{ pkgs, ... }: 
{
  containers.postgres = {
    autoStart = true;
    localAddress = "127.0.0.1";
    bindMounts = {
      "/var/lib/postgresql" = {
        hostPath = "/postgres";
        isReadOnly = false;
      };
    };
    config = { config, pkgs, ... }: {

      services.postgresql = {
        enable = true;
        ensureUsers = [
          {
            name = "keycloak";
            ensurePermissions = {
              "DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
            };
          }
        ];
        ensureDatabases = [
          "keycloak"
        ];
      };

      system.stateVersion = "22.11";
    };
  };
}