Working website for AFAF.

I had to add various directives that I borrowed from a previous install.
It's essentially PHP black magic.

I also had to prevent NixOS from overwriting the permissions on the PHP
users home directory so that nginx would serve the static files as well.

anythingforafriend/etc/nixos/configuration.nix

@@ -68,14 +68,36 @@
     virtualHosts."new.anythingforafriend.com" = {
       addSSL = true;
       enableACME = true;
+      extraConfig = ''
+        error_log /var/log/nginx/error.log warn;
+        fastcgi_intercept_errors on;
+        include ${pkgs.nginx}/conf/mime.types;
+	index index.php index.html;
+      '';
       locations."/" = {
         extraConfig = ''
+	  try_files $uri /index.php/$request_uri;
+	'';
+      };
+      locations."~ \\.php" = {
+        extraConfig = ''
+	  try_files $uri =404;
+	  set $script $uri;
+	  set $path_info "";
+	  if ($uri ~ "^(.+\.php)(/.+)") {
+	    set $script $1;
+	    set $path_info $2;
+	  }
 	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
 	  fastcgi_pass unix:${config.services.phpfpm.pools.anythingforafriend.socket};
 	  include ${pkgs.nginx}/conf/fastcgi.conf;
+	  fastcgi_param URI $uri;
+	  fastcgi_param PATH_INFO $path_info;
+	  fastcgi_param SCRIPT_NAME $script;
+	  fastcgi_param SCRIPT_FILENAME $document_root$script;
 	'';
-        root = "/var/www/new.anythingforafriend.com";
       };
+      root = "/var/www/new.anythingforafriend.com";
     };
   };
   services.openssh = {
@@ -91,12 +113,14 @@
   time.timeZone = "America/Phoenix";
 
   users.groups.deploy = {};
-  users.groups.www-data = {};
+  users.groups.nginx = {};
   users.users.www-data = {
     isSystemUser = true;
     createHome = true;
+    extraGroups = [ "nginx" ];
     home = "/var/www/new.anythingforafriend.com";
-    group = "www-data";
+    homeMode = "770";
+    group = "nginx";
   };
   users.users.deploy = {
     extraGroups = [ "deploy" ];