diff --git a/lib/low-ram-nix.nix b/lib/low-ram-nix.nix
new file mode 100644
index 0000000..0f97f85
--- /dev/null
+++ b/lib/low-ram-nix.nix
@@ -0,0 +1,27 @@
+{
+	/* FIXME: Temporary workaround to deal with `nix copy` OOM issues. See: https://github.com/NixOS/nixpkgs/issues/38808 */
+	nixpkgs.config.packageOverrides = pkgs: {
+		nix = pkgs.nixUnstable.overrideAttrs (oldAttrs: {
+			src = pkgs.fetchFromGitHub {
+				owner = "NixOS";
+				repo = "nix";
+				rev = "54b1c596435b0aaf3a2557652ad4bf74d5756514";
+				sha256 = "0g7knsfj445r50rk0d9hm5n1pv20k542bz6xf5c47qmkgvfa40x4";
+			};
+			patches = [
+				(pkgs.fetchpatch {
+					url = "https://github.com/nh2/nix/commit/d31a4410d92790e2c27110154896445d99d7abfe.patch";
+					sha256 = "08gcw2xw8yc61zz2nr1j3cnd6wagp5qs02mjfazrd9wa045y26hg";
+				})
+			];
+			# Changes cherry-picked from upstream nix `release-common.nix` that
+			# aren't in `pkgs.nixUnstable` yet:
+			buildInputs = oldAttrs.buildInputs ++ [
+				(pkgs.aws-sdk-cpp.override {
+					apis = ["s3" "transfer"];
+					customMemoryManagement = false;
+				})
+			];
+		});
+	};
+}
diff --git a/networks/default.nix b/networks/default.nix
index 2f67a25..672b5a4 100644
--- a/networks/default.nix
+++ b/networks/default.nix
@@ -1,10 +1,38 @@
 let
 	secrets = import ../secrets.nix;
+
+	trackServiceMetrics = {
+		systemd.extraConfig = ''
+	        DefaultCPUAccounting=yes
+	        DefaultIOAccounting=yes
+	        DefaultIPAccounting=yes
+	        DefaultBlockIOAccounting=yes
+	        DefaultMemoryAccounting=yes
+	        DefaultTasksAccounting=yes
+	    '';
+
+		services.cadvisor = {
+			enable = true;
+			port = 9333;
+			listenAddress = "0.0.0.0";
+			storageDriver = "stdout";
+		};
+
+		virtualisation.docker.enable = false;
+
+		networking.firewall.allowedTCPPorts = [
+			9333
+		];
+	};
 in {
 	network.description = "Cryto";
 
 	workbot = {config, lib, pkgs, ...}@args:
 		{
+			imports = [
+				trackServiceMetrics
+			];
+
 			config = {
 				services.nginx = let
 					hostRoot = pkgs.writeTextDir "index.html" "Hello world!";
@@ -123,6 +151,21 @@ in {
 								(nameInstance "80.255.0.137:9100" "osmium")
 								(nameInstance "64.187.233.73:9100" "nijaxor")
 							];
+						} {
+							job_name = "systemd";
+							scrape_interval = "60s";
+							static_configs = [{
+								targets = [
+									"localhost:9333"
+									"80.255.0.137:9333"
+									"64.187.233.73:9333"
+								];
+							}];
+							relabel_configs = [
+								(nameInstance "localhost:9333" "workbot")
+								(nameInstance "80.255.0.137:9333" "osmium")
+								(nameInstance "64.187.233.73:9333" "nijaxor")
+							];
 						}
 					];
 
@@ -161,6 +204,8 @@ in {
 						rev = "d7a09deda0916fa99920156e928d281a5bd3d97a";
 						sha256 = "08xjcwmbzdmkzbz1al3vkryiix1y2zqc8yv4lsrw21dz0c5zl726";
 					})
+					trackServiceMetrics
+					(import ../lib/low-ram-nix.nix)
 				];
 
 				config = {
@@ -220,6 +265,11 @@ in {
 
 	nijaxor = { config, lib, pkgs, ... }@args:
 		{
+			imports = [
+				(import ../lib/low-ram-nix.nix)
+				trackServiceMetrics
+			];
+
 			config = {
 				networking.firewall.allowedTCPPorts = [
 					9100 # Prometheus node exporter