{
  self,
  hostPath,
  ...
}: let
  wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
  wireguardHosts = wireguardData.hosts;

  localContainersAddresses = import "${hostPath}/data/containerAddresses.nix";
in {
  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    ensureDatabases = [
      "piped"
      "gotosocial"
      "quassel"
    ];
    ensureUsers = [
      {
        name = "piped";
        ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
      }
      {
        name = "gotosocial";
        ensurePermissions."DATABASE gotosocial" = "ALL PRIVILEGES";
      }
      {
        name = "quassel";
        ensurePermissions."DATABASE quassel" = "ALL PRIVILEGES";
      }
    ];
    # If the host is a local container then use the container's IP
    # otherwise use the host's IP
    authentication = ''
      host piped piped ${localContainersAddresses.containers."piped-fi"}/32 trust
      host piped piped ${wireguardHosts."raspberry".ip}/32 trust

      host gotosocial gotosocial ${localContainersAddresses.containers."social"}/32 trust
      host quassel quassel ${localContainersAddresses.containers."quassel"}/32 trust
    '';
  };
}