diff --git a/grafana/files/grafana.ini b/grafana/files/grafana.ini
index 7742a8f..970c201 100644
--- a/grafana/files/grafana.ini
+++ b/grafana/files/grafana.ini
@@ -29,14 +29,14 @@ http_addr = {{ server.bind.address }}
 http_port = {{ server.bind.port }}
 
 # The public facing domain name used to access grafana from a browser
-;domain = localhost
+domain = {{ server.get('domain', 'localhost') }}
 
 # Redirect to correct domain if host header does not match domain
 # Prevents DNS rebinding attacks
 ;enforce_domain = false
 
 # The full public facing url
-;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+root_url = {{ server.get('root_url', '%(protocol)s://%(domain)s:%(http_port)s/') }}
 
 # Log web requests
 ;router_logging = false
@@ -85,6 +85,10 @@ provider = {{ server.session.engine }}
 provider_config = addr={{ server.session.get('host', '127.0.0.1') }}:{{ server.session.get('port', 6379) }},db={{ server.session.get('db', 'grafana') }}
 {%- endif %}
 
+{%- if server.session.engine == 'mysql' %}
+provider_config = {{ server.session.get('user', 'grafana') }}:{{ server.session.get('password', 'grafana') }}@tcp({{ server.session.get('host', '127.0.0.1') }}:{{ server.session.get('port', 3306) }})/{{ server.session.get('db', 'grafana') }}
+{%- endif %}
+
 # Session cookie name
 ;cookie_name = grafana_sess
 
@@ -181,15 +185,19 @@ org_name = {{ server.auth.get('role', server.auth.anonymous.role) }}
 
 #################################### Google Auth ##########################
 [auth.google]
+{%- if server.auth.google.get('enabled') %}
+enabled = true
+allowed_domains = {{ server.auth.google.get('allowed_domains', '') }}
+allow_sign_up = {{ server.auth.google.get('allow_sign_up', 'false') }}
+client_id = {{ server.auth.google.get('client_id', '') }}
+client_secret = {{ server.auth.google.get('client_secret', '') }}
+scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
+auth_url = https://accounts.google.com/o/oauth2/auth
+token_url = https://accounts.google.com/o/oauth2/token
+api_url = https://www.googleapis.com/oauth2/v1/userinfo
+{%- else %}
 ;enabled = false
-;allow_sign_up = false
-;client_id = some_client_id
-;client_secret = some_client_secret
-;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-;auth_url = https://accounts.google.com/o/oauth2/auth
-;token_url = https://accounts.google.com/o/oauth2/token
-;api_url = https://www.googleapis.com/oauth2/v1/userinfo
-;allowed_domains =
+{%- endif %}
 
 #################################### Auth Proxy ##########################
 [auth.proxy]
diff --git a/grafana/server.sls b/grafana/server.sls
index 8bc42b1..676e001 100644
--- a/grafana/server.sls
+++ b/grafana/server.sls
@@ -1,9 +1,18 @@
 {%- from "grafana/map.jinja" import server with context %}
 {%- if server.get('enabled', False) %}
 
+grafana package repository:
+  pkgrepo.managed:
+    - name: deb https://packagecloud.io/grafana/stable/debian/ {{ grains["oscodename"] }} main
+    - keyid: 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB
+    - keyserver: hkp://p80.pool.sks-keyservers.net:80
+    - file: /etc/apt/sources.list.d/grafana.list
+    - refresh_db: True
+
 grafana_packages:
   pkg.installed:
   - names: {{ server.pkgs }}
+  - pkgrepo: grafana package repository
 
 /etc/grafana/grafana.ini:
   file.managed: