{ lib, ... }: {
  nixos.systems.colony-psql = {
    system = "x86_64-linux";
    nixpkgs = "mine";

    assignments = {
      internal = {
        name = "colony-psql-ctr";
        domain = lib.my.colony.domain;
        ipv4.address = "${lib.my.colony.start.ctrs.v4}4";
        ipv6 = {
          iid = "::4";
          address = "${lib.my.colony.start.ctrs.v6}4";
        };
      };
    };

    configuration = { lib, pkgs, config, assignments, ... }:
    let
      inherit (lib) mkMerge mkIf;
      inherit (lib.my) networkdAssignment;
    in
    {
      config = mkMerge [
        {
          my = {
            deploy.enable = false;
            server.enable = true;

            secrets = {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkly/tnPmoX05lDjEpQOkllPqYA0PY92pOKqvx8Po02";
            };

            firewall = {
              tcp.allowed = [ 5432 ];
            };
          };

          systemd = {
            network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
          };

          services = {
            postgresql = {
              package = pkgs.postgresql_14;
              enable = true;
              enableTCPIP = true;
              ensureUsers = [
                {
                  name = "root";
                  ensurePermissions = {
                    "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
                  };
                }
              ];
            };
          };
        }
        (mkIf config.my.build.isDevVM {
          virtualisation = {
            forwardPorts = [
              { from = "host"; host.port = 55432; guest.port = 5432; }
            ];
          };
        })
      ];
    };
  };
}