Add optional php to nginx

2025-07-12 02:56:43 -04:00 · 2025-07-12 02:56:43 -04:00 · c08ff3391f
commit c08ff3391f
parent c35f717231
5 changed files with 60 additions and 50 deletions
--- a/hosts/midas/services/nginx/nixfox/default.nix
+++ b/hosts/midas/services/nginx/nixfox/default.nix
@ -1,60 +1,42 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  services = {
+  services.nginx.virtualHosts = {
-    # The main nginx domain
+    "nixfox.ca" = {
-    nginx.virtualHosts = {
+      default = true;
-      "nixfox.ca" = {
+      enableACME = true;
-        enableACME = true;
+      addSSL = true;
        addSSL = true;
        root = "/var/www/nixfox-reborn/public";
-        locations = {
+      root = "/var/www/nixfox-reborn/public";
          "/".extraConfig = ''
            error_page 404 /404.html;
          '';
-          "~ \\.php$".extraConfig = ''
+      locations = {
-            fastcgi_index index.php;
+        "/".extraConfig = ''
-            fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket};
+          error_page 404 /404.html;
-          '';
+        '';
-          "/.well-known/matrix/client".extraConfig = ''
+        "~ \\.php$".extraConfig = ''
-            default_type application/json;
+          fastcgi_index index.php;
-            return 200 '{
+          fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket};
-              "m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
+        '';
              "m.identity_server": { "base_url": "https://matrix.org" }
            }';
          '';
-          "/.well-known/matrix/server".extraConfig = ''
+        "/.well-known/matrix/client".extraConfig = ''
-            default_type application/json;
+          default_type application/json;
-            return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
+          return 200 '{
-          '';
+            "m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
-        };
+            "m.identity_server": { "base_url": "https://matrix.org" }
-      };
+          }';
        '';
-      "old.nixfox.ca" = {
+        "/.well-known/matrix/server".extraConfig = ''
-        enableACME = true;
+          default_type application/json;
-        addSSL = true;
+          return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
-        root = "/var/www/landing-page";
+        '';
      };
    };
-    # Enable PHP for some fancy stuff
+    "old.nixfox.ca" = {
-    phpfpm.pools.nginx = {
+      enableACME = true;
-      user = "nobody";
+      addSSL = true;
-      settings = {
+      root = "/var/www/landing-page";
        "pm" = "dynamic";
        "pm.max_children" = 75;
        "pm.start_servers" = 10;
        "pm.min_spare_servers" = 5;
        "pm.max_spare_servers" = 20;
        "pm.max_requests" = 500;
        "listen.owner" = config.services.nginx.user;
        "listen.group" = config.services.nginx.group;
        "listen.mode" = "0660";
        "catch_workers_output" = 1;
      };
    };
  };
 }
--- a/modules/system/services/server/matrix/element/default.nix
+++ b/modules/system/services/server/matrix/element/default.nix
@ -8,7 +8,7 @@
      server_name = "matrix.${config.vars.primeDomain}";
    };
    branding = {
-      auth_header_logo_url = "https://www.${config.vars.primeDomain}/images/copyright/profile.png";
+      auth_header_logo_url = "https://${config.vars.primeDomain}/nixfoxlogo.png";
      #welcome_background_url = "https://www.${config.vars.primeDomain}/images/backgrounds/template-background.png";
    };
    embedded_pages.home_url = "https://www.${config.vars.primeDomain}/";
--- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix
+++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nodes, ... }:
 let
  uberBukkit = pkgs.fetchurl {
    url = "https://github.com/Moresteck/uberbukkit/releases/download/2.0.2-241217-1442-3a5552b/uberbukkit-2.0.2.jar";
@ -18,4 +18,10 @@ in {
    };
    cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.primeDomain}" ];
  };
  networking.firewall.extraInputRules = let
    targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
  in lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable ''
    ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 30005 accept
  '';
 }
--- a/modules/system/services/server/nginx/default.nix
+++ b/modules/system/services/server/nginx/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./acme
    ./php
    ./user
  ];
--- a/modules/system/services/server/nginx/php/default.nix
+++ b/modules/system/services/server/nginx/php/default.nix
@ -0,0 +1,21 @@
 { config, lib, ... }:
 {
  # Enable optional PHP socket
  config = lib.mkIf config.services.nginx.enable {
    services.phpfpm.pools.nginx = {
      user = "nobody";
      settings = {
        "pm" = "dynamic";
        "pm.max_children" = 75;
        "pm.start_servers" = 10;
        "pm.min_spare_servers" = 5;
        "pm.max_spare_servers" = 20;
        "pm.max_requests" = 500;
        "listen.owner" = config.services.nginx.user;
        "listen.group" = config.services.nginx.group;
        "listen.mode" = "0660";
        "catch_workers_output" = 1;
      };
    };
  };
 }