nixos/modules/services/mariadb-for-containers/default.nix

{ config, lib, pkgs, ... }:
let cfg = config.services.az-mariadb-for-containers;
in {
  options = {
    services.az-mariadb-for-containers.enable =
      lib.mkEnableOption "Enable MariaDB configured for container clients.";
  };

  config = lib.mkIf cfg.enable {
    services.mysql = {
      enable = true;
      package = pkgs.mariadb_110;
      settings = { mysqld = { bind-address = "172.17.0.1"; }; };
    };
    networking.firewall.extraCommands =
      "iptables -A INPUT -p tcp --destination-port 3306 -s 172.16.0.0/12 -j ACCEPT";
  };
}