diff --git a/Dev-Notes.md b/Dev-Notes.md
index a651c3f..1823f39 100644
--- a/Dev-Notes.md
+++ b/Dev-Notes.md
@@ -20,6 +20,26 @@ WHERE gatewayId = '8d269c95ddfe92eb';
 
 `CREATE EXTENSION postgis;` must be run on each database, not just the PostgreSQL instance.
 
+Create a read-only Postgres user, ref https://stackoverflow.com/a/762649:
+
+```
+CREATE USER qgis WITH PASSWORD 'replace_me';
+GRANT CONNECT ON DATABASE chirpstack_integration TO qgis;
+GRANT USAGE ON SCHEMA public TO qgis;
+GRANT SELECT ON qgis_friendly TO qgis;
+```
+
+Edit `/etc/postgresql/14/main/pg_hba.conf` to have:
+
+```conf
+# (custom) IPv4 internet connections:
+host    all             all             0.0.0.0/0               scram-sha-256
+```
+
+`systemctl reload postgresql`
+
+Allow PG internet access: `ufw allow postgresql` (not secure, need to add certificate, fine for testing)
+
 ## 20240116
 
 https://github.com/CrunchyData/pg_featureserv - a lightweight alternative to Geoserver for serving WFS3 (found from https://gis.stackexchange.com/a/379506)