diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix
new file mode 100644
index 00000000..31f8f15a
--- /dev/null
+++ b/services/postgresql/default.nix
@@ -0,0 +1,30 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  imports = [
+    ./pgbouncer.nix
+  ];
+  services.postgresql = {
+    enable = true;
+    enableJIT = true;
+    enableTCPIP = true;
+    package = pkgs.postgresql_17_jit;
+    authentication = lib.mkForce ''
+      local all all           trust
+      host  all all 127.0.0.1 scram-sha-256
+    '';
+  };
+  services.postgresqlBackup = {
+    compression = "zstd";
+    compressionLevel = 19;
+    enable = true;
+  };
+  environment.persistence."/persistent".directories = [
+    "${config.postgresql.dataDir}"
+    "${config.postgresqlLocation.location}"
+  ];
+}
diff --git a/services/postgresql/pgbouncer.nix b/services/postgresql/pgbouncer.nix
new file mode 100644
index 00000000..9e20cb68
--- /dev/null
+++ b/services/postgresql/pgbouncer.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  services.pgbouncer = {
+    enable = true;
+    settings = {
+      pgbouncer = {
+        listen_addr = "localhost";
+        auth_type = "scram-sha-256";
+        auth_file = config.sops.secrets."services/pgbouncer/settings/pgbouncer/auth".path;
+      };
+    };
+  };
+  sops.secrets."services/pgbouncer/settings/pgbouncer/auth".sopsFile = ./${config.networking.hostName}.yaml;
+}