Here's an example of what the accessory for Postgres could look like. It would rely on you updating the .kamal/secrets to also pass the POSTGRES_PASSWORD for the initial setup. Also, you would want to take care because in this situation, you're exposing port 5432 to the world as well. This shouldn't be an issue if you have a firewall, but you still want to take precautions. You could do something like

127.0.0.1:5432:5432

to expose it only on the localhost, but could have issues if you ever outgrow a single server setup.

# config/deploy.yml
accessories:
  postgres:
    image: postgres:17
    port: 5432:5432
    host: IP_OF_THE_SERVER
    env:
      clear:
        POSTGRES_USER: APPLICATION_NAME
        POSTGRES_DB: APPLICATION_NAME_production
      secret:
        - POSTGRES_PASSWORD
    directories:
      - data:/var/lib/postgresql/data