000/loki-config/loki.hcl.tpl"
+      //   destination = "local/loki.yml.tpl"
+      //   mode = "file"
+      // }
 
     }
 
diff --git a/minio.nomad b/minio.nomad
index 991152d..ebf24ac 100644
--- a/minio.nomad
+++ b/minio.nomad
@@ -25,6 +25,11 @@ variable "minio_storage_size"{
 }
 
 job "minio" {
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   datacenters = ["dc1"]
   type        = "service"
 
diff --git a/node-red.nomad b/node-red.nomad
index a762e96..a73f2b7 100644
--- a/node-red.nomad
+++ b/node-red.nomad
@@ -1,5 +1,10 @@
 job "nodered" {
   datacenters = ["dc1"]
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   update {
     max_parallel = 1
     health_check = "checks"
@@ -13,7 +18,6 @@ job "nodered" {
     network {
       port "ui" {
         static = 1880
-        to = 9999
       }
     }
 
diff --git a/prometheus.nomad b/prometheus.nomad
index ff818f3..a5846bb 100644
--- a/prometheus.nomad
+++ b/prometheus.nomad
@@ -1,10 +1,25 @@
 job "prometheus" {
   datacenters = ["dc1"]
   type        = "service"
-
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
+  update {
+    max_parallel = 1
+    health_check = "checks"
+    canary = 1
+    auto_promote = true
+    auto_revert = true
+  }
+  #vault {
+  #      policies = ["nomad-monitoring"]
+  #      // entity_alias = "prometheus"
+  #}
   constraint {
-    attribute = "${attr.cpu.modelname}"
-    value     = "ARMv7 Processor rev 3 (v7l)"
+     attribute = attr.cpu.arch
+     value     = "arm64"
   }
 
   group "monitoring" {
@@ -17,9 +32,9 @@ job "prometheus" {
     }
 
     restart {
-      attempts = 1
+      attempts = 2
       interval = "5m"
-      delay    = "15s"
+      delay    = "1m"
       mode     = "fail"
     }
 
@@ -29,33 +44,13 @@ job "prometheus" {
 
     task "prometheus" {
       artifact {
-        source      = "https://github.com/prometheus/prometheus/releases/download/v2.32.1/prometheus-2.32.1.linux-armv7.tar.gz"
+        source      = "https://github.com/prometheus/prometheus/releases/download/v2.35.0/prometheus-2.35.0.linux-arm64.tar.gz"
         destination = "local"
 
         options {
-          checksum = "sha256:21d8a095f02b2986d408cff744e568ca66c92212b124673143b155a80284d2e4"
+          checksum = "sha256:3ebe0c533583a9ab03363a80aa629edd8e0cc42da3583e33958eb7abe74d4cd2"
         }
       }
-
-      template {
-        change_mode = "noop"
-        destination = "local/webserver_alert.yml"
-
-        data = <<EOH
----
-groups:
-- name: prometheus_alerts
-  rules:
-  - alert: Webserver down
-    expr: absent(up{job="webserver"})
-    for: 10s
-    labels:
-    severity: critical
-    annotations:
-        description: "Our webserver is down."
-    EOH
-      }
-
       template {
         change_mode = "noop"
         destination = "local/prometheus.yml"
@@ -67,6 +62,15 @@ global:
   evaluation_interval: 5s
 
 scrape_configs:
+  - job_name: vault
+    metrics_path: /v1/sys/metrics
+    params:
+      format: ['prometheus']
+    scheme: http
+    authorization:
+      credentials: '"${env["VAULT_TOKEN"]}"'
+    static_configs:
+      - targets: ['192.168.1.16:8200']
   - job_name: 'instance_metrics'
     static_configs:
       - targets:
@@ -76,7 +80,12 @@ scrape_configs:
   - job_name: 'nomad_metrics'
     consul_sd_configs:
     - server: '{{ env "CONSUL_HTTP_ADDR" }}'
-      services: ['nomad-client', 'nomad']
+      services:
+        - 'nomad-client'
+        - 'nomad'
+        - 'consul'
+        - 'minio-api'
+        - 'minio-console'
     relabel_configs:
     - source_labels: ['__meta_consul_tags']
       regex: '(.*)http(.*)'
@@ -88,27 +97,30 @@ scrape_configs:
 EOH
       }
 
-      driver = "raw_exec"
+      driver = "exec"
 
       config {
-        command = "local/prometheus-2.32.1.linux-armv7/prometheus"
-        args    = ["--config.file=local/prometheus.yml"]
+        command = "local/prometheus-2.35.0.linux-arm64/prometheus"
+        args    = [
+          "--config.file=local/prometheus.yml",
+          "--web.external-url=http://0.0.0.0:9090/prometheus"
+          ]
       }
 
       resources {
-        cpu = 2000
-        memory = 2000
+        cpu = 1000
+        memory = 800
       }
 
       service {
         name = "prometheus"
-        tags = ["urlprefix-/"]
+        tags = ["urlprefix-/prometheus"]
         port = "prometheus_ui"
 
         check {
           name     = "prometheus_ui port alive"
           type     = "http"
-          path     = "/-/healthy"
+          path     = "prometheus/-/healthy"
           interval = "10s"
           timeout  = "2s"
         }
diff --git a/promtail.nomad b/promtail.nomad
index 6a4e5aa..d0f00b8 100644
--- a/promtail.nomad
+++ b/promtail.nomad
@@ -12,6 +12,11 @@
 #     https://www.nomadproject.io/docs/job-specification/job
 #
 job "promtail" {
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
   datacenters = ["dc1"]
   type = "system"
   // constraint {
@@ -74,15 +79,15 @@ job "promtail" {
       }
 
       artifact {
-         source = "http://minio-deploy-run.service.consul:9000/loki-bin/promtail-linux-${attr.cpu.arch}.zip"
+         source = "http://minio-api.service.consul:9000/loki-bin/promtail-linux-${attr.cpu.arch}.zip"
          destination = "local/promtail"
          mode = "file"
       }
 
 
       resources {
-        cpu    = 500 # 500 MHz
-        memory = 256 # 256MB
+        cpu    = 60 # 500 MHz
+        memory = 125 # 256MB
       }
 
 
diff --git a/promtail.yml.tpl b/promtail.yml.tpl
index d74825e..c9f97b2 100644
--- a/promtail.yml.tpl
+++ b/promtail.yml.tpl
@@ -16,3 +16,10 @@ scrape_configs:
     labels:
       job: consul
       __path__: /var/log/consul*.log
+- job_name: system
+  static_configs:
+  - targets:
+      - localhost
+    labels:
+      job: nomad
+      __path__: /var/log/nomad*.log
diff --git a/timer.nomad b/timer.nomad
new file mode 100644
index 0000000..0edb499
--- /dev/null
+++ b/timer.nomad
@@ -0,0 +1,50 @@
+job "timer" {
+  region = "global"
+  datacenters = ["dc1"]
+  type = "batch"
+  meta {
+    auto-backup = true
+    backup-schedule = "@daily"
+    backup-target-db = "postgres"
+  }
+  group "script" {
+    volume "job_inbound" {
+      type = "host"
+      source = "job_inbound"
+      read_only = false
+    }
+    count = 1
+    task "script" {
+      volume_mount {
+        volume = "job_inbound"
+        destination = "/scratch"
+      }
+      artifact {
+        source = "/timer.py"
+        destination = "local/timer.py"
+        mode = "file"
+      }
+      // constraint {
+      //   attribute = "${meta.cached_binaries}"
+      //   operator = "set_contains"
+      //   value = "python3"
+      // }
+
+      constraint {
+        attribute = "${attr.unique.hostname}"
+        value= "sense.station"
+      }
+
+      driver = "exec"
+      user = "becker"
+      config {
+        command = "python3"
+        args = ["local/timer.py"]
+      }
+      resources {
+        cpu = 125
+        memory = 100
+      }
+    }
+  }
+}