synapse vpn test

2025-03-27 23:11:04 -06:00 · 2025-03-27 23:11:04 -06:00 · 592d82c664
commit 592d82c664
parent 65da629248
2 changed files with 11 additions and 1 deletions
--- a/modules/scripts/update-dns.nix
+++ b/modules/scripts/update-dns.nix
@ -17,7 +17,8 @@
      };
    };
    services.cloudflare-dyndns = {
-      inherit (config.my.scripts.update-dns) enable;
+      # inherit (config.my.scripts.update-dns) enable;
+      enable = false;
      ipv4 = true;
      ipv6 = false;
      proxied = false;
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@ -78,6 +78,15 @@ in
          extraConfig = ''
            ssl_verify_client on;
            ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path};
+            set $client_requires_cert 1;
+            if ($remote_addr ~ "^10\.100\.0\.[0-9]+$") {
+              set $client_requires_cert 0;
+            }
+            if ($client_requires_cert = 1) {
+              if ($ssl_client_verify != SUCCESS) {
+                return 403;
+              }
+            }
            error_page 403 /403.html;
          '';
        };