{ config, pkgs, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "postgres";
  system.stateVersion = "21.11";

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 5432 ];

  services.postgresql = {
    enable = true;
    # yes scuffed, but technically lxd can do whatever with the ip's it gives
    authentication = "host all all 10.0.0.0/24 trust";
    ensureDatabases = [ "gitea" ];
    ensureUsers = [{
      name = "gitea";
      ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
    }];
    enableTCPIP = true;
  };
}