diff --git a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
index 3815699..40b2d34 100644
--- a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
@@ -43,17 +43,16 @@ spec:
     auth:
       disable_login: true
       disable_login_form: true
-    auth.generic_oauth:
-      enabled: true
-      name: Forgejo
-      allow_sign_up: false
-      use_refresh_token: true
-      client_id: grafana
-      client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
-      scopes: openid email profile offline_access roles
-      auth_url: https://dex.observability.t09.de/auth
-      token_url: https://dex.observability.t09.de/token
-      api_url: https://dex.observability.t09.de/userinfo
-      redirect_uri: https://grafana.observability.t09.de/login/generic_oauth
-      role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
-
+      generic_oauth:
+        enabled: true
+        name: Forgejo
+        allow_sign_up: false
+        use_refresh_token: true
+        client_id: grafana
+        client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
+        scopes: openid email profile offline_access roles
+        auth_url: https://dex.observability.t09.de/auth
+        token_url: https://dex.observability.t09.de/token
+        api_url: https://dex.observability.t09.de/userinfo
+        redirect_uri: https://grafana.observability.t09.de/login/generic_oauth
+        role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"