{ ... }:
let
  fqdn = "graph.freun.dev";
  port = 3300;
in
{
  services.grafana = {
    enable = true;

    settings = {
      server = {
        root_url = "https://${fqdn}";
        http_port = port;
      };

      database = {
        host = "/var/run/postgresql";
        type = "postgres";
        user = "grafana";
      };

      smtp = {
        enabled = true;
        host = "horologium.uberspace.de";
        from_address = "noreply@freun.dev";
        from_name = "Vaultwarden";
        user = "noreply@freun.dev";
        password = "$__file{/var/secrets/smtp-password}";
      };
    };
  };

  services.prometheus = {
    enable = true;
    exporters.node.enable = true;
    scrapeConfigs = [
      {
        job_name = "node";
        static_configs = [
          { targets = [ "localhost:9100" ]; }
        ];
      }
    ];
  };

  modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;

  services.postgresql = {
    ensureDatabases = [ "grafana" ];
    ensureUsers = [{
      name = "grafana";
      ensureDBOwnership = true;
    }];
  };
}