diff --git a/flake.lock b/flake.lock
index 54d8883..09fe3d7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -69,11 +69,11 @@
     },
     "process-compose-flake": {
       "locked": {
-        "lastModified": 1687298948,
-        "narHash": "sha256-7Lu4/odCkkwrzR8Mo+3D+URv4oLap8WWLESzi/75eb0=",
+        "lastModified": 1695992918,
+        "narHash": "sha256-5tHNbk0ldLUjAqKRZog/3asiVvkD51VGK9TvwzUBs38=",
         "owner": "Platonic-Systems",
         "repo": "process-compose-flake",
-        "rev": "5bdb90b85642901cf9a5dccfe8c907091c261604",
+        "rev": "1ebecb83f15736f5d4ae3feb01a8391977dd71da",
         "type": "github"
       },
       "original": {
@@ -93,11 +93,11 @@
     },
     "services-flake": {
       "locked": {
-        "lastModified": 1687385027,
-        "narHash": "sha256-xah/ZMc4tG38aYF1HFSPGOTgpQBgrP+1uuhymTUZy9U=",
+        "lastModified": 1696703188,
+        "narHash": "sha256-nX6n4/BNeTzVaPMhEKeKHociyAJh9vo4F2W5UoY/ffM=",
         "owner": "juspay",
         "repo": "services-flake",
-        "rev": "46a4ca9869808650efe88e04dd10e4ec53c30009",
+        "rev": "c56d39116cbe835229e26171c8405cd311be067f",
         "type": "github"
       },
       "original": {
diff --git a/process-compose.nix b/process-compose.nix
index bd9a280..5e3c7fc 100644
--- a/process-compose.nix
+++ b/process-compose.nix
@@ -3,7 +3,7 @@ let
   srvname = "passetto";
   dbName = "passetto";
   userName = "passetto";
-  pgcfg = config.services.postgres;
+  pgcfg = config.services.postgres."${srvname}-db";
 in
 {
   options = {
@@ -27,15 +27,19 @@ in
       cfg = config.services.passetto;
     in
     lib.mkIf cfg.enable {
-      services.postgres = {
+      services.postgres."${srvname}-db" = {
         enable = true;
-        name = "${srvname}-db";
         listen_addresses = "127.0.0.1";
-        # TODO: Configure these (matching docker image behaviour)
-        # POSTGRES_HOST_AUTH_METHOD = "scram-sha-256";
-        # POSTGRES_INITDB_ARGS = "--auth=scram-sha-256";
-        # initdbArgs = ["--auth=scram-sha-256"];
-        initialScript = ''
+        hbaConf = [
+          # Equivalent to `POSTGRES_INITDB_ARGS = "--auth=scram-sha-256";`, sets the auth for all users
+          # connecting through unix sockets.
+          { type = "local"; database = "all"; user = "all"; address = ""; method = "scram-sha-256"; }
+          # Equivalent to `POSTGRES_HOST_AUTH_METHOD = "scram-sha-256";`, sets the auth for all users
+          # connecting through loopback ipv4/v6
+          { type = "host"; database = "all"; user = "all"; address = "127.0.0.1/32"; method = "scram-sha-256"; }
+          { type = "host"; database = "all"; user = "all"; address = "::1/128"; method = "scram-sha-256"; }
+        ];
+        initialScript.before = ''
           CREATE ROLE ${userName} SUPERUSER;
           ALTER ROLE ${userName} WITH LOGIN;
         '';