diff --git a/hosts/common/optional/nixos-containers/postgres.nix b/hosts/common/optional/nixos-containers/postgres.nix
index c63a2f7..ce80819 100644
--- a/hosts/common/optional/nixos-containers/postgres.nix
+++ b/hosts/common/optional/nixos-containers/postgres.nix
@@ -10,6 +10,7 @@
   pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
   containerName = "postgres";
   containerIp = configVars.networking.addresses.postgres.ip;
+  subnetIp = configVars.networking.addresses.subnet.ip;
   gatewayIp = configVars.networking.addresses.gateway.ip;
 in {
   sops.secrets = {
@@ -73,6 +74,7 @@ in {
         enableJIT = true;
         package = pkgs.postgresql_16;
         extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
+        enableTCPIP = true;
         settings = {
           max_worker_processes = "12";
           max_parallel_workers = "8";
@@ -84,8 +86,11 @@ in {
           maintenance_work_mem = "64MB";
         };
         authentication = pkgs.lib.mkOverride 10 ''
-          #type database  DBuser  auth-method
-          local all       all     trust
+          #type database DBuser origin-address auth-method
+          local   all             postgres                                peer
+          host    all             all             ${subnetIp}/24         scram-sha-256
+          local   replication     all                                    peer
+          host    replication     all             127.0.0.1/32           scram-sha-256
         '';
       };