diff --git a/main.tf b/main.tf
index 8ff584f8..9cea334a 100644
--- a/main.tf
+++ b/main.tf
@@ -138,6 +138,7 @@ variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
 variable "pve_password" { type = string }
 variable "grafana_db_password" { type = string }
+variable "grafana_admin_password" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
 variable "wealthfolio_password_hash" { type = string }
@@ -154,8 +155,8 @@ variable "slack_channel" { type = string }
 variable "affine_postgresql_password" { type = string }
 variable "health_postgresql_password" { type = string }
 variable "health_secret_key" { type = string }
-variable "moltbot_ssh_key" { type = string }
-variable "moltbot_skill_secrets" { type = map(string) }
+variable "openclaw_ssh_key" { type = string }
+variable "openclaw_skill_secrets" { type = map(string) }
 variable "gemini_api_key" { type = string }
 variable "llama_api_key" { type = string }
 variable "brave_api_key" { type = string }
@@ -676,6 +677,7 @@ module "kubernetes_cluster" {
   haos_api_token           = var.haos_api_token
   pve_password             = var.pve_password
   grafana_db_password      = var.grafana_db_password
+  grafana_admin_password   = var.grafana_admin_password
 
   clickhouse_password          = var.clickhouse_password
   clickhouse_postgres_password = var.clickhouse_postgres_password
@@ -700,8 +702,8 @@ module "kubernetes_cluster" {
   affine_postgresql_password = var.affine_postgresql_password
   health_postgresql_password = var.health_postgresql_password
   health_secret_key          = var.health_secret_key
-  moltbot_ssh_key            = var.moltbot_ssh_key
-  moltbot_skill_secrets      = var.moltbot_skill_secrets
+  openclaw_ssh_key            = var.openclaw_ssh_key
+  openclaw_skill_secrets      = var.openclaw_skill_secrets
   gemini_api_key             = var.gemini_api_key
   llama_api_key              = var.llama_api_key
   brave_api_key              = var.brave_api_key
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 955a7376..f00f1769 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -109,6 +109,7 @@ variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
 variable "pve_password" { type = string }
 variable "grafana_db_password" { type = string }
+variable "grafana_admin_password" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
 variable "wealthfolio_password_hash" { type = string }
@@ -125,8 +126,8 @@ variable "slack_channel" { type = string }
 variable "affine_postgresql_password" { type = string }
 variable "health_postgresql_password" { type = string }
 variable "health_secret_key" { type = string }
-variable "moltbot_ssh_key" { type = string }
-variable "moltbot_skill_secrets" { type = map(string) }
+variable "openclaw_ssh_key" { type = string }
+variable "openclaw_skill_secrets" { type = map(string) }
 variable "gemini_api_key" { type = string }
 variable "llama_api_key" { type = string }
 variable "brave_api_key" { type = string }
@@ -165,7 +166,7 @@ locals {
       "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf",
       "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n",
       "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama",
-      "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify", "mcaptcha", "affine", "plotting-book", "whisper", "grampsweb", "osm-routing", "moltbot"
+      "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify", "mcaptcha", "affine", "plotting-book", "whisper", "grampsweb", "osm-routing", "openclaw"
     ],
   }
   active_modules = distinct(flatten([
@@ -320,6 +321,7 @@ module "monitoring" {
   haos_api_token                = var.haos_api_token
   pve_password                  = var.pve_password
   grafana_db_password           = var.grafana_db_password
+  grafana_admin_password        = var.grafana_admin_password
   tier                          = local.tiers.cluster
 }
 
@@ -1164,12 +1166,12 @@ module "grampsweb" {
   depends_on = [null_resource.core_services]
 }
 
-module "moltbot" {
-  source          = "./moltbot"
-  for_each        = contains(local.active_modules, "moltbot") ? { moltbot = true } : {}
+module "openclaw" {
+  source          = "./openclaw"
+  for_each        = contains(local.active_modules, "openclaw") ? { openclaw = true } : {}
   tls_secret_name = var.tls_secret_name
-  ssh_key         = var.moltbot_ssh_key
-  skill_secrets   = var.moltbot_skill_secrets
+  ssh_key         = var.openclaw_ssh_key
+  skill_secrets   = var.openclaw_skill_secrets
   gemini_api_key  = var.gemini_api_key
   llama_api_key   = var.llama_api_key
   brave_api_key   = var.brave_api_key
diff --git a/modules/kubernetes/monitoring/grafana.tf b/modules/kubernetes/monitoring/grafana.tf
index 9e96247f..899f3478 100644
--- a/modules/kubernetes/monitoring/grafana.tf
+++ b/modules/kubernetes/monitoring/grafana.tf
@@ -60,9 +60,10 @@ resource "helm_release" "grafana" {
   create_namespace = true
   name             = "grafana"
   atomic           = true
+  timeout          = 600
 
   repository = "https://grafana.github.io/helm-charts"
   chart      = "grafana"
 
-  values = [templatefile("${path.module}/grafana_chart_values.yaml", { db_password = var.grafana_db_password })]
+  values = [templatefile("${path.module}/grafana_chart_values.yaml", { db_password = var.grafana_db_password, grafana_admin_password = var.grafana_admin_password })]
 }
diff --git a/modules/kubernetes/monitoring/grafana_chart_values.yaml b/modules/kubernetes/monitoring/grafana_chart_values.yaml
index d7b4ec7f..8cfc207f 100644
--- a/modules/kubernetes/monitoring/grafana_chart_values.yaml
+++ b/modules/kubernetes/monitoring/grafana_chart_values.yaml
@@ -1,6 +1,14 @@
 deploymentStrategy:
   type: RollingUpdate
 replicas: 3
+adminPassword: "${grafana_admin_password}"
+resources:
+  requests:
+    cpu: 50m
+    memory: 128Mi
+  limits:
+    cpu: 500m
+    memory: 512Mi
 persistence:
   enabled: false # using external mysql
   existingClaim: "grafana-pvc"
@@ -8,7 +16,7 @@ ingress:
   enabled: "true"
   ingressClassName: "traefik"
   annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,traefik-authentik-forward-auth@kubernetescrd"
+    traefik.ingress.kubernetes.io/router.middlewares: "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd"
     traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
   tls:
     - secretName: "tls-secret"
diff --git a/modules/kubernetes/monitoring/main.tf b/modules/kubernetes/monitoring/main.tf
index ad08d326..baf05064 100644
--- a/modules/kubernetes/monitoring/main.tf
+++ b/modules/kubernetes/monitoring/main.tf
@@ -14,6 +14,7 @@ variable "tiny_tuya_service_secret" { type = string }
 variable "haos_api_token" { type = string }
 variable "pve_password" { type = string }
 variable "grafana_db_password" { type = string }
+variable "grafana_admin_password" { type = string }
 variable "tier" { type = string }
 
 resource "kubernetes_namespace" "monitoring" {