From 044d0b8bbe11584ae2309bcea7ca4f47d437a79d Mon Sep 17 00:00:00 2001
From: Manu <manu@beffara.org>
Date: Mon, 24 Feb 2020 12:12:40 +0100
Subject: [PATCH] Enable the Nginx web server with PHP

PHP settings are taken from the NixOS wiki at
<https://nixos.wiki/wiki/Nginx>.
---
 configuration.nix | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/configuration.nix b/configuration.nix
index b1d8972..26f18e0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -21,6 +21,7 @@
     hostName = "vps749417";
     useDHCP = false;
     interfaces.ens3.useDHCP = true;
+    firewall.allowedTCPPorts = [ 22 80 443 ];
   };
 
   # Time zone
@@ -37,6 +38,35 @@
     passwordAuthentication = false;
   };
 
+  # Nginx web server
+  services.nginx = {
+    enable = true;
+    virtualHosts."www.beffara.org" = {
+      forceSSL = true;
+      root = "/data/web/root";
+      sslCertificate = "/data/web/cert/beffara.org.crt";
+      sslCertificateKey = "/data/web/cert/beffara.org.key";
+      locations."~ \.php$".extraConfig = ''
+        fastcgi_pass  unix:${config.services.phpfpm.pools.web.socket};
+        fastcgi_index index.php;
+      '';
+    };
+  };
+
+  # FastCGI server for PHP
+  services.phpfpm.pools.web = {
+    user = "nobody";
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 5;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 1;
+      "pm.max_spare_servers" = 3;
+      "pm.max_requests" = 500;
+    };
+  };
+
   # Initial user account
   users.users.manu = {
     isNormalUser = true;