{ lib, config, ... }: let cfg = config.permafrost.nginx; in { options.permafrost.nginx = { enable = lib.mkEnableOption "nginx nixos module"; certDomains = lib.mkOption { description = "additional domains to register with the ACME cert"; default = [ ]; type = with lib.types; listOf str; }; useStagingServer = lib.mkOption { description = "use the letsencrypt staging server"; default = true; type = with lib.types; bool; }; }; config = lib.mkIf cfg.enable { services.nginx.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; }; }