diff --git a/hosts/g18-next/configuration.nix b/hosts/g18-next/configuration.nix
index eb95bd1..01f8fa5 100644
--- a/hosts/g18-next/configuration.nix
+++ b/hosts/g18-next/configuration.nix
@@ -112,6 +112,42 @@ in
       ];
     };
   };
-
+  # service: grafana
+  sops.secrets."grafana/oauth_client_id" = {
+    owner = "grafana";
+  };
+  sops.secrets."grafana/oauth_client_secret" = {
+    owner = "grafana";
+  };
+  services.grafana = {
+    enable = true;
+    dataDir = "/data0/lib/grafana";
+    settings = {
+      server = {
+        http_addr = "192.168.122.118";
+        http_port = 3002;
+        domain = "grafana.nasp.fit";
+        root_url = "https://grafana.nasp.fit/";
+      };
+      auth = {
+        disable_login_form = true;
+        oauth_allow_insecure_email_lookup = true;
+      };
+      "auth.generic_oauth" = {
+        enabled = true;
+        name = "NASP Gitea";
+        allow_sign_up = true;
+        auto_login = true;
+        scopes = "read:user,read:organization";
+        empty_scopes = false;
+        auth_url = "https://git.nasp.fit/login/oauth/authorize";
+        token_url = "https://git.nasp.fit/login/oauth/access_token";
+        api_url = "https://git.nasp.fit/api/v1/user";
+        use_pkce = false;
+        client_id = "$__file{/run/secrets/grafana/oauth_client_id}";
+        client_secret = "$__file{/run/secrets/grafana/oauth_client_secret}";
+      };
+    };
+  };
   system.stateVersion = "24.05";
 }
diff --git a/hosts/g18-next/secrets.yaml b/hosts/g18-next/secrets.yaml
index 4c68f5f..b3c43a1 100644
--- a/hosts/g18-next/secrets.yaml
+++ b/hosts/g18-next/secrets.yaml
@@ -1,4 +1,7 @@
 telegraf: ENC[AES256_GCM,data:rL1OlmmKF7jAh4/QwHAAfZ3hLCjoxKCTTLDidyvhDYCn2tS9p08GFXLJXz5Fr9GZJtPSFfMqGNOHocRVbcirwGwQTpabAmE6qTXSjHruw4EcmDqWem4AXA4xaaAdVwwz0KFMCPw8JzbqQJUMFPKw5xJbGd/juwxHT1NM7yi/eWMMkudkiwmOIT8fTENDklWm,iv:Pwb24wZuL0TlKArUG5RhTobWShHZRtd6J+HMAXharEU=,tag:7w/yqXgeEORoaIlGnSFUbQ==,type:str]
+grafana:
+    oauth_client_id: ENC[AES256_GCM,data:Mw+SbgGoYhCCoOe5WeXHyRRdWMnQzLlWP+ei75T97ZeN2o/O,iv:B4SyyH6FQqpSadohyemIJE1ex1IrrkOG/awo69kssEw=,tag:Uqf3c38hrB5YKOks3zhOrQ==,type:str]
+    oauth_client_secret: ENC[AES256_GCM,data:AsBn/9GBryn99BSNR8IaIlLhEYbUCTJdx6tL8zvKplnAomiwWXJf2VEm1y17FblblG4+4RTJJTg=,iv:AAqGpbdB34f62Sauf+o0441EuMQ/MVaC6EdyLK3yJR4=,tag:XAzpuYhoF8Ul4wFwd9uInw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +17,8 @@ sops:
             SzdrSGh5S1lTMU8vZDJsTWcwQ2FGaFkKKqqNYoEz3bAD6wztI8Z8gy2iBOBitQSJ
             4z8HxXzSnnfvMVvnslfmCDOdImXZbgHmFbOjOLtkgfRPrTWS4PQwww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-17T16:06:28Z"
-    mac: ENC[AES256_GCM,data:lEga7oJh4nXn/f/nTcQX/3IawwpNa3cezphCAhdKvyxC6MIQD/YkhDpn8fx1OUTuwaGL6eko2xNhgwPP8QQvXLtYT6I/zOI5zWxWDbwymjefJSCKssKkl/YFSmbl1lnrqZ6z11fgM20pYAQfgvhfUgBmeNcUyNo0rugkqwYoG0s=,iv:7C5xmJBPAODkEBIxLEbdrMFMGkFOKx0QcgMPjRJGV0s=,tag:/1t4MVd2+19LUTTd99pXYw==,type:str]
+    lastmodified: "2024-06-21T03:27:01Z"
+    mac: ENC[AES256_GCM,data:1dRD2uQIX8cXjlGe42LIOnWMHXqrv11whxEZCVZl4nKYX+zPOeak5s566hVhOWqDWT6EgnkErZNF5+Xkt8zOvApqAzveEWCvh3rDRCfbaqXgHT562rjN2dGmbqyEef1/ROBkDcOmqbyks+hs4TY1Sf2GIqhZ6L+ws1nNyftBCQ4=,iv:p5wNhCmhFYNmZS1RCY+sr6CgC8xNK7TG1TwoTiLV/A4=,tag:I9lNkZX1IbNiIBFQ1wnPVQ==,type:str]
     pgp:
         - created_at: "2024-06-17T16:06:25Z"
           enc: |-