{
  description = "NixOS MariaDB server";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
  };

  outputs = { self, nixpkgs, ... }: {

    nixosModules.mariadb = { config, lib, pkgs, ... }:
      let
        cfg = config.mariadb;
      in
      {
        options.mariadb = {
          enable = lib.mkOption {
            type = lib.types.bool;
          };
          rootPasswordFile = lib.mkOption {
            type = lib.types.path;
            description = "Path to file containing the root password.";
          };
          nextcloudPasswordFile = lib.mkOption {
            type = lib.types.path;
            description = "Path to file containing the nextcloud user password.";
          };
        };

        config = lib.mkIf cfg.enable {
          services.mysql = {
            #enable = true;
            enable = false;
            package = pkgs.mariadb;
            #ensureDatabases = [ "nextcloud" ];
            #ensureUsers = [
            #  {
            #    name = "nextcloud";
            #    ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; };
            #  }
            # ];
          };

          # systemd script to set up users passwords
#           systemd.services.mariadb-set-nextcloud-password = {
#             description = "Set MariaDB user passwords from file";
#             after = [ "mysql.service" ];
#             requires = [ "mysql.service" ];
#             wantedBy = [ "multi-user.target" ];
#             serviceConfig = {
#               Type = "oneshot";
#               RemainAfterExit = true;
#             };
#             script = ''
#               set -euo pipefail
#               echo "Setting nextcloud user password..."
#               PASSWORD=$(cat "${cfg.nextcloudPasswordFile}")
#               ${pkgs.mariadb}/bin/mysql -u root -p"$(cat ${cfg.rootPasswordFile})" -e "ALTER USER 'nextcloud'@'localhost' IDENTIFIED BY '$PASSWORD';"
#               echo "Nextcloud user password set."
#             '';
#           };
        };
      };
  };
}