{ lib, config, ... }:
with lib;
{
  options.server.networking.enableSSH = mkOption {
    type = types.bool;
    default = true;
    example = false;
  };

  options.server.networking.enableNginx = mkOption {
    type = types.bool;
    default = true;
    example = false;
  };

  config = {
    services.openssh = mkIf config.server.networking.enableSSH {
      enable = true;
      settings.PermitRootLogin = "no";
    };

    networking.firewall.allowedTCPPorts = [
      (mkIf config.services.nginx.enable 80)
      (mkIf config.services.nginx.enable 443)
      (mkIf config.server.networking.enableSSH 22)
    ];
  };
}