diff --git a/etc/mysql/conf.d/mysql.cnf b/etc/mysql/conf.d/mysql.cnf
new file mode 100644
index 0000000..22b052d
--- /dev/null
+++ b/etc/mysql/conf.d/mysql.cnf
@@ -0,0 +1 @@
+[mysql]
diff --git a/etc/mysql/conf.d/mysqldump.cnf b/etc/mysql/conf.d/mysqldump.cnf
new file mode 100644
index 0000000..38310a9
--- /dev/null
+++ b/etc/mysql/conf.d/mysqldump.cnf
@@ -0,0 +1,4 @@
+[mysqldump]
+quick
+quote-names
+max_allowed_packet	= 16M
diff --git a/etc/mysql/debian-start b/etc/mysql/debian-start
new file mode 100644
index 0000000..46cfe1b
--- /dev/null
+++ b/etc/mysql/debian-start
@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# This script is executed by both SysV init /etc/init.d/mariadb and
+# systemd mariadb.service on every (re)start.
+#
+# Changes to this file will be preserved when updating the Debian package.
+#
+
+# shellcheck source=debian/additions/debian-start.inc.sh
+source /usr/share/mariadb/debian-start.inc.sh
+
+# Read default/mysql first and then default/mariadb just like the init.d file does
+if [ -f /etc/default/mysql ]
+then
+  # shellcheck source=/dev/null
+  . /etc/default/mysql
+fi
+
+if [ -f /etc/default/mariadb ]
+then
+  # shellcheck source=/dev/null
+  . /etc/default/mariadb
+fi
+
+MARIADB="/usr/bin/mariadb --defaults-extra-file=/etc/mysql/debian.cnf"
+MYADMIN="/usr/bin/mariadb-admin --defaults-extra-file=/etc/mysql/debian.cnf"
+# Don't run full mariadb-upgrade on every server restart, use --version-check to do it only once
+MYUPGRADE="/usr/bin/mariadb-upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check --silent"
+MYCHECK_SUBJECT="WARNING: mariadb-check has found corrupt tables"
+MYCHECK_RCPT="${MYCHECK_RCPT:-root}"
+
+## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables.
+
+# The following commands should be run when the server is up but in background
+# where they do not block the server start and in one shell instance so that
+# they run sequentially. They are supposed not to echo anything to stdout.
+# If you want to disable the check for crashed tables comment
+# "check_for_crashed_tables" out.
+# (There may be no output to stdout inside the background process!)
+
+# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade
+# process in the middle.
+trap "" SIGHUP
+(
+  upgrade_system_tables_if_necessary;
+  check_root_accounts;
+  check_for_crashed_tables;
+) >&2 &
+
+exit 0
diff --git a/etc/mysql/debian.cnf b/etc/mysql/debian.cnf
new file mode 100644
index 0000000..951f87e
--- /dev/null
+++ b/etc/mysql/debian.cnf
@@ -0,0 +1,14 @@
+# THIS FILE IS OBSOLETE. STOP USING IT IF POSSIBLE.
+# This file exists only for backwards compatibility for
+# tools that run '--defaults-file=/etc/mysql/debian.cnf'
+# and have root level access to the local filesystem.
+# With those permissions one can run 'mariadb' directly
+# anyway thanks to unix socket authentication and hence
+# this file is useless. See package README for more info.
+[client]
+host     = localhost
+user     = root
+[mysql_upgrade]
+host     = localhost
+user     = root
+# THIS FILE WILL BE REMOVED IN A FUTURE DEBIAN RELEASE.
diff --git a/etc/mysql/mariadb.cnf b/etc/mysql/mariadb.cnf
new file mode 100644
index 0000000..62b4ea8
--- /dev/null
+++ b/etc/mysql/mariadb.cnf
@@ -0,0 +1,29 @@
+# The MariaDB configuration file
+#
+# The MariaDB/MySQL tools read configuration files in the following order:
+# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
+# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
+# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
+# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
+# 4. "~/.my.cnf" to set user-specific options.
+#
+# If the same option is defined multiple times, the last one will apply.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/
+
+#
+# This group is read both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+# Port or socket location where to connect
+# port = 3306
+socket = /run/mysqld/mysqld.sock
+
+# Import all .cnf files from configuration directory
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/
diff --git a/etc/mysql/mariadb.conf.d/50-client.cnf b/etc/mysql/mariadb.conf.d/50-client.cnf
new file mode 100644
index 0000000..1fd4685
--- /dev/null
+++ b/etc/mysql/mariadb.conf.d/50-client.cnf
@@ -0,0 +1,19 @@
+#
+# This group is read by the client library
+# Use it for options that affect all clients, but not the server
+#
+
+[client]
+# Example of client certificate usage
+#ssl-cert = /etc/mysql/client-cert.pem
+#ssl-key  = /etc/mysql/client-key.pem
+#
+# Allow only TLS encrypted connections
+#ssl-verify-server-cert = on
+
+# This group is *never* read by mysql client library, though this
+# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
+# client anyway.
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]
diff --git a/etc/mysql/mariadb.conf.d/50-mariadb-clients.cnf b/etc/mysql/mariadb.conf.d/50-mariadb-clients.cnf
new file mode 100644
index 0000000..3c4fad8
--- /dev/null
+++ b/etc/mysql/mariadb.conf.d/50-mariadb-clients.cnf
@@ -0,0 +1,22 @@
+#
+# These groups are read by MariaDB command-line tools
+# Use it for options that affect only one utility
+#
+
+[mariadb-client]
+
+[mariadb-upgrade]
+
+[mariadb-admin]
+
+[mariadb-binlog]
+
+[mariadb-check]
+
+[mariadb-dump]
+
+[mariadb-import]
+
+[mariadb-show]
+
+[mariadb-slap]
diff --git a/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf b/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf
new file mode 100644
index 0000000..e24f96a
--- /dev/null
+++ b/etc/mysql/mariadb.conf.d/50-mysqld_safe.cnf
@@ -0,0 +1,28 @@
+# NOTE: THIS FILE IS READ ONLY BY THE TRADITIONAL SYSV INIT SCRIPT, NOT SYSTEMD.
+# MARIADB SYSTEMD DOES _NOT_ UTILIZE MYSQLD_SAFE NOR READ THIS FILE.
+#
+# For similar behavior, systemd users should create the following file:
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+#
+# To achieve the same result as the default 50-mysqld_safe.cnf, please create
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+# with the following contents:
+#
+# [Service]
+# User = mysql
+# StandardOutput = syslog
+# StandardError = syslog
+# SyslogFacility = daemon
+# SyslogLevel = err
+# SyslogIdentifier = mysqld
+#
+# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/
+
+[mysqld_safe]
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# especially if they contain "#" chars...
+
+nice = 0
+skip_log_error
+syslog
diff --git a/etc/mysql/mariadb.conf.d/50-server.cnf b/etc/mysql/mariadb.conf.d/50-server.cnf
new file mode 100644
index 0000000..3258b0e
--- /dev/null
+++ b/etc/mysql/mariadb.conf.d/50-server.cnf
@@ -0,0 +1,117 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mariadbd daemon
+[mariadbd]
+
+#
+# * Basic Settings
+#
+
+#user                    = mysql
+pid-file                = /run/mysqld/mysqld.pid
+basedir                 = /usr
+#datadir                 = /var/lib/mysql
+#tmpdir                  = /tmp
+
+# Broken reverse DNS slows down connections considerably and name resolve is
+# safe to skip if there are no "host by domain name" access grants
+#skip-name-resolve
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 127.0.0.1
+
+#
+# * Fine Tuning
+#
+
+#key_buffer_size        = 128M
+#max_allowed_packet     = 1G
+#thread_stack           = 192K
+#thread_cache_size      = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+#myisam_recover_options = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+
+#
+# * Logging and Replication
+#
+
+# Note: The configured log file or its directory need to be created
+# and be writable by the mysql user, e.g.:
+# $ sudo mkdir -m 2750 /var/log/mysql
+# $ sudo chown mysql /var/log/mysql
+
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# Recommend only changing this at runtime for short testing periods if needed!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+
+# When running under systemd, error logging goes via stdout/stderr to journald
+# and when running legacy init error logging goes to syslog due to
+# /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf
+# Enable this if you want to have error logging into a separate file
+#log_error = /var/log/mysql/error.log
+# Enable the slow query log to see queries with especially long duration
+#log_slow_query_file    = /var/log/mysql/mariadb-slow.log
+#log_slow_query_time    = 10
+#log_slow_verbosity     = query_plan,explain
+#log-queries-not-using-indexes
+#log_slow_min_examined_row_limit = 1000
+
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replica, see README.Debian about other
+#       settings you may need to change.
+#server-id              = 1
+#log_bin                = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+#max_binlog_size        = 100M
+
+#
+# * SSL/TLS
+#
+
+# For documentation, please read
+# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#require-secure-transport = on
+
+#
+# * Character sets
+#
+
+# MariaDB default is now utf8 4-byte character set.
+# No Debian specific default is required.
+
+#
+# * InnoDB
+#
+
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# Most important is to give InnoDB 80 % of the system RAM for buffer use:
+# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
+#innodb_buffer_pool_size = 8G
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadbd]
+
+# This group is only read by MariaDB-11.8 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-11.8]
diff --git a/etc/mysql/mariadb.conf.d/60-galera.cnf b/etc/mysql/mariadb.conf.d/60-galera.cnf
new file mode 100644
index 0000000..67ccb3e
--- /dev/null
+++ b/etc/mysql/mariadb.conf.d/60-galera.cnf
@@ -0,0 +1,21 @@
+#
+# * Galera-related settings
+#
+# See the examples of server wsrep.cnf files in /usr/share/mariadb
+# and read more at https://mariadb.com/kb/en/galera-cluster/
+
+[galera]
+# Mandatory settings
+#wsrep_on                 = ON
+#wsrep_cluster_name       = "MariaDB Galera Cluster"
+#wsrep_cluster_address    = gcomm://
+#binlog_format            = row
+#default_storage_engine   = InnoDB
+#innodb_autoinc_lock_mode = 2
+
+# Allow server to accept connections on all interfaces.
+#bind-address = 0.0.0.0
+
+# Optional settings
+#wsrep_slave_threads = 1
+#innodb_flush_log_at_trx_commit = 0
diff --git a/etc/mysql/my.cnf b/etc/mysql/my.cnf
new file mode 100644
index 0000000..62b4ea8
--- /dev/null
+++ b/etc/mysql/my.cnf
@@ -0,0 +1,29 @@
+# The MariaDB configuration file
+#
+# The MariaDB/MySQL tools read configuration files in the following order:
+# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
+# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
+# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
+# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
+# 4. "~/.my.cnf" to set user-specific options.
+#
+# If the same option is defined multiple times, the last one will apply.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/
+
+#
+# This group is read both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+# Port or socket location where to connect
+# port = 3306
+socket = /run/mysqld/mysqld.sock
+
+# Import all .cnf files from configuration directory
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/
diff --git a/etc/mysql/my.cnf.fallback b/etc/mysql/my.cnf.fallback
new file mode 100644
index 0000000..92747d8
--- /dev/null
+++ b/etc/mysql/my.cnf.fallback
@@ -0,0 +1,23 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+!includedir /etc/mysql/conf.d/
diff --git a/etc/mysql/mysqld_exporter.cnf b/etc/mysql/mysqld_exporter.cnf
new file mode 100644
index 0000000..e91b480
--- /dev/null
+++ b/etc/mysql/mysqld_exporter.cnf
@@ -0,0 +1,3 @@
+[client]
+user=mysqld_exporter
+password=SmRWXfdAPnuckePy1Bb2