diff --git a/hosts/marvin/services/grafana.nix b/hosts/marvin/services/grafana.nix
index 1452f25..7ff3152 100644
--- a/hosts/marvin/services/grafana.nix
+++ b/hosts/marvin/services/grafana.nix
@@ -1,36 +1,41 @@
 {config, ...}: {
   services.grafana = {
     enable = true;
-    domain = "stats.thehedgehog.me";
-    port = 6914;
-    addr = "0.0.0.0";
-    rootUrl = "https://stats.thehedgehog.me";
-    auth.google.enable = false;
-    auth.azuread.enable = false;
-    auth.disableLoginForm = true;
-    security = {
-      adminUser = "thehedgeh0g";
-      adminPasswordFile = config.age.secrets.grafana-admin.path;
-    };
-    smtp = {
-      enable = true;
-      user = "grafana@thehedgehog.me";
-      fromAddress = "grafana@thehedgehog.me";
-      host = "smtp.migadu.com:465";
-      passwordFile = config.age.secrets.grafana-smtp-password.path;
-    };
-    analytics.reporting.enable = false;
-    extraOptions = {
-      AUTH_GENERIC_OAUTH_NAME = "auth";
-      AUTH_GENERIC_OAUTH_ICON = "signin";
-      AUTH_GENERIC_OAUTH_ENABLED = "true";
-      AUTH_GENERIC_OAUTH_CLIENT_ID = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";
-      AUTH_GENERIC_OAUTH_CLIENT_SECRET = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";
-      AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.thehedgehog.me/application/o/authorize/";
-      AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.thehedgehog.me/application/o/token/";
-      AUTH_GENERIC_OAUTH_API_URL = "https://auth.thehedgehog.me/application/o/userinfo/";
-      AUTH_SIGNOUT_REDIRECT_URL = "https://auth.thehedgehog.me/if/session-end/stathog/";
-      AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
+    settings = {
+        analytics.reporting_enable = false;
+        "auth.generic_oauth" = {
+                name = "central";
+                icon = "signin";
+                enabled = "true";
+                client_id = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";
+                client_secret = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";
+                auth_url = "https://auth.thehedgehog.me/application/o/authorize/";
+                token_url = "https://auth.thehedgehog.me/application/o/token/";
+                api_url = "https://auth.thehedgehog.me/application/o/userinfo/";
+                scopes = "openid profile email";
+        };
+        "auth" = {
+            signout_redirect_url = "https://auth.thehedgehog.me/if/session-end/stathog/";
+            disableLoginForm = true;
+        };
+        security = {
+            admin_user = "thehedgeh0g";
+            admin_password = "$__file{${config.age.secrets.grafana-admin.path}}";
+        };
+        server = {
+            root_url = "https://stats.thehedgehog.me";
+            domain = "stats.thehedgehog.me";
+            http_port = 6914;
+            http_addr = "0.0.0.0";
+        };
+        smtp = {
+            enabled = true;
+            user = "grafana@thehedgehog.me";
+            from_address = "grafana@thehedgehog.me";
+            host = "smtp.migadu.com:465";
+            password = "$__file{${config.age.secrets.grafana-smtp-password.path}}";
+        };
     };
+
   };
 }