{ pkgs, lib, ... }:
{
  services.nginx = {
    enable = true;
    package = pkgs.nginxMainline;
    recommendedTlsSettings = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
    recommendedOptimisation = lib.mkDefault true;
    recommendedGzipSettings = lib.mkDefault true;
  };
  networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; };
}