{ pkgs, lib, ... }: { networking.firewall.allowedTCPPorts = [5432]; services.postgresql = { enable = true; enableTCPIP = true; package = pkgs.postgresql_14; settings = { listen_addresses = lib.mkForce "*"; port = 5432; max_connections = "300"; shared_buffers = "80MB"; }; authentication = '' local all all trust host replication all 127.0.0.1/32 trust host all all all trust ''; ensureUsers = [ { name = "hedgedoc"; ensureDBOwnership = true; } { name = "forgejo"; ensureDBOwnership = true; } { name = "grafana"; ensureDBOwnership = true; } { name = "authelia"; ensureDBOwnership = true; } { name = "vaultwarden"; ensureDBOwnership = true; } { name = "attic"; ensureDBOwnership = true; } { name = "miniflux"; ensureDBOwnership = true; } { name = "atuin"; ensureDBOwnership = true; } { name = "ec"; ensureDBOwnership = true; } ]; ensureDatabases = [ "forgejo" "hedgedoc" "grafana" "authelia" "vaultwarden" "attic" "miniflux" "atuin" "ec" ]; }; services.postgresqlBackup = { enable = true; databases = [ "forgejo" "hedgedoc" "grafana" "authelia" "vaultwarden" "attic" "miniflux" "atuin" ]; compression = "zstd"; compressionLevel = 4; startAt = "*-*-* 23:00:00"; }; }