From 86105ae7c42045b21bf62b94532df456a9dd0a1c Mon Sep 17 00:00:00 2001
From: Mathieu Strypsteen <mathieu@strypsteen.me>
Date: Mon, 15 Jan 2024 18:40:39 +0100
Subject: [PATCH] Make nginx more reliable

---
 container-config/nginx-home/code-server                        | 3 ++-
 container-config/nginx-home/forgejo                            | 3 ++-
 container-config/nginx-home/synapse                            | 3 ++-
 container-config/nginx-home/vault                              | 3 ++-
 container-config/nginx/nginx.conf                              | 1 +
 .../x86_64/stable/policies/policies.json                       | 3 +--
 home/etc/containers/systemd/nginx.container                    | 3 ---
 7 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/container-config/nginx-home/code-server b/container-config/nginx-home/code-server
index b310a3b..bbe1b06 100644
--- a/container-config/nginx-home/code-server
+++ b/container-config/nginx-home/code-server
@@ -4,7 +4,8 @@ server {
   listen [::]:443 ssl;
   include snippets/headers.conf;
   location / {
-    proxy_pass http://systemd-code-server.:8080;
+    set $upstream systemd-code-server.;
+    proxy_pass http://$upstream:8080;
     include snippets/proxy.conf;
     proxy_http_version 1.1;
     proxy_set_header Connection upgrade;
diff --git a/container-config/nginx-home/forgejo b/container-config/nginx-home/forgejo
index aa35e7b..23591a8 100644
--- a/container-config/nginx-home/forgejo
+++ b/container-config/nginx-home/forgejo
@@ -5,7 +5,8 @@ server {
   include snippets/headers.conf;
   add_header Content-Security-Policy "default-src 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
   location / {
-    proxy_pass http://systemd-forgejo.:3000;
+    set $upstream systemd-forgejo.;
+    proxy_pass http://$upstream:3000;
     include snippets/proxy.conf;
     proxy_hide_header Content-Security-Policy;
   }
diff --git a/container-config/nginx-home/synapse b/container-config/nginx-home/synapse
index 9cb3df3..15d9825 100644
--- a/container-config/nginx-home/synapse
+++ b/container-config/nginx-home/synapse
@@ -7,7 +7,8 @@ server {
     return 307 https://matrix-client.matrix.org$request_uri;
   }
   location / {
-    proxy_pass http://systemd-synapse.:8080;
+    set $upstream systemd-synapse.;
+    proxy_pass http://$upstream:8080;
     include snippets/proxy.conf;
     proxy_hide_header Content-Security-Policy;
   }
diff --git a/container-config/nginx-home/vault b/container-config/nginx-home/vault
index 955f22a..f02baf9 100644
--- a/container-config/nginx-home/vault
+++ b/container-config/nginx-home/vault
@@ -4,7 +4,8 @@ server {
   listen [::]:443 ssl;
   include snippets/headers.conf;
   location / {
-    proxy_pass http://systemd-vaultwarden.;
+    set $upstream systemd-vaultwarden.;
+    proxy_pass http://$upstream;
     include snippets/proxy.conf;
     proxy_http_version 1.1;
     proxy_set_header Connection upgrade;
diff --git a/container-config/nginx/nginx.conf b/container-config/nginx/nginx.conf
index 69ae9c9..a71199e 100644
--- a/container-config/nginx/nginx.conf
+++ b/container-config/nginx/nginx.conf
@@ -26,6 +26,7 @@ http {
   client_max_body_size 100M;
   proxy_read_timeout 600;
   proxy_send_timeout 600;
+  resolver host.containers.internal;
   include /etc/nginx-sites/*;
   server {
     listen 80;
diff --git a/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json b/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
index ec9180b..df4ead1 100644
--- a/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
+++ b/desktop/var/lib/flatpak/extension/org.mozilla.firefox.systemconfig/x86_64/stable/policies/policies.json
@@ -6,8 +6,7 @@
     "DisableTelemetry": true,
     "DNSOverHTTPS": {
       "Enabled": true,
-      "Locked": true,
-      "ProviderURL": "https://dns10.quad9.net/dns-query"
+      "ProviderURL": "https://dns.quad9.net/dns-query"
     },
     "EnableTrackingProtection": {
       "Value": true,
diff --git a/home/etc/containers/systemd/nginx.container b/home/etc/containers/systemd/nginx.container
index b086b9d..a187ec9 100644
--- a/home/etc/containers/systemd/nginx.container
+++ b/home/etc/containers/systemd/nginx.container
@@ -1,6 +1,3 @@
-[Unit]
-Requires=code-server.service forgejo.service synapse.service vaultwarden.service
-After=code-server.service forgejo.service synapse.service vaultwarden.service
 [Container]
 Image=cgr.dev/chainguard/nginx
 UserNS=auto