From 0d9866765012c0906ef0f8c434b905aad52d9ef7 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Fri, 20 Mar 2026 21:21:26 +0100
Subject: [PATCH] add dns for proxy inside container

---
 nix/image/bootstrap.sh                        | 18 ++++++++++++++++++
 nix/image/configs.nix                         | 14 +++-----------
 nix/image/configs/dnsmasq.conf                |  6 ++++++
 nix/image/configs/nginx.conf                  |  2 +-
 nix/image/configs/{cron.conf => oc-cron.conf} |  0
 nix/image/configs/{sudoers => sudoers.d/haze} |  0
 nix/image/configs/supervisor/dnsmasq.conf     |  2 ++
 nix/image/haze.nix                            |  2 ++
 src/php.rs                                    |  5 +++++
 9 files changed, 37 insertions(+), 12 deletions(-)
 create mode 100644 nix/image/configs/dnsmasq.conf
 rename nix/image/configs/{cron.conf => oc-cron.conf} (100%)
 rename nix/image/configs/{sudoers => sudoers.d/haze} (100%)
 create mode 100644 nix/image/configs/supervisor/dnsmasq.conf

diff --git a/nix/image/bootstrap.sh b/nix/image/bootstrap.sh
index c8842f9..51bfa68 100755
--- a/nix/image/bootstrap.sh
+++ b/nix/image/bootstrap.sh
@@ -66,4 +66,22 @@ then
   cp /etc/supervisor/blackfire.conf /etc/supervisor/enabled/
 fi
 
+if [ -n "${PROXY_BASE:-}" ]; then
+  UPSTREAM_DNS=$(cat /etc/resolv.conf | grep nameserver | cut -d' ' -f 2)
+  (
+    RC=$(sed '/nameserver/d' /etc/resolv.conf)
+    echo "$RC" > /etc/resolv.conf
+  )
+  echo 'nameserver 127.0.0.22' >> /etc/resolv.conf
+
+  echo "s/UPSTREAM_DNS/${UPSTREAM_DNS}"
+  sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/dnsmasq.conf
+  echo "s/PROXY_BASE/${PROXY_BASE}"
+  sed -i "s/PROXY_BASE/${PROXY_BASE}/" /etc/dnsmasq.conf
+  echo "s/HOST_IP/${HOST_IP}"
+  sed -i "s/HOST_IP/${HOST_IP}/" /etc/dnsmasq.conf
+
+  cp /etc/supervisor/dnsmasq.conf /etc/supervisor/enabled/
+fi
+
 exec supervisord -c /etc/supervisor/supervisord.conf
\ No newline at end of file
diff --git a/nix/image/configs.nix b/nix/image/configs.nix
index 79449b5..afa06c7 100644
--- a/nix/image/configs.nix
+++ b/nix/image/configs.nix
@@ -1,15 +1,7 @@
 {runCommand}:
 runCommand "configs" {} ''
-  mkdir -p $out/etc
-  mkdir -p $out/etc/sudoers.d
-  mkdir -p $out/conf
-  cp ${./configs/cron.conf} $out/etc/oc-cron.conf
-  cp ${./configs/nginx-app.conf} $out/conf/nginx-app.conf
-  cp ${./configs/sudoers} $out/etc/sudoers.d/haze
-  cp -r ${./configs/nc} $out/etc/nc
-  cp ${./configs/php-fpm.conf} $out/etc/php-fpm.conf
-  cp ${./configs/nginx.conf} $out/etc/nginx.conf
-  cp -r ${./configs/supervisor} $out/etc/supervisor
-  chmod +w $out/etc/supervisor
+  mkdir -p $out
+  cp -r ${./configs} $out/etc
+  chmod -R +w $out/etc
   mkdir $out/etc/supervisor/enabled/
 ''
diff --git a/nix/image/configs/dnsmasq.conf b/nix/image/configs/dnsmasq.conf
new file mode 100644
index 0000000..2b1afc5
--- /dev/null
+++ b/nix/image/configs/dnsmasq.conf
@@ -0,0 +1,6 @@
+listen-address=127.0.0.22
+no-resolv
+
+address=/PROXY_BASE/HOST_IP
+
+server=UPSTREAM_DNS
\ No newline at end of file
diff --git a/nix/image/configs/nginx.conf b/nix/image/configs/nginx.conf
index 6e707c2..b25ab52 100644
--- a/nix/image/configs/nginx.conf
+++ b/nix/image/configs/nginx.conf
@@ -79,7 +79,7 @@ http {
             }
         }
 
-        include /conf/nginx-app.conf;
+        include /etc/nginx-app.conf;
 
         location ~ \.php(?:$|/) {
             rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
diff --git a/nix/image/configs/cron.conf b/nix/image/configs/oc-cron.conf
similarity index 100%
rename from nix/image/configs/cron.conf
rename to nix/image/configs/oc-cron.conf
diff --git a/nix/image/configs/sudoers b/nix/image/configs/sudoers.d/haze
similarity index 100%
rename from nix/image/configs/sudoers
rename to nix/image/configs/sudoers.d/haze
diff --git a/nix/image/configs/supervisor/dnsmasq.conf b/nix/image/configs/supervisor/dnsmasq.conf
new file mode 100644
index 0000000..d57ed09
--- /dev/null
+++ b/nix/image/configs/supervisor/dnsmasq.conf
@@ -0,0 +1,2 @@
+[program:dnsmasq]
+command = /bin/dnsmasq --keep-in-foreground -u root
\ No newline at end of file
diff --git a/nix/image/haze.nix b/nix/image/haze.nix
index 7c740af..8751e42 100644
--- a/nix/image/haze.nix
+++ b/nix/image/haze.nix
@@ -34,6 +34,7 @@
   vim,
   helix,
   python3Packages,
+  dnsmasq,
 }: let
   inherit (builtins) toString;
   inherit (lib) readFile getExe concatStringsSep splitString take;
@@ -149,6 +150,7 @@
       vim
       helix
       python3Packages.supervisor
+      dnsmasq
     ];
   };
 
diff --git a/src/php.rs b/src/php.rs
index f4e0277..d1abaa2 100644
--- a/src/php.rs
+++ b/src/php.rs
@@ -160,6 +160,11 @@ impl PhpVersion {
             proxy_config.addr(id, IpAddr::V4(Ipv4Addr::LOCALHOST))
         ));
 
+        env.push(format!("HOST_IP={host}"));
+        if !proxy_config.address.is_empty() {
+            env.push(format!("PROXY_BASE={}", proxy_config.address));
+        }
+
         let mut labels = hashmap! {
             "haze-type".to_string() => "cloud".to_string(),
             "haze-db".to_string() => db.name().to_string(),