diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 7f2429c..5dba817 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -18,7 +18,6 @@ in
     root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
     sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
     borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age;
-    grafana-oidc.file = ../../secrets/grafana.jakstys.lt/oidc.age;
     letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age;
     vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age;
     synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age;
@@ -473,7 +472,6 @@ in
       grafana = {
         enable = true;
         port = myData.ports.grafana;
-        oidcSecretFile = config.age.secrets.grafana-oidc.path;
       };
 
       tailscale = {
diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix
index 52b1a42..9eed1d0 100644
--- a/modules/services/grafana/default.nix
+++ b/modules/services/grafana/default.nix
@@ -11,7 +11,6 @@ in
   options.mj.services.grafana = with lib.types; {
     enable = lib.mkEnableOption "enable grafana";
     port = lib.mkOption { type = port; };
-    oidcSecretFile = lib.mkOption { type = str; };
   };
 
   config = lib.mkIf cfg.enable {
@@ -47,33 +46,10 @@ in
           http_port = cfg.port;
         };
         users.auto_assign_org = true;
-        users.auto_assign_org_role = "Editor";
-
-        # https://github.com/grafana/grafana/issues/70203#issuecomment-1612823390
-        auth.oauth_allow_insecure_email_lookup = true;
-
-        "auth.generic_oauth" = {
-          enabled = true;
-          auto_login = true;
-          client_id = "5349c113-467d-4b95-a61b-264f2d844da8";
-          client_secret = "$__file{/run/grafana/oidc-secret}";
-          auth_url = "https://git.jakstys.lt/login/oauth/authorize";
-          api_url = "https://git.jakstys.lt/login/oauth/userinfo";
-          token_url = "https://git.jakstys.lt/login/oauth/access_token";
-        };
         feature_toggles.accessTokenExpirationCheck = true;
       };
     };
 
-    systemd.services.grafana = {
-      preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
-      serviceConfig = {
-        LogsDirectory = "grafana";
-        RuntimeDirectory = "grafana";
-        LoadCredential = [ "oidc:${cfg.oidcSecretFile}" ];
-      };
-    };
-
     mj.services.friendlyport.ports = [
       {
         subnets = [ myData.subnets.tailscale.cidr ];
diff --git a/secrets.nix b/secrets.nix
index adbd5b9..8bc803f 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -58,8 +58,6 @@ in
       "secrets/root_server_passwd_hash.age"
     ]
 // mk ([ fwminex ] ++ motiejus) [
-  "secrets/headscale/oidc_client_secret2.age"
-  "secrets/grafana.jakstys.lt/oidc.age"
   "secrets/vaultwarden/secrets.env.age"
   "secrets/letsencrypt/account.key.age"
 
diff --git a/secrets/grafana.jakstys.lt/oidc.age b/secrets/grafana.jakstys.lt/oidc.age
deleted file mode 100644
index d118e80..0000000
Binary files a/secrets/grafana.jakstys.lt/oidc.age and /dev/null differ