{ pkgs, ... }:
{
  imports = [
    ./disk-config.nix
    {
      _module.args.disks = [ "/dev/sda" ];
    }

    ../common/servers
  ];

  time.timeZone = "Europe/Berlin";

  networking.hostName = "db-01";
  networking.nameservers = [ "8.8.8.8" ];

  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    authentication = pkgs.lib.mkOverride 10 ''
      #type database dbuser origin-address auth-method
      local all all trust
      host all all 100.64.0.0/24 trust # trust tailnet
    '';
    ensureDatabases = [
      "authelia"
      "forgejo"
      "lldap"
    ];
    ensureUsers = [
      {
        name = "authelia";
        ensureDBOwnership = true;
      }
      {
        name = "forgejo";
        ensureDBOwnership = true;
      }
      {
        name = "lldap";
        ensureDBOwnership = true;
      }
    ];
  };

  services.postgresqlBackup = {
    enable = true;
    startAt = "*-*-* 02:00:00";
    databases = [
      "authelia"
      "forgejo"
      "lldap"
    ];
  };

  system.stateVersion = "25.05";
}