diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix
index e09469a..56dbb47 100644
--- a/machines/fuuko/configuration.nix
+++ b/machines/fuuko/configuration.nix
@@ -36,11 +36,6 @@
 
   services.nginx = {
     enable = true;
-
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
   };
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
diff --git a/machines/nazuna/configuration.nix b/machines/nazuna/configuration.nix
index 4248acd..d8d9dd8 100644
--- a/machines/nazuna/configuration.nix
+++ b/machines/nazuna/configuration.nix
@@ -15,14 +15,7 @@
 
   system.stateVersion = "23.05";
 
-  services.nginx = {
-    enable = true;
-
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-  };
+  services.nginx.enable = true;
   networking.firewall.allowedTCPPorts = [ 80 443 ];
   systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
 
diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix
index 021a7d0..3fded40 100644
--- a/machines/okarin/configuration.nix
+++ b/machines/okarin/configuration.nix
@@ -22,11 +22,6 @@
   services.nginx = {
     enable = true;
 
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
     virtualHosts."okarin.sbruder.xyz" = {
       enableACME = true;
       forceSSL = true;
diff --git a/machines/renge/configuration.nix b/machines/renge/configuration.nix
index aa4eab0..0acfa0c 100644
--- a/machines/renge/configuration.nix
+++ b/machines/renge/configuration.nix
@@ -41,11 +41,6 @@
   services.nginx = {
     enable = true;
 
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
     virtualHosts."sbruder.de" = {
       enableACME = true;
       forceSSL = true;
diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix
index dde728d..c7ca922 100644
--- a/machines/vueko/configuration.nix
+++ b/machines/vueko/configuration.nix
@@ -42,11 +42,6 @@
   services.nginx = {
     enable = true;
 
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
     virtualHosts = {
       "vueko.sbruder.de" = {
         enableACME = true;
diff --git a/modules/nginx.nix b/modules/nginx.nix
index 6eca8cb..f9c3a9d 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -6,6 +6,7 @@ in
   options.sbruder.nginx = {
     hardening.enable = lib.mkEnableOption "nginx hardening";
     privacy.enable = (lib.mkEnableOption "nginx privacy options") // { default = true; };
+    recommended.enable = (lib.mkEnableOption "recommended options") // { default = true; };
   };
 
   config = lib.mkMerge [
@@ -26,5 +27,13 @@ in
         access_log off;
       '';
     })
+    (lib.mkIf cfg.recommended.enable {
+      services.nginx = {
+        recommendedGzipSettings = lib.mkDefault true;
+        recommendedOptimisation = lib.mkDefault true;
+        recommendedProxySettings = lib.mkDefault true;
+        recommendedTlsSettings = lib.mkDefault true;
+      };
+    })
   ];
 }