diff --git a/ansible/hypervisor.yml b/ansible/hypervisor.yml
index afee0a74..efe0774d 100644
--- a/ansible/hypervisor.yml
+++ b/ansible/hypervisor.yml
@@ -54,4 +54,4 @@
         }
     }
   vars:
-    beats_version: 7.3.2
+    beats_version: 7.7.0
diff --git a/hosts/server7/default.nix b/hosts/server7/default.nix
index 11fc3461..3930f872 100644
--- a/hosts/server7/default.nix
+++ b/hosts/server7/default.nix
@@ -92,6 +92,35 @@ in {
 
   virtualisation.docker.enable = true;
 
+  # docker osd.7 container
+  # docker run --rm --net=host  --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph
+  # -e 172.22.99.245 -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-osd -i 7 --setuser ceph --setgroup ceph -f
+  docker-containers.ceph-osd-7 = {
+    cmd = ["ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d"];
+    environment = {
+      OSD_DEVICE = "/dev/sdb";
+    };
+    image = "ceph/ceph:v14.2.9";
+    log-driver = "journald";
+    extraDockerOptions = [
+      "--rm"
+      "--net=host"
+      "--ipc=host"
+      "--privileged=true"
+    ];
+    volumes = [
+      "/dev:/dev"
+      "/etc/ceph:/etc/ceph"
+      "/var/lib/ceph/:/var/lib/ceph"
+    ];
+  };
+  # FIXME
+  # systemd.services.docker-ceph-osd-7.serviceConfig = {
+  #    ExecStartPre = ["mount | grep ^/var/lib/ceph/osd/ceph-7 || mount -t tmpfs tmpfs /var/lib/ceph/osd/ceph-7"
+  #                    ''docker run --rm --net=host  --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all''
+  #    ];
+  #};
+
   networking = {
     firewall.enable = false;
     firewall.trustedInterfaces = [ "br0" ];
diff --git a/secrets b/secrets
index eb06c122..edfc43c8 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit eb06c122762133b7831475615b1a3b039eaa389e
+Subproject commit edfc43c84dfd93bb7df12d2125ba94bf3f6d1081