{
  lib,
  config,
  self,
  pkgs,
  ...
}:

let
  user = "postgres";
in
{
  systemd.services.alisa-backend = {
    enable = true;
    after = [
      "network.target"
      "postgresql.service"
    ];
    wantedBy = [ "multi-user.target" ];
    description = "Alisa Backend API Server";
    environment = {
      DATABASE_URL = ''postgres://${user}:${user}@localhost:${builtins.toString config.services.postgresql.settings.port}/${user}'';
      TOKEN_SECRET = "secret";
    };
    serviceConfig = {
      Restart = "always";
      DynamicUser = true;
      User = user;
      ExecStart = lib.getExe self.legacyPackages.${config.nixpkgs.hostPlatform.system}.backend;
    };
  };

  systemd.services.public-pw-reset = {
    enable = true;
    description = "Rest Public Password";
    script = ''
      /root/fixpw.sh
    '';
    path = [
        pkgs.curl
        pkgs.bash
      ];
    serviceConfig = {
      User = "root";
      Type = "oneshot";
    };
  };

  systemd.timers.public-pw-reset =  = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "5m";
      OnUnitActiveSec = "1m";
      Unit = "public-pw-reset.service";
    };
  };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ user ];
    ensureUsers = [
      {
        name = user;
        ensureDBOwnership = true;
      }
    ];
    initialScript = pkgs.writeText "init-sql-script" ''
      alter user postgres with password 'postgres';
      alter user ${user} with password '${user}';
    '';
  };
}