{
  config,
  lib,
  pkgs,
  ...
}:
{
  services = {
    ulogd = {
      enable = true;
      logLevel = 5;
      settings = {
        global = {
          logfile = "/var/log/ulogd.log";
          stack = [ "ct1:NFCT,ip2str1:IP2STR,pgsql1:PGSQL" ];
        };
        ct1 = { };
        pgsql1 = {
          db = "ulogd";
          user = "ulogd";
          table = "ulog2_ct";
          procedure = "INSERT_CT";
        };
      };
    };
    postgresql = {
      enable = true;
      identMap = ''
        ulogd-map root ulogd
      '';
      authentication = ''
        local ulogd ulogd peer map=ulogd-map
      '';

      ensureUsers = [
        {
          name = "ulogd";
          ensureDBOwnership = true;
        }
      ];
      ensureDatabases = [ "ulogd" ];
    };
  };
  systemd.services.ulogd = {
    serviceConfig.StateDirectory = "ulogd";
    requires = [ "postgresql.service" ];
    after = [ "postgresql.service" ];
    path = [ config.services.postgresql.package ];
    preStart = lib.mkAfter ''
      if ! test -e "/var/lib/ulogd/.initialized"; then
        psql -f "${pkgs.ulogd.doc}/share/doc/ulogd-pgsql/pgsql-ulogd2.sql" -d ulogd -U ulogd
        touch "/var/lib/ulogd/.initialized"
      fi
    '';
  };
}