diff --git a/roles/service-grafana/tasks/main.yml b/roles/service-grafana/tasks/main.yml
index b5d6d27..048746b 100644
--- a/roles/service-grafana/tasks/main.yml
+++ b/roles/service-grafana/tasks/main.yml
@@ -18,8 +18,8 @@
     state: present
 
 - name: copy grafana.ini
-  copy:
-    src: grafana.ini
+  template:
+    src: grafana.ini.j2
     dest: /etc/grafana/grafana.ini
     owner: root
     group: grafana
diff --git a/roles/service-grafana/files/grafana.ini b/roles/service-grafana/templates/grafana.ini.j2
similarity index 90%
rename from roles/service-grafana/files/grafana.ini
rename to roles/service-grafana/templates/grafana.ini.j2
index b32c970..c105160 100644
--- a/roles/service-grafana/files/grafana.ini
+++ b/roles/service-grafana/templates/grafana.ini.j2
@@ -23,6 +23,8 @@ reporting_enabled = false
 
 [security]
 
+admin_user = admin
+admin_password = {{ lookup('passwordstore', 'grafana/admin') }};
 login_remember_days = 7
 
 [snapshots]
diff --git a/roles/service-grafana/templates/grafana_vhost.conf.j2 b/roles/service-grafana/templates/grafana_vhost.conf.j2
index 92d5155..511046e 100644
--- a/roles/service-grafana/templates/grafana_vhost.conf.j2
+++ b/roles/service-grafana/templates/grafana_vhost.conf.j2
@@ -1,7 +1,7 @@
 server {
     listen 80;
     listen [::]:80;
-    server_name stats.{{ http_domain_internal }} stats.{{ http_domain_external }};
+    server_name {{ grafana_url_internal }} {{ grafana_url_external }};
 
     include /etc/nginx/snippets/redirect-to-ssl.conf;
     include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
@@ -10,7 +10,7 @@ server {
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
-    server_name stats.{{ http_domain_internal }} stats.{{ http_domain_external }};
+    server_name {{ grafana_url_internal }} {{ grafana_url_external }};
 
     ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
diff --git a/roles/service-grafana/vars/main.yml b/roles/service-grafana/vars/main.yml
new file mode 100644
index 0000000..720c56f
--- /dev/null
+++ b/roles/service-grafana/vars/main.yml
@@ -0,0 +1,3 @@
+---
+grafana_url_external: "{{ http_grafana_prefix }}.{{ http_domain_external }}"
+grafana_url_internal: "{{ http_grafana_prefix }}.{{ http_domain_internal }}"