{ pkgs, ... }:
let
  postgresql = pkgs.postgresql.overrideAttrs (oldAttrs: {
    patches = oldAttrs.patches or [ ] ++ [ ./allow-root.patch ];
  });

  entrypoint = pkgs.writeTextFile {
    name = "entrypoint";
    executable = true;
    destination = "/bin/entrypoint";
    text = builtins.readFile ./entrypoint.sh;
  };
in
pkgs.dockerTools.buildImage {
  name = "postgresql";
  fromImage = import ../base { inherit pkgs; };

  copyToRoot = pkgs.buildEnv {
    name = "root";
    paths = [
      entrypoint
      postgresql
    ];
    pathsToLink = [
      "/bin"
      "/lib"
      "/share"
    ];
  };

  runAsRoot = ''
    ${pkgs.dockerTools.shadowSetup}
    mkdir -p /etc/postgresql /run/postgresql
    cp ${postgresql}/share/postgresql/postgresql.conf.sample /etc/postgresql/postgresql.conf
    ${pkgs.gnused}/bin/sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /etc/postgresql/postgresql.conf
  '';

  config = {
    Entrypoint = [ "entrypoint" ];
    WorkingDir = "/var/lib/postgresql";
    ExposedPorts = {
      "5432/tcp" = { };
    };
    Volumes = {
      "/var/lib/postgresql/data" = { };
    };
  };
}