jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

synapse vpn test

Browse Source
This commit is contained in:
Danilo Reyes 2025-03-27 23:11:04 -06:00
parent 65da629248
commit 592d82c664
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/scripts/update-dns.nix
View File

@ -17,7 +17,8 @@
}; };
}; };
services.cloudflare-dyndns = { services.cloudflare-dyndns = {
inherit (config.my.scripts.update-dns) enable; # inherit (config.my.scripts.update-dns) enable;
enable = false;
ipv4 = true; ipv4 = true;
ipv6 = false; ipv6 = false;
proxied = false; proxied = false;

9
modules/servers/synapse.nix
View File

@ -78,6 +78,15 @@ in
extraConfig = '' extraConfig = ''
ssl_verify_client on; ssl_verify_client on;
ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path}; ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path};
set $client_requires_cert 1;
if ($remote_addr ~ "^10\.100\.0\.[0-9]+$") {
set $client_requires_cert 0;
}
if ($client_requires_cert = 1) {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
}
error_page 403 /403.html; error_page 403 /403.html;
''; '';
}; };