diff --git a/modules/services/nginx/module.nix b/modules/services/nginx/module.nix
new file mode 100644
index 0000000..63fcef0
--- /dev/null
+++ b/modules/services/nginx/module.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkEnableOption;
+  cfg = config.modules.system.services.nginx;
+in {
+  options.modules.system.services.nginx.enable = mkEnableOption "nginx";
+  config = mkIf cfg.enable {
+    security = {
+      acme = {
+        acceptTerms = true;
+        defaults.email = "charlie@charlieroot.dev";
+      };
+    };
+    services.nginx = {
+      package = pkgs.nginxQuic;
+      statusPage = true;
+
+      recommendedTlsSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      recommendedZstdSettings = true;
+
+      clientMaxBodySize = mkDefault "512m";
+    };
+  };
+}