infrastructure/machines/web03/django-apps/bocal.nix

{
  pkgs,
  sources,
  config,
  ...
}:

let
  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
in

{
  services.django-apps.sites.bocal = {
    source = "https://git.dgnum.eu/DGNum/www-bocal";
    branch = "main";
    domain = "bocal.webapps.dgnum.eu";

    nginx = {
      enableACME = true;
      forceSSL = true;
    };

    webHookSecret = config.age.secrets."webhook-bocal_token".path;

    python = pkgs.python3.override {
      packageOverrides = _: _: { inherit (nix-pkgs) django-cas-ng django-solo loadcredential; };
    };

    dependencies = ps: [
      ps.django
      ps.django-cas-ng
      ps.django-markdownx
      ps.django-solo
      ps.markdown
      ps.pillow
      ps.loadcredential
    ];

    credentials = {
      SECRET_KEY = config.age.secrets."dj_bocal-secret_key_file".path;
    };

    environment = {
      DJANGO_SETTINGS_MODULE = "app.settings";
      BOCAL_ALLOWED_HOSTS = [ "bocal.webapps.dgnum.eu" ];
      BOCAL_RHOSTS_PATH = "/var/lib/django-apps/bocal/.rhosts";
    };
  };
}