{ config, lib, ... }:

let
  inherit (lib) mkEnableOption mkIf;

  cfg = config.dgn-web;
in {
  options.dgn-web = {
    enable = mkEnableOption "sane defaults for web services.";
  };

  config = mkIf cfg.enable {
    services.nginx = {
      enable = true;

      recommendedBrotliSettings = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      recommendedZstdSettings = true;
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };
}