diff --git a/hosts/idols-ai/impermanence.nix b/hosts/idols-ai/impermanence.nix
index 047a1546..ad4ad1ae 100644
--- a/hosts/idols-ai/impermanence.nix
+++ b/hosts/idols-ai/impermanence.nix
@@ -79,6 +79,7 @@
         ".pki"
         ".steam" # steam games
         ".var" # flatpak app's data
+        ".terraform.d/plugin-cache" # terraform's plugin cache
 
         # cloud native
         {
diff --git a/infra/minio/loki/.terraform.lock.hcl b/infra/minio/loki/.terraform.lock.hcl
new file mode 100644
index 00000000..a7c7f027
--- /dev/null
+++ b/infra/minio/loki/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/aminueza/minio" {
+  version     = "3.5.2"
+  constraints = "3.5.2"
+  hashes = [
+    "h1:3G/Q/dlf4ItE5tvE1zvSDUW4bYvwdCMVsHNAhMq9328=",
+    "zh:5513c7b20eac89b7bc27b1f762ff03058b4c75456523d5065c41be170fc1ce53",
+    "zh:597ec8ab8169ab4d044b7d442e65b03bbce2516c15f718510e8c80b5fc451be6",
+    "zh:608ff0eb5929b840c11efee1da0273b81d21a8149d8f2d259989597068b48253",
+    "zh:71bee58a6ba43d2a2aadd604c0e04f621fa67cb82ab3633fc5d1366689a5be6b",
+    "zh:9871556bcc3d5daab3cd8e302d1d07bc5693038e1abf8bd11aaf07a439d67a0b",
+    "zh:a3272fbb1ac7dff2481e778284709a5d8b85eda61f26239867eaed9ede57e90a",
+    "zh:a5048a378d5b075a6afac14197fc0fc57f97788cd697749621c07cec7156344c",
+    "zh:a8f28d070653cbd78ca85f9e54d9391a164828de598d481ed53d04882944dcb7",
+    "zh:cbf6895d80828f66fdaa234c6fcf87c329c41eb72391a6d29056b917bce65426",
+    "zh:cd48186b94cee7757a59f848dd6a2bd1d2faa76738a849261ca7cf14e7ca76c2",
+    "zh:cdefdf9bb591ab19c3176c7c8796762e2626ebde0d49971b49393f6bf28533ba",
+    "zh:ef16beff601be117a837cd47a1813be24ee0463d4f36a5d5f7e42a19d6c02b3d",
+  ]
+}
diff --git a/infra/minio/loki/README.md b/infra/minio/loki/README.md
new file mode 100644
index 00000000..ab653fe7
--- /dev/null
+++ b/infra/minio/loki/README.md
@@ -0,0 +1,3 @@
+# Buckets for Grafana Loki
+
+Store Log data.
diff --git a/infra/minio/loki/loki.tf b/infra/minio/loki/loki.tf
new file mode 100644
index 00000000..0eafa980
--- /dev/null
+++ b/infra/minio/loki/loki.tf
@@ -0,0 +1,90 @@
+# ==============================================
+# Buckets
+# ==============================================
+
+resource "minio_s3_bucket" "k3s-test-1-loki-chunks" {
+  bucket = "k3s-test-1-loki-chunks"
+  acl    = "private"
+}
+
+resource "minio_s3_bucket" "k3s-test-1-loki-ruler" {
+  bucket = "k3s-test-1-loki-ruler"
+  acl    = "private"
+}
+
+resource "minio_s3_bucket" "k3s-test-1-loki-admin" {
+  bucket = "k3s-test-1-loki-admin"
+  acl    = "private"
+}
+
+# ==============================================
+# User & Permission
+# ==============================================
+
+
+resource "minio_iam_user" "loki" {
+  name          = "loki"
+  force_destroy = true
+  tags = {
+    env       = "prod"
+    managedBy = "terraform"
+  }
+}
+
+resource "minio_iam_service_account" "loki" {
+  target_user = minio_iam_user.loki.name
+}
+
+resource "minio_iam_policy" "loki" {
+  name   = "loki"
+  policy = <<EOF
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Sid": "ObjectFullAccess",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:ListBucket",
+        "s3:DeleteObject"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::k3s-test-1-loki-chunks/*",
+        "arn:aws:s3:::k3s-test-1-loki-ruler/*",
+        "arn:aws:s3:::k3s-test-1-loki-admin/*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+resource "minio_iam_user_policy_attachment" "loki-1" {
+  user_name   = minio_iam_user.loki.id
+  policy_name = minio_iam_policy.loki.id
+}
+
+# ======================================================
+
+output "loki-chunks_url" {
+  value = minio_s3_bucket.k3s-test-1-loki-chunks.bucket_domain_name
+}
+
+output "loki-ruler_url" {
+  value = minio_s3_bucket.k3s-test-1-loki-ruler.bucket_domain_name
+}
+
+output "loki-admin_url" {
+  value = minio_s3_bucket.k3s-test-1-loki-admin.bucket_domain_name
+}
+
+output "loki_accesskey" {
+  value = minio_iam_service_account.loki.access_key
+}
+
+output "loki_secretkey" {
+  value     = minio_iam_service_account.loki.secret_key
+  sensitive = true
+}
diff --git a/infra/minio/openobserve/provider.tf b/infra/minio/loki/main.tf
similarity index 97%
rename from infra/minio/openobserve/provider.tf
rename to infra/minio/loki/main.tf
index 90a6b155..50ece5c9 100644
--- a/infra/minio/openobserve/provider.tf
+++ b/infra/minio/loki/main.tf
@@ -25,7 +25,7 @@ terraform {
   required_providers {
     minio = {
       source  = "aminueza/minio"
-      version = "2.5.0"
+      version = "3.5.2"
     }
   }
 }
diff --git a/infra/minio/openobserve/run.sh b/infra/minio/loki/run.sh
similarity index 67%
rename from infra/minio/openobserve/run.sh
rename to infra/minio/loki/run.sh
index ee698601..f0a88c37 100644
--- a/infra/minio/openobserve/run.sh
+++ b/infra/minio/loki/run.sh
@@ -1,6 +1,6 @@
 # for provider
 #
-# export MINIO_PASSWORD=="xxx"
+# export MINIO_PASSWORD="xxx"
 
 # for terraform's s3 backend
 #
@@ -10,3 +10,7 @@
 terraform init
 terraform plan
 terraform apply
+
+# show secret key
+terraform output loki_secretkey
+
diff --git a/infra/minio/openobserve/.terraform.lock.hcl b/infra/minio/openobserve/.terraform.lock.hcl
deleted file mode 100644
index 2579c2d3..00000000
--- a/infra/minio/openobserve/.terraform.lock.hcl
+++ /dev/null
@@ -1,22 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/aminueza/minio" {
-  version     = "2.5.0"
-  constraints = "2.5.0"
-  hashes = [
-    "h1:RrjfsRy+fBVh7VF3r9u7uCCSjAdR5APa6sqbc9b8GfU=",
-    "zh:066cdb289dbfd1675e22fe58c8b42e2732f24fc1528b1919a78dfe28f80e8b30",
-    "zh:26d5e55106259e69493b95058178ec3d6b2395f03a8fe832af1be0e4d89ef42c",
-    "zh:6247e19de9ec6ef719cfcb174b8f08085c0fd5118b3b0de3fb9bb150702b4ad8",
-    "zh:70c3cbab0ba8edeec0db2e175bcdb47255c92f3153f839c4e8f2b0fe8c1366f4",
-    "zh:713793b4b93ae62070b18983ff525390de6c84547cab4220aa068437149f5035",
-    "zh:72de3e532d4bc7c7a4a872aaf00d7e4dfa09f3730668a738bb881d6734248f02",
-    "zh:9090f9288d7bc9f23043c1e65d8535e91f10413a16699d4a18add811b25fa167",
-    "zh:9847284aecb52718468feccb914d67e8befb8bff8345275cb03c3209b338f68b",
-    "zh:aa09ba1aa6fec278198ff352cc7f2977cfe567d31fd948c54fba5db82b4cd7ec",
-    "zh:ca28efbf60400918b9dadd18ecbf683065bf9329b35cbf3826718d8d50f10263",
-    "zh:cb21b119202ac6a30724beb89aefbb8660762b0e9b7165f1e22d59720dd0f110",
-    "zh:f36b4c9fe4795e892b3be2c80a22461f373541f81d335b51afa963097ab29624",
-  ]
-}
diff --git a/infra/minio/openobserve/openobserve.tf b/infra/minio/openobserve/openobserve.tf
deleted file mode 100644
index a8944b4e..00000000
--- a/infra/minio/openobserve/openobserve.tf
+++ /dev/null
@@ -1,64 +0,0 @@
-resource "minio_s3_bucket" "openobserve" {
-  bucket = "openobserve"
-  acl    = "private"
-}
-
-resource "minio_iam_user" "openobserve" {
-  name          = "openobserve"
-  force_destroy = true
-  tags = {
-    env       = "prod"
-    managedBy = "terraform"
-  }
-}
-
-resource "minio_iam_policy" "openobserve" {
-  name   = "openobserve"
-  policy = <<EOF
-{
-  "Version":"2012-10-17",
-  "Statement": [
-    {
-      "Sid": "ObjectFullAccess",
-      "Action": [
-        "s3:PutObject",
-        "s3:GetObject",
-        "s3:ListBucket",
-        "s3:DeleteObject"
-      ],
-      "Effect": "Allow",
-      "Resource": "arn:aws:s3:::openobserve/*"
-    }
-  ]
-}
-EOF
-}
-
-resource "minio_iam_user_policy_attachment" "openobserve-1" {
-  user_name   = minio_iam_user.openobserve.id
-  policy_name = minio_iam_policy.openobserve.id
-}
-
-resource "minio_iam_service_account" "openobserve" {
-  target_user = minio_iam_user.openobserve.name
-}
-
-
-# ======================================================
-
-output "openobserve_id" {
-  value = minio_s3_bucket.openobserve.id
-}
-
-output "openobserve_url" {
-  value = minio_s3_bucket.openobserve.bucket_domain_name
-}
-
-output "openobserve_accesskey" {
-  value = minio_iam_service_account.openobserve.access_key
-}
-
-output "openobserve_secretkey" {
-  value     = minio_iam_service_account.openobserve.secret_key
-  sensitive = true
-}
diff --git a/infra/minio/tf-s3-backend/.terraform.lock.hcl b/infra/minio/tf-s3-backend/.terraform.lock.hcl
index 2579c2d3..a7c7f027 100644
--- a/infra/minio/tf-s3-backend/.terraform.lock.hcl
+++ b/infra/minio/tf-s3-backend/.terraform.lock.hcl
@@ -2,21 +2,21 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/aminueza/minio" {
-  version     = "2.5.0"
-  constraints = "2.5.0"
+  version     = "3.5.2"
+  constraints = "3.5.2"
   hashes = [
-    "h1:RrjfsRy+fBVh7VF3r9u7uCCSjAdR5APa6sqbc9b8GfU=",
-    "zh:066cdb289dbfd1675e22fe58c8b42e2732f24fc1528b1919a78dfe28f80e8b30",
-    "zh:26d5e55106259e69493b95058178ec3d6b2395f03a8fe832af1be0e4d89ef42c",
-    "zh:6247e19de9ec6ef719cfcb174b8f08085c0fd5118b3b0de3fb9bb150702b4ad8",
-    "zh:70c3cbab0ba8edeec0db2e175bcdb47255c92f3153f839c4e8f2b0fe8c1366f4",
-    "zh:713793b4b93ae62070b18983ff525390de6c84547cab4220aa068437149f5035",
-    "zh:72de3e532d4bc7c7a4a872aaf00d7e4dfa09f3730668a738bb881d6734248f02",
-    "zh:9090f9288d7bc9f23043c1e65d8535e91f10413a16699d4a18add811b25fa167",
-    "zh:9847284aecb52718468feccb914d67e8befb8bff8345275cb03c3209b338f68b",
-    "zh:aa09ba1aa6fec278198ff352cc7f2977cfe567d31fd948c54fba5db82b4cd7ec",
-    "zh:ca28efbf60400918b9dadd18ecbf683065bf9329b35cbf3826718d8d50f10263",
-    "zh:cb21b119202ac6a30724beb89aefbb8660762b0e9b7165f1e22d59720dd0f110",
-    "zh:f36b4c9fe4795e892b3be2c80a22461f373541f81d335b51afa963097ab29624",
+    "h1:3G/Q/dlf4ItE5tvE1zvSDUW4bYvwdCMVsHNAhMq9328=",
+    "zh:5513c7b20eac89b7bc27b1f762ff03058b4c75456523d5065c41be170fc1ce53",
+    "zh:597ec8ab8169ab4d044b7d442e65b03bbce2516c15f718510e8c80b5fc451be6",
+    "zh:608ff0eb5929b840c11efee1da0273b81d21a8149d8f2d259989597068b48253",
+    "zh:71bee58a6ba43d2a2aadd604c0e04f621fa67cb82ab3633fc5d1366689a5be6b",
+    "zh:9871556bcc3d5daab3cd8e302d1d07bc5693038e1abf8bd11aaf07a439d67a0b",
+    "zh:a3272fbb1ac7dff2481e778284709a5d8b85eda61f26239867eaed9ede57e90a",
+    "zh:a5048a378d5b075a6afac14197fc0fc57f97788cd697749621c07cec7156344c",
+    "zh:a8f28d070653cbd78ca85f9e54d9391a164828de598d481ed53d04882944dcb7",
+    "zh:cbf6895d80828f66fdaa234c6fcf87c329c41eb72391a6d29056b917bce65426",
+    "zh:cd48186b94cee7757a59f848dd6a2bd1d2faa76738a849261ca7cf14e7ca76c2",
+    "zh:cdefdf9bb591ab19c3176c7c8796762e2626ebde0d49971b49393f6bf28533ba",
+    "zh:ef16beff601be117a837cd47a1813be24ee0463d4f36a5d5f7e42a19d6c02b3d",
   ]
 }
diff --git a/infra/minio/tf-s3-backend/provider.tf b/infra/minio/tf-s3-backend/main.tf
similarity index 93%
rename from infra/minio/tf-s3-backend/provider.tf
rename to infra/minio/tf-s3-backend/main.tf
index f988f4b3..ece70b56 100644
--- a/infra/minio/tf-s3-backend/provider.tf
+++ b/infra/minio/tf-s3-backend/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     minio = {
       source  = "aminueza/minio"
-      version = "2.5.0"
+      version = "3.5.2"
     }
   }
 }
diff --git a/infra/minio/tf-s3-backend/run.sh b/infra/minio/tf-s3-backend/run.sh
index 4b10ff64..ff07e3fd 100644
--- a/infra/minio/tf-s3-backend/run.sh
+++ b/infra/minio/tf-s3-backend/run.sh
@@ -1,6 +1,6 @@
 # for provider
 #
-# export MINIO_PASSWORD=="xxx"
+# export MINIO_PASSWORD="xxx"
 #
 terraform init
 terraform plan