From 5e9db133973ad0e8936f96b34058272e8edafff7 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Sun, 17 Sep 2023 00:42:19 +0200
Subject: [PATCH] forgejo: Improve HTTP config

---
 system/nixos/forgejo.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/system/nixos/forgejo.nix b/system/nixos/forgejo.nix
index 93b8922..72c3917 100644
--- a/system/nixos/forgejo.nix
+++ b/system/nixos/forgejo.nix
@@ -58,9 +58,13 @@ in
       quic = true;
       http3 = true;
 
-      onlySSL = true;
+      forceSSL = true;
       useACMEHost = "kempkens.io";
 
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+
       locations."/" = {
         recommendedProxySettings = true;
         proxyPass = "http://unix:/run/gitea/gitea.sock";