diff --git a/001-wrappers-grafana-cli.patch b/001-wrappers-grafana-cli.patch
new file mode 100644
index 0000000000000000000000000000000000000000..722d61fd65664e7a9729ec56c93566ede9e60e0d
--- /dev/null
+++ b/001-wrappers-grafana-cli.patch
@@ -0,0 +1,49 @@
+diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
+index 9cad151c0d..a786edc596 100755
+--- a/packaging/wrappers/grafana-cli
++++ b/packaging/wrappers/grafana-cli
+@@ -5,18 +5,19 @@
+ # the system-wide Grafana configuration that was bundled with the package as we
+ # use the binary.
+
+-DEFAULT=/etc/default/grafana
++DEFAULT=/etc/sysconfig/grafana-server
+
+ GRAFANA_HOME=/usr/share/grafana
+ CONF_DIR=/etc/grafana
+ DATA_DIR=/var/lib/grafana
+ PLUGINS_DIR=/var/lib/grafana/plugins
+ LOG_DIR=/var/log/grafana
++LIBEXEC_DIR=/usr/libexec/grafana
+
+ CONF_FILE=$CONF_DIR/grafana.ini
+ PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
+
+-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
++EXECUTABLE=$LIBEXEC_DIR/grafana-cli
+
+ if [ ! -x $EXECUTABLE ]; then
+ echo "Program not installed or not executable"
+@@ -24,6 +25,7 @@ if [ ! -x $EXECUTABLE ]; then
+ fi
+
+ # overwrite settings from default file
++#shellcheck disable=SC1090
+ if [ -f "$DEFAULT" ]; then
+ . "$DEFAULT"
+ fi
+@@ -36,4 +38,13 @@ OPTS="--homepath=${GRAFANA_HOME} \
+ cfg:default.paths.logs=${LOG_DIR} \
+ cfg:default.paths.plugins=${PLUGINS_DIR}'"
+
+-eval $EXECUTABLE "$OPTS" "$@"
++if [ "$(id -u)" -eq 0 ]; then
++ cd "${GRAFANA_HOME}"
++ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$OPTS" "$@"
++elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
++ cd "${GRAFANA_HOME}"
++ exec "$EXECUTABLE" "$OPTS" "$@"
++else
++ echo "Please run this script as user \"${GRAFANA_USER}\" or root."
++ exit 5
++fi
diff --git a/002-manpages.patch b/002-manpages.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fa82dc4499fc7938e8c249bd08f9d9e447bace16
--- /dev/null
+++ b/002-manpages.patch
@@ -0,0 +1,156 @@
+diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1
+new file mode 100644
+index 0000000000..7ac2af882c
+--- /dev/null
++++ b/docs/man/man1/grafana-cli.1
+@@ -0,0 +1,60 @@
++.TH GRAFANA "1" "December 2020" "Grafana cli version 7.3.6" "User Commands"
++.SH NAME
++grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
++.SH DESCRIPTION
++.SS "NAME:"
++.IP
++grafana-cli
++.SS "USAGE:"
++.IP
++\fBgrafana\-cli\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] [\fIarguments\fP...]
++.SS "COMMANDS:"
++.TP
++plugins
++Manage plugins for grafana
++.TP
++admin
++Grafana admin commands
++.TP
++help, h
++Shows a list of commands or help for one command
++.SS "GLOBAL OPTIONS:"
++.TP
++\fB\-\-pluginsDir\fR value
++path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR]
++.TP
++\fB\-\-repo\fR value
++url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO]
++.TP
++\fB\-\-pluginUrl\fR value
++Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL]
++.TP
++\fB\-\-insecure\fR
++Skip TLS verification (insecure)
++.TP
++\fB\-\-debug\fR, \fB\-d\fR
++enable debug logging
++.TP
++\fB\-\-configOverrides\fR value
++Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null
++.TP
++\fB\-\-homepath\fR value
++Path to Grafana install/home path, defaults to working directory
++.TP
++\fB\-\-config\fR value
++Path to config file
++.TP
++\fB\-\-help\fR, \fB\-h\fR
++show help
++.TP
++\fB\-\-version\fR, \fB\-v\fR
++print the version
++.SH "SEE ALSO"
++Additional documentation for
++.B grafana-cli
++is available on-line at
++.BR http://docs.grafana.org/administration/cli/ .
++The full documentation for
++.B Grafana
++is available on-line at
++.BR http://docs.grafana.org/ .
+diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1
+new file mode 100644
+index 0000000000..c616268b31
+--- /dev/null
++++ b/docs/man/man1/grafana-server.1
+@@ -0,0 +1,84 @@
++.TH VERSION "1" "December 2020" "Version 7.3.6" "User Commands"
++.SH NAME
++grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
++.SH DESCRIPTION
++.B grafana-server
++is the back-end server for the Grafana metrics dashboard and graph editor.
++The
++.B grafana-server
++program should not normally be run from the command line,
++except when testing or for development purposes.
++Rather it should be managed by
++.BR systemd .
++After installing Grafana, the systemd service should be enabled and started as follows:
++.P
++.in 1i
++.B systemctl daemon-reload
++.br
++.B systemctl enable grafana-server.service
++.br
++.B systemctl start grafana-server.service
++.in
++.P
++.SH OPTIONS
++The
++.B gafana-server
++configuration is specified in
++.BR /etc/grafana/grafana.ini
++and is well documented with comments.
++The command-line options listed below override options of
++the same (or similar) name in the configuration file.
++.P
++.HP
++\fB\-config\fR string
++.IP
++path to config file
++.HP
++\fB\-convey-json\fR
++.IP
++When true, emits results in JSON blocks. Default: 'false'
++.HP
++\fB\-convey-silent\fR
++.IP
++When true, all output from GoConvey is suppressed.
++.HP
++\fB\-convey-story\fR
++.IP
++When true, emits story output, otherwise emits dot output. When not provided, this flag mirrors the value of the '-test.v' flag
++.HP
++\fB\-homepath\fR string
++.IP
++path to grafana install/home path, defaults to working directory
++.HP
++\fB\-packaging\fR string
++.IP
++describes the way Grafana was installed (default "unknown")
++.HP
++\fB\-pidfile\fR string
++.IP
++path to pid file
++.HP
++\fB\-profile\fR
++.IP
++Turn on pprof profiling
++.HP
++\fB\-profile\-port\fR uint
++.IP
++Define custom port for profiling (default 6060)
++.HP
++\fB\-tracing\fR
++.IP
++Turn on tracing
++.HP
++\fB\-tracing\-file\fR string
++.IP
++Define tracing output file (default "trace.out")
++.TP
++\fB\-v\fR
++.IP
++prints current version and exits
++.SH "SEE ALSO"
++The full documentation for
++.B Grafana
++is available on-line at
++.BR http://docs.grafana.org/ .
diff --git a/003-remove-dashboard-abspath-test.patch b/003-remove-dashboard-abspath-test.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2076441eeb5c56a2d7d89c7af4e6a79ad0d85d34
--- /dev/null
+++ b/003-remove-dashboard-abspath-test.patch
@@ -0,0 +1,41 @@
+diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
+index 3584bbc242..3d37f5e104 100644
+--- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go
++++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go
+@@ -33,6 +33,11 @@ func TestProvisionedSymlinkedFolder(t *testing.T) {
+ t.Errorf("expected err to be nil")
+ }
+
++ want, err = filepath.EvalSymlinks(want)
++ if err != nil {
++ t.Errorf("expected err to be nil %v", err)
++ }
++
+ resolvedPath := reader.resolvedPath()
+ if resolvedPath != want {
+ t.Errorf("got %s want %s", resolvedPath, want)
+diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go
+index 33fe6a0a68..2c67ebb677 100644
+--- a/pkg/services/provisioning/dashboards/file_reader_test.go
++++ b/pkg/services/provisioning/dashboards/file_reader_test.go
+@@ -340,20 +340,6 @@ func TestDashboardFileReader(t *testing.T) {
+ So(err, ShouldBeNil)
+
+ So(len(fakeService.provisioned["Default"]), ShouldEqual, 1)
+- So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1)
+- })
+-
+- Convey("Missing dashboard should be deleted if DisableDeletion = false", func() {
+- reader, err := NewDashboardFileReader(cfg, logger)
+- So(err, ShouldBeNil)
+-
+- err = reader.startWalkingDisk()
+- So(err, ShouldBeNil)
+-
+- So(len(fakeService.provisioned["Default"]), ShouldEqual, 1)
+- So(fakeService.provisioned["Default"][0].ExternalId, ShouldEqual, absPath1)
+- So(len(fakeService.inserted), ShouldEqual, 1)
+- So(fakeService.inserted[0].Dashboard.Id, ShouldEqual, 1)
+ })
+ })
+
diff --git a/004-pin-yarn-version.patch b/004-pin-yarn-version.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a7dc34da54750a2b942e08d62eafde914bd4384d
--- /dev/null
+++ b/004-pin-yarn-version.patch
@@ -0,0 +1,13 @@
+diff --git a/package.json b/package.json
+index ce11ba6de8..a3210762ed 100644
+--- a/package.json
++++ b/package.json
+@@ -314,6 +314,7 @@
+ "node": ">=12 <13"
+ },
+ "volta": {
+- "node": "12.19.0"
++ "node": "12.19.0",
++ "yarn": "1.22.10"
+ }
+ }
diff --git a/005-remove-saml-dependency.patch b/005-remove-saml-dependency.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d164b3342653646236b42693824d741824d4567e
--- /dev/null
+++ b/005-remove-saml-dependency.patch
@@ -0,0 +1,39 @@
+diff --git a/go.mod b/go.mod
+index bb073996ac..c1b6c3219c 100644
+--- a/go.mod
++++ b/go.mod
+@@ -19,7 +19,6 @@ require (
+ github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3
+ github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
+ github.com/centrifugal/centrifuge v0.11.0
+- github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e
+ github.com/davecgh/go-spew v1.1.1
+ github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec
+ github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect
+diff --git a/go.sum b/go.sum
+index c79d983b88..f45fa68f41 100644
+--- a/go.sum
++++ b/go.sum
+@@ -228,10 +228,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSY
+ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+ github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs=
+-github.com/crewjam/saml v0.4.1 h1:ZNSRJvdbypQDY2uApMngeIHNcxS6UCRAgiw3S+pmgRU=
+-github.com/crewjam/saml v0.4.1/go.mod h1:vHcshzXm2WkPOV1dcToZa99cCB1h3nPiKLtLYK+erBE=
+-github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e h1:CFIpybPh+vrxRD6R3t2BCV9hdtlOQudsj1vB1ECXOo4=
+-github.com/crewjam/saml v0.4.4-0.20201214083806-0dd2422c212e/go.mod h1:qCJQpUtZte9R1ZjUBcW8qtCNlinbO363ooNl02S68bk=
+ github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
+ github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
+ github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
+diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
+index 337f6566f8..b15c3f907b 100644
+--- a/pkg/extensions/main.go
++++ b/pkg/extensions/main.go
+@@ -5,7 +5,6 @@ import (
+ // remove the cron (v1) dependency
+
+ _ "github.com/beevik/etree"
+- _ "github.com/crewjam/saml"
+ _ "github.com/gobwas/glob"
+ "github.com/grafana/grafana/pkg/registry"
+ "github.com/grafana/grafana/pkg/services/licensing"
diff --git a/distro-defaults.ini b/distro-defaults.ini
new file mode 100644
index 0000000000000000000000000000000000000000..d925297f43aa432f20852e9fb9a9c741a9648814
--- /dev/null
+++ b/distro-defaults.ini
@@ -0,0 +1,860 @@
+##################### Grafana Configuration Defaults #####################
+#
+# Do not modify this file in grafana installs
+#
+
+# possible values : production, development
+app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+instance_name = ${HOSTNAME}
+
+#################################### Paths ###############################
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+data = /var/lib/grafana
+
+# Temporary files in `data` directory older than given duration will be removed
+temp_data_lifetime = 24h
+
+# Directory where grafana can store logs
+logs = /var/log/grafana
+
+# Directory where grafana will automatically scan and look for plugins
+plugins = /var/lib/grafana/plugins
+
+# folder that contains provisioning config files that grafana will apply on startup and while running.
+provisioning = /etc/grafana/provisioning
+
+#################################### Server ##############################
+[server]
+# Protocol (http, https, h2, socket)
+protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+http_addr =
+
+# The http port to use
+http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+domain = localhost
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+enforce_domain = false
+
+# The full public facing url
+root_url = %(protocol)s://%(domain)s:%(http_port)s/
+
+# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
+serve_from_sub_path = false
+
+# Log web requests
+router_logging = false
+
+# the path relative working path
+static_root_path = public
+
+# enable gzip
+enable_gzip = false
+
+# https certs & key file
+cert_file =
+cert_key =
+
+# Unix socket path
+socket = /tmp/grafana.sock
+
+#################################### Database ############################
+[database]
+# You can configure the database connection by specifying type, host, name, user and password
+# as separate properties or as on string using the url property.
+
+# Either "mysql", "postgres" or "sqlite3", it's your choice
+type = sqlite3
+host = 127.0.0.1:3306
+name = grafana
+user = root
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+password =
+# Use either URL or the previous fields to configure the database
+# Example: mysql://user:secret@host:port/database
+url =
+
+# Max idle conn setting default is 2
+max_idle_conn = 2
+
+# Max conn setting default is 0 (mean not set)
+max_open_conn =
+
+# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
+conn_max_lifetime = 14400
+
+# Set to true to log the sql calls and execution times.
+log_queries =
+
+# For "postgres", use either "disable", "require" or "verify-full"
+# For "mysql", use either "true", "false", or "skip-verify".
+ssl_mode = disable
+
+ca_cert_path =
+client_key_path =
+client_cert_path =
+server_cert_name =
+
+# For "sqlite3" only, path relative to data_path setting
+path = grafana.db
+
+# For "sqlite3" only. cache mode setting used for connecting to the database
+cache_mode = private
+
+#################################### Cache server #############################
+[remote_cache]
+# Either "redis", "memcached" or "database" default is "database"
+type = database
+
+# cache connectionstring options
+# database: will use Grafana primary database.
+# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
+# memcache: 127.0.0.1:11211
+connstr =
+
+#################################### Data proxy ###########################
+[dataproxy]
+
+# This enables data proxy logging, default is false
+logging = false
+
+# How long the data proxy waits before timing out, default is 30 seconds.
+# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set.
+timeout = 30
+
+# How many seconds the data proxy waits before sending a keepalive request.
+keep_alive_seconds = 30
+
+# How many seconds the data proxy waits for a successful TLS Handshake before timing out.
+tls_handshake_timeout_seconds = 10
+
+# How many seconds the data proxy will wait for a server's first response headers after
+# fully writing the request headers if the request has an "Expect: 100-continue"
+# header. A value of 0 will result in the body being sent immediately, without
+# waiting for the server to approve.
+expect_continue_timeout_seconds = 1
+
+# The maximum number of idle connections that Grafana will keep alive.
+max_idle_connections = 100
+
+# How many seconds the data proxy keeps an idle connection open before timing out.
+idle_conn_timeout_seconds = 90
+
+# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request.
+send_user_header = false
+
+#################################### Analytics ###########################
+[analytics]
+# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
+# No ip addresses are being tracked, only simple counters to track
+# running instances, dashboard and error counts. It is very helpful to us.
+# Change this option to false to disable reporting.
+reporting_enabled = false
+
+# Set to false to disable all checks to https://grafana.com
+# for new versions (grafana itself and plugins), check is used
+# in some UI views to notify that grafana or plugin update exists
+# This option does not cause any auto updates, nor send any information
+# only a GET request to https://grafana.com to get latest versions
+check_for_updates = false
+
+# Google Analytics universal tracking code, only enabled if you specify an id here
+google_analytics_ua_id =
+
+# Google Tag Manager ID, only enabled if you specify an id here
+google_tag_manager_id =
+
+#################################### Security ############################
+[security]
+# disable creation of admin user on first start of grafana
+disable_initial_admin_creation = false
+
+# default admin user, created on startup
+admin_user = admin
+
+# default admin password, can be changed before first start of grafana, or in profile settings
+admin_password = admin
+
+# used for signing
+secret_key = SW2YcwTIb9zpOOhoPsMm
+
+# disable gravatar profile images
+disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+data_source_proxy_whitelist =
+
+# disable protection against brute force login attempts
+disable_brute_force_login_protection = false
+
+# set to true if you host Grafana behind HTTPS. default is false.
+cookie_secure = false
+
+# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
+cookie_samesite = lax
+
+# set to true if you want to allow browsers to render Grafana in a ,