Consider using S3 bucket as storage.
Use a variable for the retention period which is shared with the Prometheus role.
Consider simple alerting rules.
Collect more logs (e.g. nginx, docker services).
Add Grafana dashboards.
Use Promtail on more servers.
HTTP Basic Auth as second factor.
Use JSON logging for more services.
It's a bit quiet in here.