diff --git a/modules/services/server/default.nix b/modules/services/server/default.nix
new file mode 100644
index 0000000..ab8bbc5
--- /dev/null
+++ b/modules/services/server/default.nix
@@ -0,0 +1,18 @@
+#
+#  Services
+#
+#  flake.nix
+#   ├─ ./hosts
+#   │   └─ home.nix
+#   └─ ./modules
+#       └─ ./services
+#           └─ default.nix *
+#               └─ ...
+#
+
+[
+  ./postgresql.nix
+]
+
+# picom, polybar and sxhkd are pulled from desktop module
+# redshift temporarely disables
diff --git a/modules/services/server/postgresql.nix b/modules/services/server/postgresql.nix
new file mode 100644
index 0000000..605dab7
--- /dev/null
+++ b/modules/services/server/postgresql.nix
@@ -0,0 +1,94 @@
+#
+# System notifications
+#
+
+{ config, lib, pkgs, ... }:
+
+{
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_14;
+    settings = {
+        max_connections = 200;
+        listen_addresses = 'localhost';
+        password_encryption = scram-sha-256;
+        shared_buffers = 512MB;
+        work_mem = 8MB;
+        autovacuum_work_mem = -1;
+        min_wal_size = 1GB;
+        max_wal_size = 4GB;
+        log_timezone = 'Europe/Berlin';
+        timezone = 'Europe/Berlin';
+        datestyle = 'iso, dmy';
+    };
+    authentication = pkgs.lib.mkOverride 14 ''
+        local all        postgres                  peer
+        host  giteadb     gitea           samehost scram-sha-256
+        host  nextclouddb nextcloud       samehost scram-sha-256
+        host  synapsedb   synapse_user    samehost scram-sha-256
+        host  whatsappdb  mautrixwa       samehost scram-sha-256
+        host  telegramdb  mautrixtele     samehost scram-sha-256
+        host  signaldb    mautrixsignal   samehost scram-sha-256
+        #host  facebookdb  mautrixfacebook samehost scram-sha-256
+        #host  xmppdb      ejabberd        samehost scram-sha-256
+        #host  prosodydb   prosody         samehost scram-sha-256
+        host  keycloakdb  keycloak        samehost scram-sha-256
+    ''
+    ensureDatabases = [
+        "giteadb"
+        "nextclouddb"
+        "synapsedb"
+        "whatsappdb"
+        "telegramdb"
+        "signaldb"
+        "keycloakdb"
+    ]
+    ensureUsers = [
+        {
+            name = "gitea";
+            ensurePermissions = {
+                "DATABASE giteadb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "nextcloud";
+            ensurePermissions = {
+                "DATABASE nextclouddb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "synapse";
+            ensurePermissions = {
+                "DATABASE synapsedb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "mautrixwa";
+            ensurePermissions = {
+                "DATABASE whatsappdb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "mautrixtele";
+            ensurePermissions = {
+                "DATABASE telegramdb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "mautrixsignal";
+            ensurePermissions = {
+                "DATABASE signaldb" = "ALL PRIVILEGES";
+            };
+        };
+        {
+            name = "keycloak";
+            ensurePermissions = {
+                "DATABASE keycloakdb" = "ALL PRIVILEGES";
+            };
+        };
+    ]
+  };
+
+  services.postgreqlBackup.enable = true;
+
+}