From 9ff92a89e32a1dbbe72c8f99e15538d2f17253d3 Mon Sep 17 00:00:00 2001
From: Rustam Efimov <rus07tam+contact@ruject.fun>
Date: Tue, 14 Apr 2026 21:23:12 +0300
Subject: [PATCH] feat(services/synapse): add ip_range_blacklist

---
 services/synapse/synapse.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/services/synapse/synapse.nix b/services/synapse/synapse.nix
index 2749e0c..b46918d 100644
--- a/services/synapse/synapse.nix
+++ b/services/synapse/synapse.nix
@@ -63,6 +63,19 @@ mkIf enable {
 
       allow_public_rooms_without_auth = true;
 
+      ip_range_blacklist = [
+        "127.0.0.0/8"
+        "10.0.0.0/8"
+        "172.16.0.0/12"
+        "192.168.0.0/16"
+        "100.64.0.0/10"
+        "169.254.0.0/16"
+        "::1/128"
+        "fe80::/10"
+        "fc00::/7"
+        "::/0" # disable IPv6 (temporary)
+      ];
+
       url_preview_enabled = true;
       url_preview_ip_range_blacklist = [
         "127.0.0.0/8"