{
  config,
  lib,
  ...
}:
let
  inherit (config.services.nginx) enable;
in
with lib; mkIf enable {
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
}