This is required by the PCI compliance scanner. In order to make this
work I now need to run "nixos-rebuild switch --impure" and I had to add
the unstable channel with "nix-channel --add
https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable"
I had to add various directives that I borrowed from a previous install.
It's essentially PHP black magic.
I also had to prevent NixOS from overwriting the permissions on the PHP
users home directory so that nginx would serve the static files as well.
I decided to remove the porkbun provider just to simplify things since
DNS validation incurs a much longer wait than HTTP validation. I also
removed the default address stuff since they would need a port and they
shouldn't be required - I pulled them from sovr which is doing more
exotic things with IPv6.
I also disabled systemd.network since I got a warning about networking
conflict.
I moved the firewall directive to the networking file.
At this point the system comes up and nginx is hosting a static page.
Eli Ribble