{ config, pkgs, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "postgres";
  system.stateVersion = "21.11";

  environment.systemPackages = with pkgs; [ rsync ];

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 5432 ];

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_13;
    # yes scuffed, but technically lxd can do whatever with the ip's it gives
    authentication = ''
      local all all trust
      host all all 10.0.0.0/8 trust
      host all all fd42:14c:5baf:51ec:216:3eff:fe6e:32a7/96 trust
    '';
    ensureDatabases = [ "gitea" ];
    ensureUsers = [
      {
        name = "gitea";
        ensurePermissions = { "DATABASE \"gitea\"" = "ALL PRIVILEGES"; };
      }
    ];

    enableTCPIP = true;
  };
}