diff --git a/anythingforafriend/etc/nixos/configuration.nix b/anythingforafriend/etc/nixos/configuration.nix
index 5e0c3e5..382440f 100644
--- a/anythingforafriend/etc/nixos/configuration.nix
+++ b/anythingforafriend/etc/nixos/configuration.nix
@@ -1,4 +1,4 @@
-{ config, pkgs,  ... }: {
+{ config, lib, pkgs,  ... }: {
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
@@ -20,13 +20,6 @@
   programs.neovim.enable = true;
   programs.neovim.defaultEditor = true;
 
-  services.cloud-init = {
-    enable = true;
-    network.enable = false;
-  };
-  zramSwap.enable = true;
-
-
   security.acme = {
     acceptTerms = true;
     #certs."new.anythingforafriend.com" = {
@@ -41,13 +34,39 @@
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
+  services.cloud-init = {
+    enable = true;
+    network.enable = false;
+  };
+  services.phpfpm.pools.anythingforafriend = {
+    user = "www-data";
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 32;
+      "pm.max_requests" = 500;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 2;
+      "pm.max_spare_servers" = 5;
+      "php_admin_value[error_log]" = "stderr";
+      "php_admin_flag[log_errors]" = true;
+      "catch_workers_output" = true;
+    };
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
+  };
   services.nginx = {
-    #defaultListenAddresses = [ "0.0.0.0" "2604:a880:4:1d0::8824:2000" ];
     enable = true;
     virtualHosts."new.anythingforafriend.com" = {
       addSSL = true;
       enableACME = true;
-      root = "/var/www/new.anythingforafriend.com";
+      locations."/" = {
+        extraConfig = ''
+	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	  fastcgi_pass unix:${config.services.phpfpm.pools.anythingforafriend.socket};
+	  include ${pkgs.nginx}/conf/fastcgi.conf;
+	'';
+      	root = "/var/www/new.anythingforafriend.com";
+      };
     };
   };
   services.openssh = {
@@ -63,6 +82,13 @@
   time.timeZone = "America/Phoenix";
 
   users.groups.deploy = {};
+  users.groups.www-data = {};
+  users.users.www-data = {
+    isSystemUser = true;
+    createHome = true;
+    home = "/var/www/new.anythingforafriend.com";
+    group = "www-data";
+  };
   users.users.deploy = {
     extraGroups = [ "deploy" ];
     isNormalUser = true;
@@ -74,6 +100,8 @@
     openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvhtF6nRWlA6PVs71Eek7p0p2PxTd3P6ZEGFV2t75MB eliribble@nixos"];
   };
   users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvhtF6nRWlA6PVs71Eek7p0p2PxTd3P6ZEGFV2t75MB eliribble@nixos'' ];
+  zramSwap.enable = true;
+