From 84e48936657c12f3dba708d2f3a40991497c309e Mon Sep 17 00:00:00 2001
From: Pierre Penninckx <github@pierre.tiserbox.com>
Date: Sun, 1 Sep 2024 23:51:06 -0700
Subject: [PATCH] Make sure fox nginx to wait on authelia (#292)

---
 modules/blocks/authelia.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix
index d27db34..bf07174 100644
--- a/modules/blocks/authelia.nix
+++ b/modules/blocks/authelia.nix
@@ -416,6 +416,15 @@ in
         ${pkgs.bash}/bin/bash -c '(while ! ${pkgs.netcat-openbsd}/bin/nc -z -v -w1 ${cfg.ldapHostname} ${toString cfg.ldapPort}; do echo "Waiting for port ${cfg.ldapHostname}:${toString cfg.ldapPort} to open..."; sleep 2; done); sleep 2'
           '');
 
+
+    # Need to wait on auth endpoint to be available otherwise nginx can fail to start.
+    # For example when DNS server is restarting at the same time or Auth endpoint itself.
+    systemd.services.nginx =
+      {
+        wants = [ "authelia-${fqdn}.service" ];
+        after = [ "authelia-${fqdn}.service" ];
+      };
+
     services.nginx.virtualHosts.${fqdn} = {
       forceSSL = !(isNull cfg.ssl);
       sslCertificate = lib.mkIf (!(isNull cfg.ssl)) cfg.ssl.paths.cert;