{ flake, ... }:
let
  inherit (flake.config.machines.devices)
    ceres
    ;
  inherit (flake.config.services)
    instances
    ;

  service = instances.postgresql;
  backupPath = "${instances.syncthing.paths.path1}/${service.name}";
in
{
  services = {
    postgresqlBackup = {
      enable = true;
      location = backupPath;
      # compression = "zstd";
      # startAt = "*-*-* 07:00:00";
      backupAll = true;
      # databases = [
      #   instances.mastodon.name
      #   instances.forgejo.name
      #   instances.firefly-iii.name
      # ];
    };
    postgresql = {
      enable = true;
    };
  };
  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
      ];
    };
  };

  fileSystems."/var/lib/postgresql" = {
    device = service.paths.path0;
    fsType = "none";
    options = [
      "bind"
    ];
    depends = [
      ceres.storage0.mount
    ];
  };

  users.users.${service.name}.extraGroups = [
    instances.nextcloud.name
    instances.mastodon.name
    instances.forgejo.name
    instances.syncthing.name
  ];

  system.activationScripts.postgresCommands = ''
    if [ ! -d "${service.paths.path0}/15" ]; then
      chown -R ${service.name}:${service.name} ${service.paths.path0}
    fi
  '';
}