{ lib, config, ... }:
let
  enabled = config.mod.nginx.enable;
in
{
  options = {
    mod.nginx = {
      enable = lib.mkEnableOption "add nginx module";
    };
  };

  config = lib.mkIf enabled {
    security = {
      acme = {
        acceptTerms = true;
      };
    };

    services = {
      nginx = {
        enable = true;

        recommendedProxySettings = true;
        recommendedTlsSettings = true;
      };
    };

    networking = {
      firewall = {
        allowedTCPPorts = [
          80
          443
        ];
      };
    };
  };
}