gogs service: add option for enabling "secure" cookies

1 files changed, 14 insertions, 0 deletions

diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix
index e966a50b9ec..d42367761ab 100644
--- a/nixos/modules/services/misc/gogs.nix
+++ b/nixos/modules/services/misc/gogs.nix
@@ -26,6 +26,10 @@ let
     HTTP_PORT = ${toString cfg.httpPort}
     ROOT_URL = ${cfg.rootUrl}
 
+    [session]
+    COOKIE_NAME = session
+    COOKIE_SECURE = ${boolToString cfg.cookieSecure}
+
     [security]
     SECRET_KEY = #secretkey#
     INSTALL_LOCK = true
@@ -162,6 +166,16 @@ in
         description = "HTTP listen port.";
       };
 
+      cookieSecure = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Marks session cookies as "secure," which means browsers may
+          ensure that the cookie is only sent under an HTTPS connection.
+          It's good to enable this if Gogs is being served over HTTPS.
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.str;
         default = "";