diff --git a/config/dns-unbound.nix b/config/dns-unbound.nix
index d8ec63a..d026ca5 100644
--- a/config/dns-unbound.nix
+++ b/config/dns-unbound.nix
@@ -28,6 +28,11 @@ in
         }
       '';
     }).out;
+  services.prometheus.exporters.unbound = {
+    enable = true;
+    port = 9167;
+    openFirewall = true;
+  };
   services.unbound = {
     enable = true;
     settings = {
diff --git a/containers/dns.nix b/containers/dns.nix
index 0dd8ecc..6a7d53c 100644
--- a/containers/dns.nix
+++ b/containers/dns.nix
@@ -6,8 +6,8 @@
     container = {
       cores = 2;
       memory = 1024;
-      disk = "4G";
-      swap = 512;
+      disk = "5G";
+      swap = 768;
     };
     system = {
       port = 80;
@@ -24,6 +24,9 @@
     logging = {
       enable = true;
       metricsEnable = true;
+      prometheusPorts = [
+        9167
+      ];
     };
     private = true;
     auth = true;
diff --git a/modules/lxc-template.nix b/modules/lxc-template.nix
index 37908be..ac754a5 100644
--- a/modules/lxc-template.nix
+++ b/modules/lxc-template.nix
@@ -20,6 +20,13 @@ in
     "sys-kernel-debug.mount"
     "sys-fs-fuse-connections.mount"
   ];
+  services.journald.extraConfig = ''
+    SystemMaxUse=200M
+    SystemKeepFree=100M
+    SystemMaxFileSize=20M
+    SystemMaxFiles=10
+    MaxRetentionSec=5day
+  '';
   environment.systemPackages = with pkgs; [
     vim
     openssl
@@ -35,8 +42,12 @@ in
   };
   nix.gc = {
     automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 7d";
+    dates = "daily";
+    options = "--delete-older-than 3d";
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = [ "weekly" ];
   };
   networking.nameservers =
     (