{flake, ...}: let
  inherit
    (flake.config.machines.devices)
    server
    ;
  inherit
    (flake.config.services.instances)
    postgresql
    ;

  service = postgresql;
in {
  services = {
    postgresqlBackup = {
      enable = true;
      location = service.paths.path0;
      databases = [
        "mastodon"
        "nextcloud"
        "peertube"
        "forgejo"
        "wiki"
      ];
    };
    postgresql = {
      enable = true;
    };
  };
  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
      ];
    };
  };

  fileSystems."/var/lib/postgresql" = {
    device = service.paths.path0;
    fsType = "none";
    options = [
      "bind"
    ];
    depends = [
      server.storage0.mount
    ];
  };

  systemd.tmpfiles.rules = [
    "Z ${service.paths.path0} 700 ${service.name} ${service.name} -"
  ];

  users.users.${service.name}.extraGroups = [
    "nextcloud"
    "mastodon"
    "forgejo"
  ];

  system.activationScripts.postgresCommands = ''
    chown -R ${service.name}:${service.name} ${service.paths.path0}
  '';
}