{
  pkgs,
  config,
  ...
}:
{

  services = {
    grafana = {
      enable = true;
      settings = {
        security.admin_password = "$__file{${config.sops.secrets."services/grafana/admin_password".path}}";

        server = {
          domain = "grafana.noc.eh22.intern";
          root_url = "http://grafana.noc.eh22.intern/";
          http_addr = "127.0.0.1";
          http_port = 2342;
        };

        database = {
          type = "postgres";
          user = "grafana";
          host = "/run/postgresql";
        };
        feature_toggles.enable = "autoMigrateOldPanels newVizTooltips";
        security.angular_support_enabled = false;
      };
      provision = {
        enable = true;
        datasources.settings.datasources = [
          {
            name = "Mimir";
            type = "prometheus";
            uid = "mimir";
            access = "proxy";
            url = "http://127.0.0.1:9009/prometheus";
            isDefault = true;
          }
          {
            name = "Loki";
            type = "loki";
            uid = "loki";
            url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
          }
        ];
      };
    };

    postgresql = {
      enable = true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [
        {
          name = "grafana";
          ensureDBOwnership = true;
        }
      ];
    };

    nginx = {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts.${config.services.grafana.settings.server.domain} = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
          proxyWebsockets = true;
        };
      };
    };
  };
}