sunflower: add mspa

sites/sunflower/configuration.nix

@@ -33,10 +33,44 @@
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "bingosync" ];
+    ensureDatabases = [
+      "bingosync"
+      "mspa"
+    ];
     ensureUsers = [
       { name = "bingosync"; ensureDBOwnership = true; }
+      { name = "mspa"; ensureDBOwnership = true; }
     ];
+    authentication = pkgs.lib.mkOverride 10 ''
+      #type database  DBuser  auth-method optional_ident_map
+      local all  all     peer        map=defaultmap
+    '';
+    identMap = ''
+      # ArbitraryMapName systemUser DBUser
+       defaultmap      root      postgres
+       defaultmap      postgres  postgres
+       defaultmap      php-nginx     mspa
+       defaultmap      bingosync bingosync
+    '';
+  };
+
+  users.users.php-nginx = {
+    isSystemUser = true;
+    group = "php-nginx";
+  };
+  users.groups.php-nginx = {};
+
+  services.phpfpm.pools.nginx = {
+    user = "php-nginx";
+    settings = {
+      "pm" = "dynamic";
+      "listen.owner" = config.services.nginx.user;
+      "pm.max_children" = 5;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 1;
+      "pm.max_spare_servers" = 3;
+      "pm.max_requests" = 500;
+    };
   };
 
   services.nginx = {
@@ -50,12 +84,16 @@
         default = true;
         forceSSL = true;
         enableACME = true;
-        locations."/" = {
-          root = "/var/www/rhelmot.io/";
-        };
+        root = "/var/www/rhelmot.io/";
         locations."/secret/" = {
           basicAuthFile = "/var/lib/rhelmot.io/secret";
-          root = "/var/www/rhelmot.io/";
+        };
+        locations."~ ^/MSPA/(.*\\.php|)$" = {
+          extraConfig = ''
+            fastcgi_pass  unix:${config.services.phpfpm.pools.nginx.socket};
+            fastcgi_index index.php;
+          '';
+          index = "index.php index.html";
         };
       };
       "www.rhelmot.io" = {