{
  config,
  pkgs,
  lib,
  ...
}: let
  cfg = config.services.did-method-plc;
in
  with lib; {
    options.services.did-method-plc = {
      enable = mkEnableOption "did-method-plc server";
      package = mkPackageOption pkgs "did-method-plc" {};
    };
    config = mkIf cfg.enable {
      services.postgresql = {
        enable = true;
        package = pkgs.postgresql_14;
        ensureDatabases = ["plc"];
        ensureUsers = [
          {
            name = "pg";
            # ensurePermissions."DATABASE plc" = "ALL PRIVILEGES";
          }
        ];
        authentication = ''
          local all all trust
          host  all all 127.0.0.1/32 trust
        '';
      };
      systemd.services.did-method-plc = {
        description = "did-method-plc";

        after = ["postgresql.service"];
        wants = ["postgresql.service"];
        wantedBy = ["multi-user.target"];

        environment = let
          db_creds_json = builtins.toJSON {
            username = "pg";
            password = "";
            host = "127.0.0.1";
            port = 5432;
          };
        in {
          # TODO: inherit from config
          DEBUG_MODE = "1";
          LOG_ENABLED = "true";
          LOG_LEVEL = "debug";
          LOG_DESTINATION = "1";
          ENABLE_MIGRATIONS = "true";
          DB_CREDS_JSON = db_creds_json;
          DB_MIGRATE_CREDS_JSON = db_creds_json;
          PLC_VERSION = "0.0.1";
          PORT = "8080";
        };

        serviceConfig = {
          ExecStart = getExe cfg.package;
          User = "plc";
          Group = "plc";
          StateDirectory = "plc";
          StateDirectoryMode = "0755";
          Restart = "always";

          # Hardening
        };
      };
      users = {
        users.plc = {
          group = "plc";
          isSystemUser = true;
        };
        groups.plc = {};
      };
    };
  }