Add optional php to nginx

hosts/midas/services/nginx/nixfox/default.nix

@@ -1,11 +1,11 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  services = {
-    # The main nginx domain
-    nginx.virtualHosts = {
+  services.nginx.virtualHosts = {
     "nixfox.ca" = {
+      default = true;
       enableACME = true;
       addSSL = true;
+
       root = "/var/www/nixfox-reborn/public";
 
       locations = {
@@ -39,22 +39,4 @@
       root = "/var/www/landing-page";
     };
   };
-
-    # Enable PHP for some fancy stuff
-    phpfpm.pools.nginx = {
-      user = "nobody";
-      settings = {
-        "pm" = "dynamic";
-        "pm.max_children" = 75;
-        "pm.start_servers" = 10;
-        "pm.min_spare_servers" = 5;
-        "pm.max_spare_servers" = 20;
-        "pm.max_requests" = 500;
-        "listen.owner" = config.services.nginx.user;
-        "listen.group" = config.services.nginx.group;
-        "listen.mode" = "0660";
-        "catch_workers_output" = 1;
-      };
-    };
-  };
 }

modules/system/services/server/matrix/element/default.nix

@@ -8,7 +8,7 @@
       server_name = "matrix.${config.vars.primeDomain}";
     };
     branding = {
-      auth_header_logo_url = "https://www.${config.vars.primeDomain}/images/copyright/profile.png";
+      auth_header_logo_url = "https://${config.vars.primeDomain}/nixfoxlogo.png";
       #welcome_background_url = "https://www.${config.vars.primeDomain}/images/backgrounds/template-background.png";
     };
     embedded_pages.home_url = "https://www.${config.vars.primeDomain}/";

modules/system/services/server/minecraft/servers/uberbeta/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nodes, ... }:
 let
   uberBukkit = pkgs.fetchurl {
     url = "https://github.com/Moresteck/uberbukkit/releases/download/2.0.2-241217-1442-3a5552b/uberbukkit-2.0.2.jar";
@@ -18,4 +18,10 @@ in {
     };
     cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.primeDomain}" ];
   };
+
+  networking.firewall.extraInputRules = let
+    targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+  in lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable ''
+    ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 30005 accept
+  '';
 }

modules/system/services/server/nginx/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./acme
+    ./php
     ./user
   ];
 

modules/system/services/server/nginx/php/default.nix

@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+{
+  # Enable optional PHP socket
+  config = lib.mkIf config.services.nginx.enable {
+    services.phpfpm.pools.nginx = {
+      user = "nobody";
+      settings = {
+        "pm" = "dynamic";
+        "pm.max_children" = 75;
+        "pm.start_servers" = 10;
+        "pm.min_spare_servers" = 5;
+        "pm.max_spare_servers" = 20;
+        "pm.max_requests" = 500;
+        "listen.owner" = config.services.nginx.user;
+        "listen.group" = config.services.nginx.group;
+        "listen.mode" = "0660";
+        "catch_workers_output" = 1;
+      };
+    };
+  };
+}