{
  config,
  pkgs,
  lib,
  ...
}:
{

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "prometheus.${config.networking.hostName}.private" = {
        extraConfig = ''
          allow ${config.tinc.private.subnet};
          deny all;
        '';
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.prometheus.port}";
        };
      };
    };
  };

  services.prometheus = {
    checkConfig = "syntax-only";
    enable = true;
    # keep data for 30 days
    extraFlags = [ "--storage.tsdb.retention.time=90d" ];
  };

  services.grafana.provision.datasources.settings = {
    apiVersion = 1;
    datasources = [
      {
        name = "Prometheus";
        type = "prometheus";
        uid = "prometheus01";
        url = "http://localhost:${toString config.services.prometheus.port}";
      }
    ];
  };

}