{
  config,
  lib,
  pkgs,
  ...
}: let
  inherit (lib.modules) mkIf mkDefault;
  inherit (lib.options) mkEnableOption;
  cfg = config.modules.system.services.nginx;
in {
  options.modules.system.services.nginx.enable = mkEnableOption "nginx";
  config = mkIf cfg.enable {
    security = {
      acme = {
        acceptTerms = true;
        defaults.email = "charlie@charlieroot.dev";
      };
    };
    services.nginx = {
      package = pkgs.nginxQuic;
      statusPage = true;

      recommendedTlsSettings = true;
      recommendedBrotliSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
      recommendedZstdSettings = true;

      clientMaxBodySize = mkDefault "512m";
    };
  };
}