{
  config,
  pkgs,
  lib,
  ...
}:
{

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "prometheus.${config.networking.hostName}.private" = {
        extraConfig = ''
          allow ${config.tinc.private.subnet};
          deny all;
        '';
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.prometheus.port}";
        };
      };
    };
  };

  telemetry.apps.prometheus.enable = true;
  telemetry.apps.prometheus.retentionTime = "90d";

  services.grafana.provision.datasources.settings = {
    apiVersion = 1;
    datasources = [
      {
        name = "Prometheus";
        type = "prometheus";
        uid = "prometheus01";
        url = "http://localhost:${toString config.services.prometheus.port}";
      }
    ];
  };

}