diff --git a/namespaces/git/gitea-chart.yml b/namespaces/git/gitea-chart.yml
index 7ee3a46..83c41f1 100644
--- a/namespaces/git/gitea-chart.yml
+++ b/namespaces/git/gitea-chart.yml
@@ -39,6 +39,8 @@ spec:
         database:
           DB_TYPE: sqlite3
           NAME: /data/gitea/gitea.db
+        actions:
+          ENABLED: true
     actions:
       enabled: true
       provisioning:
diff --git a/namespaces/monitoring/authentik-oauth-client-secret.yml b/namespaces/monitoring/authentik-oauth-client-secret.yml
new file mode 100644
index 0000000..27ff0e0
--- /dev/null
+++ b/namespaces/monitoring/authentik-oauth-client-secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authentik-oauth-client-secret
+  namespace: monitoring
+type: Opaque
+stringData:
+  client-secret: "P6VVD9VSOpewht6kYMqRpsPNp3BUcwcJ4DUzIYIwnQ6XWtfZU3sGF3y229dqpA52e9aQVS3Bcn7SZso7ANyb6z3kcsCS7V173nH7tZtrpmHE5e7mNnLfD4LdxPWn1iWO"
diff --git a/namespaces/monitoring/kube-prometheus-stack-chart.yml b/namespaces/monitoring/kube-prometheus-stack-chart.yml
index 318e8ee..8f99f70 100644
--- a/namespaces/monitoring/kube-prometheus-stack-chart.yml
+++ b/namespaces/monitoring/kube-prometheus-stack-chart.yml
@@ -8,27 +8,14 @@ spec:
   targetNamespace: monitoring
   repo: https://prometheus-community.github.io/helm-charts
   # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
-  version: 70.0.2
+  version: 70.7.0
   valuesContent: |-
-
-  grafana.ini:
-    auth:
-        signout_redirect_url: "https://login.keligrubb.com/application/o/<Slug of the application from above>/end-session/"
-        oauth_auto_login: true
-    auth.generic_oauth:
-        name: authentik
-        enabled: true
-        client_id: "<Client ID from above>"
-        client_secret: "<Client Secret from above>"
-        scopes: "openid profile email"
-        auth_url: "https://login.keligrubb.com/application/o/authorize/"
-        token_url: "https://login.keligrubb.com/application/o/ti needoken/"
-        api_url: "https://login.keligrubb.com/application/o/userinfo/"
-        # Optionally map user groups to Grafana roles
-        role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
-
-
     grafana:
+      envValueFrom:
+        GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET:
+          secretKeyRef:
+            name: authentik-oauth-client-secret
+            key: client-secret
       defaultDashboardsTimezone: "US/Eastern"
       ingress:
         enabled: true
@@ -44,6 +31,21 @@ spec:
           - secretName: monitoring-tls
             hosts:
               - monitoring.keligrubb.com
+      grafana.ini:
+        server:
+          root_url: https://monitoring.keligrubb.com
+        auth:
+            signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
+            oauth_auto_login: true
+        auth.generic_oauth:
+            name: authentik
+            enabled: true
+            client_id: "exAcNQX8GILZdQHGUQfa9Dpj0XGSjTVBpfagQ8VL"
+            scopes: "openid profile email"
+            auth_url: "https://login.keligrubb.com/application/o/authorize/"
+            token_url: "https://login.keligrubb.com/application/o/token/"
+            api_url: "https://login.keligrubb.com/application/o/userinfo/"
+            role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
       additionalDataSources:
         - name: Loki
           type: loki