Phpfpm + nginx problem

this is my configuration…

 
{ pkgs, lib, config, ... }:
let
  app = "simanja";
  domain = "${app}.com";
  dataDir = "/home/fadhli/www/";
in {
  services.phpfpm.pools.${app} = {
    user = app;
    settings = {
      "listen.owner" = config.services.nginx.user;
      "pm" = "dynamic";
      "pm.max_children" = 32;
      "pm.max_requests" = 500;
      "pm.start_servers" = 2;
      "pm.min_spare_servers" = 2;
      "pm.max_spare_servers" = 5;
      "php_admin_value[error_log]" = "stderr";
      "php_admin_flag[log_errors]" = true;
      "catch_workers_output" = true;
    };
    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
  };
  services.nginx = {
    enable = true;
    virtualHosts.${domain}.locations."/" = {
      root = dataDir;
      extraConfig = ''
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
        include ${pkgs.nginx}/conf/fastcgi_params;
        include ${pkgs.nginx}/conf/fastcgi.conf;
      '';
     };
  };
  users.users.${app} = {
    isSystemUser = true;
    createHome = true;
    home = dataDir;
    group  = app;
  };
  users.groups.${app} = {};
}

i take this from Phpfpm - NixOS Wiki and modified it a bit.
when i run nixos-rebuild it create the document root directory on my Home folder with root access…i change it to 777 and put index.php in it but when i run localhost in browser it says file not found. please somebody help me…

You’ll need to override that with ProtectHome = lib.mkForce false;.

im sorry i am new to nixos, where to put ProtecHome = lib.mkforce false???

and for additional info… the error happen only if i move the root directory…if i remove “root = /home/fadhli/www” the nginx welcome page is appear but i can’t find where is the default root directory…and everytime i change the root directory to anywhere. file not found or forbidden error appear

Sorry for the assumption! Specifically you should add this to your configuration.nix:
systemd.services.phpfpm-simanja.serviceConfig.ProtectHome = lib.mkForce false; # or pkgs.lib.mkForce if 'lib' is not in scope

When you declare services.phpfpm.pools.simanja NixOS will create a systemd unit named phpfpm-simanja.service which you can reference by systemd.services.phpfpm-simanja. By default the phpfpm module in NixOS generates systemd services which set ProtectHome = true;. ProtectHome = false will make your home directory inaccessible which is why you received the error mentioned above. ProtectHome = true; is a good default for production servers… though maybe not the best for development in your case.

I hope this explanation helps.