services.postgresql.ensureUsers.*.ensureClauses.createdb

Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs:

A role must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEDB.

More information on postgres roles can be found here.