fix: enable ip_forward in startup sysctl config#59
Merged
jvcorredor merged 2 commits intomainfrom Mar 30, 2026
Merged
Conversation
GCE's hardening sysctl (60-gce-network-security.conf) explicitly sets net.ipv4.ip_forward=0, which blocks container port forwarding after VM restart. Rename sysctl config to 99-cscs-podman.conf so it loads last and overrides the GCE default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
✅ Deploy Preview for cscsdev ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Replace the static book club page with a dynamic React component that fetches books from a new PocketBase `books` collection. Moderators can manage books through a new admin UI at /app/books. - Add `books` collection migration with cover image, status, and metadata fields - Add optional book relation to events collection for linking book-club events - Add BookClubPage component with current book, completed books grid, and cover images - Add BookForm with file upload support for cover images - Add moderator book management pages (/app/books, /app/create-book) - Add Books sidebar item in AppLayout for moderators - Replace hardcoded current book on schedule page with dynamic CurrentBookBadge - Add comprehensive tests (23 new, 80 total passing) - Run Prettier formatting across codebase Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
60-gce-network-security.conf) setsnet.ipv4.ip_forward=0, which breaks Podman container port forwarding after VM restartports.confto99-cscs-podman.confso it loads last and overrides the GCE defaultnet.ipv4.ip_forward=1to the config, required for external traffic to reach the PocketBase containerContext
After a billing outage caused the VM to restart,
api.cscs.devwas unreachable (connection timeout). SSH worked fine because sshd runs on the host, but ports 80/443 (served by PocketBase in a container) require IP forwarding through nftables DNAT rules.Test plan
curl https://api.cscs.dev/api/healthreturns 200sysctl net.ipv4.ip_forwardreturns 1 aftersysctl --system🤖 Generated with Claude Code