diff --git a/nix/manifest.nix b/nix/manifest.nix
index 3f4af3e..fd98d46 100644
--- a/nix/manifest.nix
+++ b/nix/manifest.nix
@@ -30,6 +30,13 @@
           platform = "intel";
           root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
         };
+        extraCfg.server = {
+          databases = {
+            mongodb.enable = true;
+            mysql.enable = true;
+            postgresql.enable = true;
+          };
+        };
       };
     };
   };
diff --git a/nix/modules/server/databases.nix b/nix/modules/server/databases.nix
new file mode 100644
index 0000000..2827b9d
--- /dev/null
+++ b/nix/modules/server/databases.nix
@@ -0,0 +1,90 @@
+{ lib, config, ... }:
+let
+  inherit (builtins) toString;
+  inherit (lib.modules) mkIf mkMerge mkOverride;
+  inherit (lib.lists) singleton;
+  inherit (lib.options) mkEnableOption;
+  inherit (config.flake.lib.options) mkPortOption;
+in
+{
+  allowedUnfreePackages = [ "mongodb" ];
+  flake.modules.nixos.default =
+    { config, pkgs, ... }:
+    let
+      cfg = config.server.databases;
+    in
+    {
+      options.server.databases = {
+        mongodb = {
+          enable = mkEnableOption "the MongoDB server";
+          port = mkPortOption 27017;
+        };
+        mysql = {
+          enable = mkEnableOption "the MySQL server";
+          port = mkPortOption 3306;
+        };
+        postgresql = {
+          enable = mkEnableOption "the postgresql server";
+          port = mkPortOption 5432;
+        };
+      };
+
+      config = mkMerge [
+        (mkIf cfg.postgresql.enable {
+          networking.firewall.allowedTCPPorts = singleton cfg.postgresql.port;
+          persistDirs = singleton {
+            directory = toString config.services.postgresql.dataDir;
+            user = "postgres";
+            group = "postgres";
+          };
+          services.postgresql = {
+            enable = true;
+            enableTCPIP = true;
+            settings = { inherit (cfg.postgresql) port; };
+            authentication = mkOverride 10 ''
+              #type database DBuser auth-method
+              local all all trust
+
+              # ipv4
+              host all all 0.0.0.0/0 trust
+            '';
+            ensureDatabases = singleton "alphastory";
+            ensureUsers = singleton {
+              name = "alphastory";
+              ensureDBOwnership = true;
+            };
+          };
+        })
+        (mkIf cfg.mongodb.enable {
+          networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ];
+          persistDirs = singleton {
+            directory = toString config.services.mongodb.dbpath;
+            user = "mongodb";
+            group = "mongodb";
+          };
+          services.mongodb = {
+            enable = true;
+            bind_ip = "0.0.0.0";
+            extraConfig = ''
+              net.port: ${toString cfg.mongodb.port}
+            '';
+          };
+        })
+        (mkIf cfg.mysql.enable {
+          networking.firewall.allowedTCPPorts = [ cfg.mysql.port ];
+          persistDirs = singleton {
+            directory = toString config.services.mysql.dataDir;
+            user = "mysql";
+            group = "mysql";
+          };
+          services.mysql = {
+            enable = true;
+            package = pkgs.mariadb;
+            settings.mysqld = {
+              inherit (cfg.mysql) port;
+            };
+          };
+        })
+      ];
+    };
+}