diff --git a/conf/type/__mysql_server/files/my.cnf b/conf/type/__mysql_server/files/my.cnf
new file mode 100644
index 00000000..bd651c46
--- /dev/null
+++ b/conf/type/__mysql_server/files/my.cnf
@@ -0,0 +1 @@
+[client]
diff --git a/conf/type/__mysql_server/gencode-remote b/conf/type/__mysql_server/gencode-remote
new file mode 100755
index 00000000..4c160671
--- /dev/null
+++ b/conf/type/__mysql_server/gencode-remote
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+if [ -f "$__object/parameter/no_my_cnf" ]; then
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
+else
+   no_my_cnf="false"
+fi
+
+if [ -f "$__object/parameter/password" ]; then
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi
+
+
+if [ "$rootpassword" != "" ]; then
+   # to the database without requiring a passwort input
+   # set root password
+   echo "mysqladmin -u root password $rootpassword"
+
+   # if we don't want to overwrite the .my.cnf, then take a backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf /root/.my.cnf.cdist.bkp
+   fi
+   
+   # store the root password in /root/.my.cnf so that processes can connect
+   cat <<-EOFF
+   cat <<-EOF > /root/.my.cnf
+      [client]
+      password=$rootpassword
+EOF
+EOFF
+
+
+
+   # remove anonymous users
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.user WHERE User='';
+EOF
+EOFF
+   
+   # remove remote-access for root
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
+EOF
+EOFF
+   
+   # remove test database
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DROP DATABASE IF EXISTS test;
+EOF
+EOFF
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'
+EOF
+EOFF
+   
+   # flush privileges
+   cat <<-EOFF
+   mysql -u root <<-EOF
+   	FLUSH PRIVILEGES;
+EOF
+EOFF
+
+   # if we don't want to overwrite the .my.cnf, then restore the backup now
+   if [ "$no_my_cnf" == "true" ]; then
+      mv /root/.my.cnf.cdist.bkp /root/.my.cnf 
+   fi
+
+fi
diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text
new file mode 100644
index 00000000..f8573051
--- /dev/null
+++ b/conf/type/__mysql_server/man.text
@@ -0,0 +1,60 @@
+cdist-type__mysql_server(7)
+===========================
+Benedikt Koeppel <code@benediktkoeppel.ch>
+
+
+NAME
+----
+cdist-type__mysql_server - Manage a MySQL server
+
+
+DESCRIPTION
+-----------
+This cdist type allows you to install a MySQL database server. The
+__mysql_server type also takes care of a few basic security tweaks that are 
+normally done by running the mysql_secure_installation script that is provided
+with MySQL.
+
+
+REQUIRED PARAMETERS
+-------------------
+password::
+   The root password to set.
+
+
+OPTIONAL PARAMETERS
+-------------------
+no_my_cnf::
+   The /root/.my.cnf file is used to temporary store the root password when doing
+   the mysql_secure_installation. If you want to have your own .my.cnf file, then
+   specify --no_my_cnf "true".
+   Cdist will then place your original /root/.my.cnf back once cdist has run.
+
+
+EXAMPLES
+--------
+
+--------------------------------------------------------------------------------
+# to install a MySQL server
+__mysql_server
+
+# to install a MySQL server, remove remote access, remove test databases 
+# similar to mysql_secure_installation, specify the root password
+__mysql_server --password "Uu9jooKe"
+# this will also write a /root/.my.cnf file
+
+# if you don't want cdist to write a /root/.my.cnf file permanently, specify
+# the --no_my_cnf option
+__mysql_server --password "Uu9jooKe" --no_my_cnf
+--------------------------------------------------------------------------------
+
+
+SEE ALSO
+--------
+- cdist-type(7)
+
+
+COPYING
+-------
+Copyright \(C) 2012 Benedikt Koeppel. Free use of this software is
+granted under the terms of the GNU General Public License version 3 (GPLv3).
diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest
new file mode 100755
index 00000000..ce331998
--- /dev/null
+++ b/conf/type/__mysql_server/manifest
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# 2012 Benedikt Koeppel (code@benediktkoeppel.ch)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+# install mysql-server
+__package mysql-server --state installed
+
+if [ -f "$__object/parameter/no_my_cnf" ]; then
+   no_my_cnf="$(cat "$__object/parameter/no_my_cnf")"
+else
+   no_my_cnf="false"
+fi
+
+if [ -f "$__object/parameter/password" ]; then
+   rootpassword="$(cat "$__object/parameter/password")"
+else
+   rootpassword=""
+fi
+
+if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then
+   # store the root password in /root/.my.cnf so that processes can connect
+   # to the database without requiring a passwort input
+   __file "/root/.my.cnf" --group root --owner root --mode 600
+fi
diff --git a/conf/type/__mysql_server/parameter/optional b/conf/type/__mysql_server/parameter/optional
new file mode 100644
index 00000000..4c40596c
--- /dev/null
+++ b/conf/type/__mysql_server/parameter/optional
@@ -0,0 +1,2 @@
+no_my_cnf
+password
diff --git a/conf/type/__mysql_server/parameter/required b/conf/type/__mysql_server/parameter/required
new file mode 100644
index 00000000..e69de29b
diff --git a/conf/type/__mysql_server/singleton b/conf/type/__mysql_server/singleton
new file mode 100644
index 00000000..e69de29b