new approach

new/configuration.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, ... }:
+let
+    sourcePath = import ./sourcecode.nix { inherit pkgs; };
+in
+{
+  boot.cleanTmpDir = true;
+  networking.hostName = "searchanddisplace";
+  networking.firewall.allowPing = true;
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 mykey"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    neovim
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    adminAddr = "admin@searchanddisplace.com";
+    enablePHP = true;
+    phpPackage = myPhp;
+    virtualHosts."demo.searchanddisplace.com" = {
+        enableACME = true;
+        forceSSL = true;
+        root = sourcePath.source + ''/public'';
+    };
+  };
+
+  security.acme.certs = {
+      "demo.searchanddisplace.com".email = "demo@demo.searchanddisplace.com";
+    };
+    security.acme.acceptTerms = true;
+
+    services.phpfpm.pools.mypool = {
+      user = "nobody";
+      settings = {
+        pm = "dynamic";
+        "listen.owner" = config.services.nginx.user;
+        "pm.max_children" = 5;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 1;
+        "pm.max_spare_servers" = 3;
+        "pm.max_requests" = 500;
+        "catch_workers_output" = 1;
+      };
+    };
+
+  services.sqlite.enable = true;
+}

new/server.nix

@@ -0,0 +1,6 @@
+let
+  nixos = import <nixpkgs/nixos> {
+    configuration = import ./configuration.nix;
+  };
+in
+  nixos.system

new/sourcecode.nix

@@ -0,0 +1,16 @@
+{ pkgs ? import <nixpkgs> {} }:
+with pkgs;
+{
+  source = stdenv.mkDerivation {
+      name = "searchanddisplace-core-source";
+      src = builtins.fetchGit {
+       url = "https://git.law/newroco/searchanddisplace-ingest.git";
+       ref = "master";
+      };
+
+      phases = [ "installPhase" ];
+      installPhase = ''
+        cp -r $src $out
+      '';
+    };
+}