diff --git a/pillar/secrets/mariadb.sls.sample b/pillar/secrets/mariadb.sls.sample
new file mode 100644
index 0000000..e0bc659
--- /dev/null
+++ b/pillar/secrets/mariadb.sls.sample
@@ -0,0 +1,2 @@
+mariadb:
+  root_pw: 'password'
diff --git a/pillar/top.sls b/pillar/top.sls
index 0983aae..4c8c277 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,6 +1,7 @@
 base:
   'hedwig.lunch.org.uk':
     - secrets/certificates
+    - secrets/mariadb
   'scabbers.lunch.org.uk':
     - secrets/dnsapi
     - secrets/gitea
diff --git a/states/mariadb/init.sls b/states/mariadb/init.sls
new file mode 100644
index 0000000..77b51f0
--- /dev/null
+++ b/states/mariadb/init.sls
@@ -0,0 +1,41 @@
+debconf-utils:
+  pkg.installed
+
+mariadb_setup:
+  debconf.set:
+    - name: mysql-server
+    - data:
+        'mysql-server/root_password': {'type': 'password', 'value': '{{ salt['pillar.get']('mariadb:root_pw', '') }}' }
+        'mysql-server/root_password_again': {'type': 'password', 'value': '{{ salt['pillar.get']('mariadb:root_pw', '') }}' }
+    - require:
+      - pkg: debconf-utils
+
+python3-mysqldb:
+  pkg.installed
+
+mariadb-server:
+  pkg.installed:
+    - require:
+      - debconf: mysql-server
+      - pkg: python3-mysqldb
+
+mariadb:
+  service.running:
+    - watch:
+      - pkg: mariadb-server
+
+/etc/salt/minion.d/mariadb.conf:
+  file.managed:
+    - source: salt://mariadb/minion_mariadb.conf
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 600
+    - require:
+      - service: mariadb
+
+restart_minion_for_mariadb:
+  service.running:
+    - name: salt-minion
+    - watch:
+      - file: /etc/salt/minion.d/mariadb.conf
diff --git a/states/mariadb/minion_mariadb.conf b/states/mariadb/minion_mariadb.conf
new file mode 100644
index 0000000..2aa84a9
--- /dev/null
+++ b/states/mariadb/minion_mariadb.conf
@@ -0,0 +1,6 @@
+mysql.host: 'localhost'
+mysql.user: 'root'
+mysql.pass: '{{ pillar['mariadb']['root_pw'] }}'
+mysql.db: 'mysql'
+mysql.unix_socket: '/run/mysqld/mysqld.sock'
+mysql.charset: 'utf8'
diff --git a/states/top.sls b/states/top.sls
index adc542e..bc2455b 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -5,6 +5,7 @@ base:
   'hedwig.lunch.org.uk':
     - debian
     - apache
+    - mariadb
     - backup
     - backup/hedwig
     - certificates/client