{
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "nolan@thewordnerd.info";
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}