{ pkgs , storage , const , host , mkContainer , mkContainerConfig , ... } @args: let path = "${storage}/postgres"; in { systemd.tmpfiles.rules = map ( dirName: "d '${path}/${dirName}' 1777 root root - -" ) [ "data" ]; containers.postgres = mkContainer { autoStart = true; localAddress = "10.1.0.3"; privateNetwork = true; bindMounts = { "/var/lib/postgresql/data" = { hostPath = "${path}/data"; isReadOnly = false; }; }; config = { config, lib, pkgs, ... }: mkContainerConfig { system.stateVersion = const.stateVersion; users.users.root.password = ""; users.mutableUsers = false; networking = { useHostResolvConf = lib.mkForce false; firewall.enable = false; }; services.postgresql = let databases = [ "privatebin" ]; in { enable = true; package = pkgs.postgresql_14; dataDir = "/var/lib/postgresql/data/14"; enableTCPIP = true; authentication = '' host all all ${host}/32 trust host privatebin privatebin 10.1.0.14/32 trust ''; ensureDatabases = databases; ensureUsers = map (name: { inherit name; ensureDBOwnership = true; }) databases; }; }; }; }