{ config, ... }:

let
  inherit (config.networking) ports;
in
{
  services.nginx = {
    enable = true;
    defaultHTTPListenPort = ports.nginx-http.tcp;
    defaultSSLListenPort = ports.nginx-https.tcp;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}