Dealing with secrets in functional operating systems can range from pretty usable to complete hell. Nix has several answers to this problem, the more integrated of which appears to be
sops-nix. After spending some months envying our neighbors grass, I figured it was time for Guix to have its own (attempt at an) answer to the secrets problem.
If you need to run Grafana on the Guix System this post is the right place. In this example we'll setup Grafana to read metrics from the same machine it's run upon, but you can adapt this to use a remote datasource.
Many applications are packaged in OCI/Docker images but not in Guix. A good subset of them is written either in NodeJS, Go, Rust or languages that, as a general approach, encourage applications to have huge dependency graphs.