szalotka: fix forgejo container push, add site

configuration.nix

@@ -14,6 +14,7 @@
       ./authentik.nix
       ./forgejo.nix
       ./backups.nix
+      ./site.nix
     ];
 
   boot.loader.systemd-boot.enable = true;

forgejo.nix

@@ -55,6 +55,7 @@
       proxyPass = "http://localhost:3001";
     };
   };
+  services.nginx.clientMaxBodySize = "4096m";
 
   # redirect external port 22 to internal 2223
   networking.firewall.allowedTCPPorts = [ 22 2223 ];

site.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }:
+
+{
+  virtualisation.podman.enable = true;
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers = {
+    site = {
+      image = "git.orga.cebula.camp/infra/site:golden";
+      ports = [ "10.88.0.1:9001:80" ];
+    };
+  };
+  services.nginx.virtualHosts."cebula.camp" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://10.88.0.1:9001/";
+      proxyWebsockets = true;
+    };
+  };
+}