diff --git a/module.nix b/module.nix
index 8bdc2de..f0f37a8 100644
--- a/module.nix
+++ b/module.nix
@@ -1,7 +1,9 @@
-{ config, lib, pkgs, system, ... }:
+{ config, lib, ... }:
 with lib;
-let cfg = config.services.financier;
-in {
+let
+  cfg = config.services.financier;
+in
+{
   imports = [ ];
 
   options.services.financier = {
@@ -15,6 +17,14 @@ in {
       example = "example.org";
     };
 
+    openFirewall = mkOption {
+      description = ''
+        Whether to open ports 80 and 443 in the firewall for the web server that is serving financier.
+      '';
+      type = types.bool;
+      default = true;
+    };
+
     package = mkOption {
       type = types.package;
       description = ''
@@ -23,7 +33,10 @@ in {
     };
 
     server = mkOption {
-      type = types.enum [ "nginx" "caddy" ];
+      type = types.enum [
+        "nginx"
+        "caddy"
+      ];
       description = ''
         The web server to be used for serving Financier. Either "nginx"
         or "caddy".
@@ -34,7 +47,10 @@ in {
   };
 
   config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
+      80
+      443
+    ];
 
     services.nginx = mkIf (cfg.server == "nginx") {
       enable = true;