roles/dbserver-postgresql: initial working prod implementation

roles/dbserver-postgresql.nix

@@ -1,6 +1,6 @@
 # Module: roles/dbserver-postgresql
 # Enables a database server running PostgreSQL
-{ config, lib, pkgs, ...}:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
@@ -36,6 +36,21 @@ in {
     services.postgresql = {
       enable = true;
       package = cfg.dbPackage;
+
+      settings = {
+        ssl = "off";
+        listen_addresses = mkForce "0.0.0.0";
+      };
+
+      authentication = pkgs.lib.mkOverride 10 ''
+        local   replication     all     trust
+        local   all     all     peer
+        local   all     all     scram-sha-256
+        host    all     all     all     scram-sha-256
+      '';
+
     };
+
+    networking.firewall.allowedTCPPorts = [ 5432 ];
   };
 }