diff --git a/hosts/sql/default.nix b/hosts/sql/default.nix
index b9aed14..b1a26c4 100644
--- a/hosts/sql/default.nix
+++ b/hosts/sql/default.nix
@@ -4,12 +4,17 @@
   imports = [
     ../common.nix
     ../../services/openssh.nix
+    ../../services/postgres.nix
   ];
 
   networking = {
     hostName = "sql";
     firewall = {
-      # TODO: add postgres from internal network
+      enable = true;
+      extraInputRules = ''
+        ip saddr 195.160.173.0/24 ip daddr 195.160.173.15 tcp dport 5432 accept
+        ip6 saddr 2001:678:760:cccb::/64 ip6 daddr 2001:678:760:cccb::15 tcp dport 5432 accept
+      '';
     };
   };
 
diff --git a/services/postgres.nix b/services/postgres.nix
index 98d526d..75eb281 100644
--- a/services/postgres.nix
+++ b/services/postgres.nix
@@ -4,7 +4,7 @@
   services = {
     postgresql = {
       enable = true;
-      package = pkgs.postgresql_16;
+      package = pkgs.postgresql_18;
       enableJIT = true;
       initdbArgs = [
         "--locale=C"
@@ -13,7 +13,7 @@
     };
     postgresqlBackup = {
       enable = true;
-      startAt = "*-*-* 09:00:00";
+      startAt = "@daily";
       compression = "zstd";
     };
   };