diff --git a/modules/services/grafana/module.nix b/modules/services/grafana/module.nix
new file mode 100644
index 0000000..6a9a9a4
--- /dev/null
+++ b/modules/services/grafana/module.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.modules.services.grafana;
+in {
+  options.modules.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
+
+    modules.system.services.database.postgresql.enable = true;
+
+    services.grafana = {
+      enable = true;
+      package = pkgs.grafana;
+
+      port = 4021;
+      domain = "localhost";
+
+      settings = {
+        server = {
+          http_addr = "127.0.0.1";
+          http_port = 4021;
+
+          root_url = "https://info.copeberg.org";
+          domain = "info.copeberg.org";
+          enforce_domain = true;
+        };
+        database = {
+          type = "postgres";
+          host = "/run/postgresql";
+          name = "grafana";
+          user = "grafana";
+          ssl_mode = "disable";
+        };
+
+        analytics = {
+          reporting_enabled = false;
+          check_for_updates = false;
+        };
+
+        # users.allow_signup = false;
+      };
+    };
+  };
+}
diff --git a/modules/services/postgresql/module.nix b/modules/services/postgresql/module.nix
index 84e95b5..c055d0a 100644
--- a/modules/services/postgresql/module.nix
+++ b/modules/services/postgresql/module.nix
@@ -27,6 +27,7 @@ in {
 
       ensureDatabases = [
         "git"
+        "grafana"
       ];
 
       ensureUsers = [
@@ -44,6 +45,10 @@ in {
           name = "git";
           ensureDBOwnership = true;
         }
+        {
+          name = "grafana";
+          ensureDBOwnership = true;
+        }
       ];
       settings = {
         # taken from https://pgconfigurator.cybertec.at/