{ pkgs, ... }: { security.acme.defaults.email = "malte.tammena@pm.me"; security.acme.acceptTerms = true; networking.firewall.allowedTCPPorts = [ 443 80 ]; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; }; }