From f45b60f34e9676bc2ab7ad6f0d735c65ec3cc5c8 Mon Sep 17 00:00:00 2001
From: Christoph Schmatzler <christoph@schmatzler.com>
Date: Thu, 11 Dec 2025 20:19:40 +0000
Subject: [PATCH] gitea settings

---
 modules/gitea.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/gitea.nix b/modules/gitea.nix
index b140ed1..aec48e7 100644
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@@ -15,12 +15,24 @@
 				HTTP_PORT = 3000;
 			};
 			service.DISABLE_REGISTRATION = true;
+			security.INSTALL_LOCK = true;
+			session = {
+				COOKIE_SECURE = true;
+				SAME_SITE = "strict";
+			};
+			api.ENABLE_SWAGGER = false;
 		};
 	};
 
 	services.caddy = {
 		enable = true;
 		virtualHosts."git.schmatzler.com".extraConfig = ''
+			header {
+				Strict-Transport-Security "max-age=31536000; includeSubDomains"
+				X-Content-Type-Options "nosniff"
+				X-Frame-Options "DENY"
+				Referrer-Policy "strict-origin-when-cross-origin"
+			}
 			reverse_proxy localhost:3000
 		'';
 	};