diff --git a/hosts/kroma/default.nix b/hosts/kroma/default.nix
index 8b1bce0..3f5a074 100644
--- a/hosts/kroma/default.nix
+++ b/hosts/kroma/default.nix
@@ -56,9 +56,6 @@
     popups = 20;
   };
 
-  nix.settings.trusted-substituters = ["https://ai.cachix.org"];
-  nix.settings.trusted-public-keys = ["ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="];
-
   #meta.promtail = {
   #  enable = true;
   #  proxy = "sentinel";
diff --git a/hosts/sire/guests/grafana.nix b/hosts/sire/guests/grafana.nix
index 0b80305..99995b5 100644
--- a/hosts/sire/guests/grafana.nix
+++ b/hosts/sire/guests/grafana.nix
@@ -77,6 +77,7 @@ in {
     };
   };
 
+  globals.services.grafana.domain = grafanaDomain;
   nodes.sentinel = {
     age.secrets.loki-basic-auth-hashes.generator.dependencies = [
       config.age.secrets.grafana-loki-basic-auth-password
diff --git a/hosts/sire/guests/influxdb.nix b/hosts/sire/guests/influxdb.nix
index f937e4c..7ad0af2 100644
--- a/hosts/sire/guests/influxdb.nix
+++ b/hosts/sire/guests/influxdb.nix
@@ -20,6 +20,74 @@ in {
     firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [influxdbPort];
   };
 
+  age.secrets.github-access-token = {
+    rekeyFile = config.node.secretsDir + "/github-access-token.age";
+    mode = "440";
+    group = "telegraf";
+  };
+
+  meta.telegraf.secrets."@GITHUB_ACCESS_TOKEN@" = config.age.secrets.github-access-token.path;
+  services.telegraf.extraConfig.outputs.influxdb_v2.urls = lib.mkForce ["http://localhost:${toString influxdbPort}"];
+  services.telegraf.extraConfig.inputs = {
+    ping = [
+      {
+        method = "native";
+        urls = [
+          "192.168.178.1"
+          "192.168.1.1"
+        ];
+        tags.type = "internal";
+        fieldpass = [
+          "percent_packet_loss"
+          "average_response_ms"
+          "standard_deviation_ms"
+          "reply_received"
+          "percent_reply_loss"
+        ];
+      }
+      {
+        method = "native";
+        urls = [
+          "1.1.1.1"
+          "8.8.8.8"
+          config.repo.secrets.global.domains.me
+          config.repo.secrets.global.domains.personal
+        ];
+        tags.type = "external";
+        fieldpass = [
+          "percent_packet_loss"
+          "average_response_ms"
+          "standard_deviation_ms"
+          "reply_received"
+          "percent_reply_loss"
+        ];
+      }
+    ];
+
+    # FIXME: pls define this on the relevant hosts. Then we can ping it from multiple other hosts
+    #http_response = [
+    #  {
+    #    urls = [
+    #    ];
+    #    response_string_match = "Index of /";
+    #    response_status_code = 200;
+    #  }
+    #];
+
+    github = {
+      access_token = "@GITHUB_ACCESS_TOKEN@";
+      repositories = [
+        "oddlama/agenix-rekey"
+        "oddlama/autokernel"
+        "oddlama/gentoo-install"
+        "oddlama/nix-config"
+        "oddlama/nix-topology"
+        "oddlama/vane"
+      ];
+    };
+  };
+
+  globals.services.influxdb.domain = influxdbDomain;
   nodes.sentinel = {
     networking.providedDomains.influxdb = influxdbDomain;
 
diff --git a/hosts/ward/guests/web-proxy.nix b/hosts/ward/guests/web-proxy.nix
index cb9d5e6..1f7c78a 100644
--- a/hosts/ward/guests/web-proxy.nix
+++ b/hosts/ward/guests/web-proxy.nix
@@ -33,72 +33,6 @@ in {
     inherit (acme) certs wildcardDomains;
   };
 
-  age.secrets.github-access-token = {
-    rekeyFile = config.node.secretsDir + "/github-access-token.age";
-    mode = "440";
-    group = "telegraf";
-  };
-
-  meta.telegraf.secrets."@GITHUB_ACCESS_TOKEN@" = config.age.secrets.github-access-token.path;
-  services.telegraf.extraConfig.inputs = {
-    ping = [
-      {
-        method = "native";
-        urls = [
-          "192.168.178.1"
-          "192.168.1.1"
-        ];
-        tags.type = "internal";
-        fieldpass = [
-          "percent_packet_loss"
-          "average_response_ms"
-          "standard_deviation_ms"
-          "reply_received"
-          "percent_reply_loss"
-        ];
-      }
-      {
-        method = "native";
-        urls = [
-          "1.1.1.1"
-          "8.8.8.8"
-          config.repo.secrets.global.domains.me
-          config.repo.secrets.global.domains.personal
-        ];
-        tags.type = "external";
-        fieldpass = [
-          "percent_packet_loss"
-          "average_response_ms"
-          "standard_deviation_ms"
-          "reply_received"
-          "percent_reply_loss"
-        ];
-      }
-    ];
-
-    # FIXME: pls define this on the relevant hosts. Then we can ping it from multiple other hosts
-    #http_response = [
-    #  {
-    #    urls = [
-    #    ];
-    #    response_string_match = "Index of /";
-    #    response_status_code = 200;
-    #  }
-    #];
-
-    github = {
-      access_token = "@GITHUB_ACCESS_TOKEN@";
-      repositories = [
-        "oddlama/agenix-rekey"
-        "oddlama/autokernel"
-        "oddlama/gentoo-install"
-        "oddlama/nix-config"
-        "oddlama/nix-topology"
-        "oddlama/vane"
-      ];
-    };
-  };
-
   services.nginx = {
     upstreams.fritzbox = {
       servers."192.168.178.1" = {};