From 2a5d42cbb199c4a5d1a944b03e94a8c46de3090e Mon Sep 17 00:00:00 2001
From: Serge Bazanski <q3k@q3k.org>
Date: Tue, 28 Jan 2025 20:06:38 +0100
Subject: [PATCH] szalotka: fix forgejo container push, add site

---
 configuration.nix |  1 +
 forgejo.nix       |  1 +
 site.nix          | 20 ++++++++++++++++++++
 3 files changed, 22 insertions(+)
 create mode 100644 site.nix

diff --git a/configuration.nix b/configuration.nix
index dfe9994..d726986 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -14,6 +14,7 @@
       ./authentik.nix
       ./forgejo.nix
       ./backups.nix
+      ./site.nix
     ];
 
   boot.loader.systemd-boot.enable = true;
diff --git a/forgejo.nix b/forgejo.nix
index a216ed8..11897be 100644
--- a/forgejo.nix
+++ b/forgejo.nix
@@ -55,6 +55,7 @@
       proxyPass = "http://localhost:3001";
     };
   };
+  services.nginx.clientMaxBodySize = "4096m";
 
   # redirect external port 22 to internal 2223
   networking.firewall.allowedTCPPorts = [ 22 2223 ];
diff --git a/site.nix b/site.nix
new file mode 100644
index 0000000..89221d6
--- /dev/null
+++ b/site.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+
+{
+  virtualisation.podman.enable = true;
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers = {
+    site = {
+      image = "git.orga.cebula.camp/infra/site:golden";
+      ports = [ "10.88.0.1:9001:80" ];
+    };
+  };
+  services.nginx.virtualHosts."cebula.camp" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://10.88.0.1:9001/";
+      proxyWebsockets = true;
+    };
+  };
+}