diff --git a/hosts/ward/microvms/grafana/default.nix b/hosts/ward/microvms/grafana/default.nix
index 028f570..5124e9c 100644
--- a/hosts/ward/microvms/grafana/default.nix
+++ b/hosts/ward/microvms/grafana/default.nix
@@ -115,7 +115,7 @@ in {
           url = "https://${sentinelCfg.proxiedDomains.loki}";
           orgId = 1;
           basicAuth = true;
-          basicAuthUser = "${nodeName}:grafana-loki-basic-auth-password";
+          basicAuthUser = "${nodeName}+grafana-loki-basic-auth-password";
           secureJsonData.basicAuthPassword = "$__file{${config.age.secrets.grafana-loki-basic-auth-password.path}}";
         }
       ];
diff --git a/hosts/ward/microvms/loki/default.nix b/hosts/ward/microvms/loki/default.nix
index b5c5e08..21931dd 100644
--- a/hosts/ward/microvms/loki/default.nix
+++ b/hosts/ward/microvms/loki/default.nix
@@ -41,7 +41,7 @@ in {
             file,
           }: ''
             echo " -> Aggregating [32m"${lib.escapeShellArg host}":[m[33m"${lib.escapeShellArg name}"[m" >&2
-            echo -n ${lib.escapeShellArg host}":"${lib.escapeShellArg name}" "
+            echo -n ${lib.escapeShellArg host}"+"${lib.escapeShellArg name}" "
             ${decrypt} ${lib.escapeShellArg file} \
               | ${pkgs.caddy}/bin/caddy hash-password --algorithm bcrypt \
               || die "Failure while aggregating caddy basic auth hashes"
@@ -55,7 +55,6 @@ in {
       useACMEHost = sentinelCfg.lib.extra.matchingWildcardCert lokiDomain;
       extraConfig = ''
         import common
-        skip_log
         basicauth {
           import ${sentinelCfg.age.secrets.loki-basic-auth-hashes.path}
         }
diff --git a/hosts/ward/microvms/loki/secrets/loki-basic-auth-hashes.age b/hosts/ward/microvms/loki/secrets/loki-basic-auth-hashes.age
index 63dcba5..122be11 100644
Binary files a/hosts/ward/microvms/loki/secrets/loki-basic-auth-hashes.age and b/hosts/ward/microvms/loki/secrets/loki-basic-auth-hashes.age differ
diff --git a/modules/promtail.nix b/modules/promtail.nix
index c1ab389..415a141 100644
--- a/modules/promtail.nix
+++ b/modules/promtail.nix
@@ -48,7 +48,7 @@ in {
 
         clients = [
           {
-            basic_auth.username = "${nodeName}:promtail-loki-basic-auth-password";
+            basic_auth.username = "${nodeName}+promtail-loki-basic-auth-password";
             basic_auth.password_file = config.age.secrets.promtail-loki-basic-auth-password.path;
             url = "https://${nodes.${cfg.proxy}.config.proxiedDomains.loki}/loki/api/v1/push";
           }