Add optional php to nginx

2025-07-12 02:56:43 -04:00 · 2025-07-12 02:56:43 -04:00 · c08ff3391f
commit c08ff3391f
parent c35f717231
5 changed files with 60 additions and 50 deletions
--- a/hosts/midas/services/nginx/nixfox/default.nix
+++ b/hosts/midas/services/nginx/nixfox/default.nix
@ -1,60 +1,42 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  services = {
-    # The main nginx domain
-    nginx.virtualHosts = {
-      "nixfox.ca" = {
-        enableACME = true;
-        addSSL = true;
-        root = "/var/www/nixfox-reborn/public";
+  services.nginx.virtualHosts = {
+    "nixfox.ca" = {
+      default = true;
+      enableACME = true;
+      addSSL = true;

-        locations = {
-          "/".extraConfig = ''
-            error_page 404 /404.html;
-          '';
+      root = "/var/www/nixfox-reborn/public";

-          "~ \\.php$".extraConfig = ''
-            fastcgi_index index.php;
-            fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket};
-          '';
+      locations = {
+        "/".extraConfig = ''
+          error_page 404 /404.html;
+        '';

-          "/.well-known/matrix/client".extraConfig = ''
-            default_type application/json;
-            return 200 '{
-              "m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
-              "m.identity_server": { "base_url": "https://matrix.org" }
-            }';
-          '';
+        "~ \\.php$".extraConfig = ''
+          fastcgi_index index.php;
+          fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket};
+        '';

-          "/.well-known/matrix/server".extraConfig = ''
-            default_type application/json;
-            return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
-          '';
-        };
-      };
+        "/.well-known/matrix/client".extraConfig = ''
+          default_type application/json;
+          return 200 '{
+            "m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
+            "m.identity_server": { "base_url": "https://matrix.org" }
+          }';
+        '';

-      "old.nixfox.ca" = {
-        enableACME = true;
-        addSSL = true;
-        root = "/var/www/landing-page";
+        "/.well-known/matrix/server".extraConfig = ''
+          default_type application/json;
+          return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
+        '';
      };
    };

-    # Enable PHP for some fancy stuff
-    phpfpm.pools.nginx = {
-      user = "nobody";
-      settings = {
-        "pm" = "dynamic";
-        "pm.max_children" = 75;
-        "pm.start_servers" = 10;
-        "pm.min_spare_servers" = 5;
-        "pm.max_spare_servers" = 20;
-        "pm.max_requests" = 500;
-        "listen.owner" = config.services.nginx.user;
-        "listen.group" = config.services.nginx.group;
-        "listen.mode" = "0660";
-        "catch_workers_output" = 1;
-      };
+    "old.nixfox.ca" = {
+      enableACME = true;
+      addSSL = true;
+      root = "/var/www/landing-page";
    };
  };
 }
--- a/modules/system/services/server/matrix/element/default.nix
+++ b/modules/system/services/server/matrix/element/default.nix
@ -8,7 +8,7 @@
      server_name = "matrix.${config.vars.primeDomain}";
    };
    branding = {
-      auth_header_logo_url = "https://www.${config.vars.primeDomain}/images/copyright/profile.png";
+      auth_header_logo_url = "https://${config.vars.primeDomain}/nixfoxlogo.png";
      #welcome_background_url = "https://www.${config.vars.primeDomain}/images/backgrounds/template-background.png";
    };
    embedded_pages.home_url = "https://www.${config.vars.primeDomain}/";
--- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix
+++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, nodes, ... }:
 let
  uberBukkit = pkgs.fetchurl {
    url = "https://github.com/Moresteck/uberbukkit/releases/download/2.0.2-241217-1442-3a5552b/uberbukkit-2.0.2.jar";
@ -18,4 +18,10 @@ in {
    };
    cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.primeDomain}" ];
  };
+
+  networking.firewall.extraInputRules = let
+    targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
+  in lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable ''
+    ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 30005 accept
+  '';
 }
--- a/modules/system/services/server/nginx/default.nix
+++ b/modules/system/services/server/nginx/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./acme
+    ./php
    ./user
  ];

--- a/modules/system/services/server/nginx/php/default.nix
+++ b/modules/system/services/server/nginx/php/default.nix
@ -0,0 +1,21 @@
+{ config, lib, ... }:
+{
+  # Enable optional PHP socket
+  config = lib.mkIf config.services.nginx.enable {
+    services.phpfpm.pools.nginx = {
+      user = "nobody";
+      settings = {
+        "pm" = "dynamic";
+        "pm.max_children" = 75;
+        "pm.start_servers" = 10;
+        "pm.min_spare_servers" = 5;
+        "pm.max_spare_servers" = 20;
+        "pm.max_requests" = 500;
+        "listen.owner" = config.services.nginx.user;
+        "listen.group" = config.services.nginx.group;
+        "listen.mode" = "0660";
+        "catch_workers_output" = 1;
+      };
+    };
+  };
+}