{ pkgs, config, ... }:
{
  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_13;
		extraPlugins = with config.services.postgresql.package.pkgs; [
			postgis
		];
    ensureDatabases = [ 
			"matrix-synapse"
			"mobilizon"
			"authentik"
		];
    ensureUsers = [
    	{
				name = "matrix-synapse";
      	ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
    	}
			{
				name = "mobilizon";
      	ensurePermissions."DATABASE mobilizon" = "ALL PRIVILEGES";
  		}
			{ 
				name = "authentik";
				ensurePermissions."DATABASE authentik" = "ALL PRIVILEGES";
			}
    ];
    initialScript = pkgs.writeText "synapse-init.sql" ''
                      CREATE ROLE matrix-synapse;
                      CREATE DATABASE matrix-synapse WITH OWNER matrix-synapse
                          TEMPLATE template0
                          LC_COLLATE = "C"
                          LC_CTYPE = "C"
                          ENCODING = "UTF8";
    '';
		settings = { password_encryption = "scram-sha-256"; };
		authentication = pkgs.lib.mkForce ''
			local all postgres peer
			local all matrix-synapse peer
			local all mobilizon scram-sha-256
			local all authentik scram-sha-256
		'';
  };

  services.postgresqlBackup = {
    enable = true;
    location = "/var/lib/postgresql/backup";
    databases = [ 
			"matrix-synapse"
			"mobilizon"
			"authentik"
		];
    startAt = "02:30";
    compression = "none";
  };
}