boma/roles/docker_host/tasks at main - sjat/boma - Forgejo: Beyond coding. We forge.

sjat/boma

History

sjat 172ae37953 feat(docker_host): container-forward nftables drop-in (reboot-safe Docker forwarding) base's inet-filter forward chain is policy-drop; on a Docker host that kills published-port DNAT + inter-container forwarding ON REBOOT (nftables loads default-deny before dockerd). This drop-in (loaded via base's /etc/nftables.d/.nft include at boot) appends the container-bridge accepts so a rebooted Docker host keeps forwarding. Resolves FRICTION 2026-06-17 #1 and the GREEN half of ADR-025's acceptance test. NB nftables wildcard is br-, not the iptables br-+. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-18 16:57:47 +02:00
..
main.yml	feat(docker_host): container-forward nftables drop-in (reboot-safe Docker forwarding)	2026-06-18 16:57:47 +02:00

sjat 172ae37953 feat(docker_host): container-forward nftables drop-in (reboot-safe Docker forwarding)

base's inet-filter forward chain is policy-drop; on a Docker host that kills published-port DNAT + inter-container forwarding ON REBOOT (nftables loads default-deny before dockerd). This drop-in (loaded via base's /etc/nftables.d/*.nft include at boot) appends the container-bridge accepts so a rebooted Docker host keeps forwarding. Resolves FRICTION 2026-06-17 #1 and the GREEN half of ADR-025's acceptance test. NB nftables wildcard is br-*, not the iptables br-+.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-18 16:57:47 +02:00

main.yml

feat(docker_host): container-forward nftables drop-in (reboot-safe Docker forwarding)

2026-06-18 16:57:47 +02:00