{
  config,
  lib,
  ...
}:
let
  cfg = config.machine.mysql;
in
with lib;
mkIf cfg.enable {
  networking.firewall = {
    allowedTCPPorts = [ cfg.port ];
  };
}