{ lib, pkgs, ... }:

{
  services.postgresql = {
    enable = true;

    # settings = {
    #   listen_addresses = lib.mkForce "127.0.0.1,10.89.0.10";
    # };

    # Allow root to log in as postgres in the DB (for the PowerDNS container)
    identMap = ''
      postgres root postgres
    '';

    authentication = lib.mkForce ''
      # TYPE DATABASE        USER            ADDRESS       AUTH-METHOD   [auth-options]
      host   hexname-backend hexname-backend 127.0.0.1/24  scram-sha-256
      # host   all             powerdns-user   127.0.0.1/24  scram-sha-256
      # local  all             root                          trust
    '';

    ensureUsers = [ { name = "hexname-backend"; } ];
    # No need to define the DB since `diesel` creates everything

    # This password is only the initial one - don't get too excited
    initialScript = pkgs.writeText "set-initial-password-script" ''
      alter user hexname-backend with password 'shuaze-gagyof';
    '';
  };
}