{ config, pkgs, lib, ... }:
{
  services.postgresql = {
    enable = true;
    enableTCPIP = true;

    authentication = ''
      host all all 172.16.0.0/12 md5
    '';
  };

  services.postgresqlBackup = {
    enable = true;
    location = "/tank/backup/postgresql";
    startAt = "*-*-* 03:15:00";

    # Each service is registered in its own configuration file
    databases = [ ];
  };

  # Docker containers on this host can reach postgres
  networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";

  environment.systemPackages = [ config.services.postgresql.package ];
}