{ lib, pkgs, ... }:

{
  services.postgresql = {
    enable = true;
    settings = {
      # Set hashing algorithm
      password_encryption = "scram-sha-256";

      # Replication conf
      wal_level = "logical";
      max_wal_senders = "5";
      max_replication_slots = "5";
    };

    # Allow root to log in as postgres in the DB (for the PowerDNS container)
    # identMap = ''
    #   postgres root postgres
    # '';

    # authentication = lib.mkForce ''
    #   # TYPE DATABASE        USER            ADDRESS       AUTH-METHOD   [auth-options]
    #   # host   hexname-backend hexname-backend 127.0.0.1/24  scram-sha-256
    #   # host   postgres        postgres        127.0.0.1/24  scram-sha-256
    #   host   all        all        127.0.0.1/24  scram-sha-256
    #   # host   all             powerdns-user   127.0.0.1/24  scram-sha-256
    #   # local  all             root                          trust
    # '';

    # This password is only the initial one - don't get too excited
    initialScript = "/etc/env/hexname/init-db-dns.sql";
    # initialScript = pkgs.writeText "set-initial-password-script" ''
      # CREATE USER powerdns WITH PASSWORD 'shuaze-gagyof';
      # CREATE USER hexname_backend WITH PASSWORD 'shuaze-gagyof2' CREATEDB;
      # CREATE USER replication_user SUPERUSER WITH PASSWORD 'shuaze-gagyof3';

      # CREATE DATABASE powerdns OWNER "powerdns";
      # CREATE DATABASE hexname_backend OWNER "hexname-backend";
      # CREATE DATABASE hexname_backend OWNER "hexname-backend";

      # \c powerdns;
      # CREATE PUBLICATION powerdns_pub FOR ALL TABLES;

      # CREATE SUBSCRIPTION hexname_ns2
      #   CONNECTION 'host=publisher_ip_address port=5432 user=replication_user password=' ' dbname=powerdns'
      #   PUBLICATION powerdns_pub;
    # '';
      # ALTER USER "postgres" WITH PASSWORD 'shuaze-gagyof';
  };
}