synapse vpn test

2025-03-27 23:11:04 -06:00
parent 65da629248
commit 592d82c664
2 changed files with 11 additions and 1 deletions
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@@ -78,6 +78,15 @@ in
          extraConfig = ''
            ssl_verify_client on;
            ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path};
+            set $client_requires_cert 1;
+            if ($remote_addr ~ "^10\.100\.0\.[0-9]+$") {
+              set $client_requires_cert 0;
+            }
+            if ($client_requires_cert = 1) {
+              if ($ssl_client_verify != SUCCESS) {
+                return 403;
+              }
+            }
            error_page 403 /403.html;
          '';
        };