gogs service: add option for enabling "secure" cookies

2017-04-23 16:26:56 +01:00 · 2017-04-23 16:26:56 +01:00 · ced172010a
commit ced172010a
parent 0e90a05a52
1 changed files with 14 additions and 0 deletions
--- a/nixos/modules/services/misc/gogs.nix
+++ b/nixos/modules/services/misc/gogs.nix
@ -26,6 +26,10 @@ let
    HTTP_PORT = ${toString cfg.httpPort}
    ROOT_URL = ${cfg.rootUrl}

+    [session]
+    COOKIE_NAME = session
+    COOKIE_SECURE = ${boolToString cfg.cookieSecure}
+
    [security]
    SECRET_KEY = #secretkey#
    INSTALL_LOCK = true
@ -162,6 +166,16 @@ in
        description = "HTTP listen port.";
      };

+      cookieSecure = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Marks session cookies as "secure," which means browsers may
+          ensure that the cookie is only sent under an HTTPS connection.
+          It's good to enable this if Gogs is being served over HTTPS.
+        '';
+      };
+
      extraConfig = mkOption {
        type = types.str;
        default = "";