{ lib, config, ... }:

let
  cfg = config.permafrost.nginx;
in
{
  options.permafrost.nginx = {
    enable = lib.mkEnableOption "nginx nixos module";

    certDomains = lib.mkOption {
      description = "additional domains to register with the ACME cert";
      default = [ ];
      type = with lib.types; listOf str;
    };

    useStagingServer = lib.mkOption {
      description = "use the letsencrypt staging server";
      default = true;
      type = with lib.types; bool;
    };
  };

  config = lib.mkIf cfg.enable {
    services.nginx.enable = true;

    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };
}