{ pkgs, lib, ... }: {
  name = "mariadb";
  config = {
    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
      settings = {
        mysqld = {
          port = 3306;
        };
        mysqldump = {
          quick = true;
        };
      };
      ensureDatabases = [ "gitea" ];
      initialScript = pkgs.writeScript "init.sql" ''
        CREATE USER 'gitea'@'%' IDENTIFIED BY '${pkgs.lib.removeSuffix "\n" 
          (builtins.readFile ../secrets/gitea_mariadb_pass)}';
        GRANT ALL ON gitea.* to 'gitea'@'%' WITH GRANT OPTION;
      '';
      ensureUsers = [
      {
        name = "root";
        ensurePermissions = {
          "*.*" = "ALL PRIVILEGES";
        };
      }
      {
        name = "mysqldump";
        ensurePermissions = {
          "*.*" = "SELECT, LOCK TABLES";
        };
      }
      ];
    };
    services.mysqlBackup = {
      enable = true;
      singleTransaction = true;
    };
  };
  ports = {
    tcp = [ 3306 ];
    udp = [];
    http = null;
    forward = [];
  };
  hosts = [ ];
  volumes = [
  {
    name = "mariadb-storage";
    mountPoint = "/var/lib/mysql";
  }
  {
    name = "mariadb-backup";
    mountPoint = "/var/backup/mysql";
  }
  ];
}