diff --git a/flake.nix b/flake.nix
index 31b1ed7..56c1274 100644
--- a/flake.nix
+++ b/flake.nix
@@ -56,6 +56,7 @@
         nginx = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
             "${inputs.self}/services"
             {
@@ -89,6 +90,7 @@
         jellyfin = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             microvm.nixosModules.microvm
             "${inputs.self}/systems"
             "${inputs.self}/services"
@@ -110,6 +112,7 @@
         redis = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
             "${inputs.self}/services"
             {
@@ -145,12 +148,14 @@
         grafana = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             microvm.nixosModules.microvm
             "${inputs.self}/systems"
             "${inputs.self}/services"
             {
               services.vm_grafana = {
                 enable   = true;
+                vm_ip    = "192.168.1.27";
                 proxy_ip = proxy_host;
                 pgsql_ip = pgsql_host;
               };
@@ -168,6 +173,7 @@
         netbox = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             microvm.nixosModules.microvm
             "${inputs.self}/systems"
             "${inputs.self}/services"
@@ -189,6 +195,7 @@
         authentik = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
+            agenix.nixosModules.default
             inputs.authentik-nix.nixosModules.default
             {
               services.authentik = {
diff --git a/services/grafana/default.nix b/services/grafana/default.nix
index 2f331a4..20439a6 100644
--- a/services/grafana/default.nix
+++ b/services/grafana/default.nix
@@ -21,13 +21,9 @@ in
   config = lib.mkIf cfg.enable {
     age.secrets.grafana-db = {
       file  = ./secrets/grafana-db.age;
-      mode  = "0660";
       owner = "grafana";
     };
-    age.secrets.kuma-token = {
-      file  = ./secrets/kuma-token.age;
-      mode  = "0660";
-    };
+    age.secrets.kuma-token.file  = ./secrets/kuma-token.age;
     services.rsyslogd = {
       enable = true;
       extraConfig = ''
@@ -61,7 +57,7 @@ in
           host     = "${cfg.pgsql_ip}:5432";
           name     = "grafana";
           user     = "grafana";
-          password = "\$__file{${config.age.secrets.grafana-db.path}";
+          password = "\$__file{${config.age.secrets.grafana-db.path}}";
         };
       };
     };