{ storage
, host
, mkContainer
, mkContainerConfig
, mkContainerDir
, ... } @args: let
	address = "10.1.0.3";
	path    = "${storage}/postgres";
in {
	systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
		"data"
	];

	containers.postgres = mkContainer address {
		bindMounts = {
			"/var/lib/postgresql/data" = {
				hostPath   = "${path}/data";
				isReadOnly = false;
			};
		};

		config = { pkgs, ... }: mkContainerConfig {
			services.postgresql = let
				databases = [
					"privatebin"
				];
			in {
				enable = true;
				package = pkgs.postgresql_14;
				dataDir = "/var/lib/postgresql/data/14";
				enableTCPIP = true;
				authentication = ''
					host all all ${host}/32 trust
					host privatebin privatebin 10.1.0.14/32 trust
				'';
				ensureDatabases = databases;
				ensureUsers = map (name: {
					inherit name;
					ensureDBOwnership = true;
				}) databases;
			};
		};
	};
}