feat: new services and fixes

roles/nginx/templates/forwarder.conf.j2

@@ -3,23 +3,19 @@
 # Transparent TCP proxy (no protocol inspection)
 
 {% if config.http | default(true) %}
-upstream {{ domain | replace('.', '_') | replace('-', '_') }}_http {
-    server {{ config.forward_to }}:80;
-}
-
 server {
     listen 80;
-    proxy_pass {{ domain | replace('.', '_') | replace('-', '_') }}_http;
+    # Using variable forces runtime DNS resolution (avoids startup failures)
+    set $upstream_http {{ config.forward_to }};
+    proxy_pass $upstream_http:80;
 }
 {% endif %}
 
 {% if config.https | default(true) %}
-upstream {{ domain | replace('.', '_') | replace('-', '_') }}_https {
-    server {{ config.forward_to }}:443;
-}
-
 server {
     listen 443;
-    proxy_pass {{ domain | replace('.', '_') | replace('-', '_') }}_https;
+    # Using variable forces runtime DNS resolution (avoids startup failures)
+    set $upstream_https {{ config.forward_to }};
+    proxy_pass $upstream_https:443;
 }
 {% endif %}

roles/nginx/templates/nginx.conf.j2

@@ -57,6 +57,11 @@ http {
 {% if nginx_forwarder and nginx_forwarder | length > 0 %}
 # Stream block for TCP/UDP proxying
 stream {
+    # DNS resolver for runtime hostname resolution
+    # Using 127.0.0.1 (systemd-resolved) with 30s cache and 5s timeout
+    resolver 127.0.0.1 valid=30s ipv6=off;
+    resolver_timeout 5s;
+
     # Load stream configurations
     include {{ nginx_streams_dir }}/*.conf;
 }