{
  pkgs,
  config,
  ...
}:
{

  services = {
    grafana = {
      enable = true;
      settings = {
        security.admin_password = "$__file{${config.sops.secrets."services/grafana/admin_password".path}}";

        server = {
          domain = "grafana.noc.eh22.intern";
          root_url = "http://grafana.noc.eh22.intern/";
          http_addr = "127.0.0.1";
          http_port = 2342;
        };

        database = {
          type = "postgres";
          user = "grafana";
          host = "/run/postgresql";
        };
      };
    };

    postgresql = {
      enable = true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [
        {
          name = "grafana";
          ensureDBOwnership = true;
        }
      ];
    };

    nginx = {
      enable = true;
      virtualHosts.${config.services.grafana.settings.server.domain} = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
          proxyWebsockets = true;
        };
      };
    };
  };
}