From 77545854363aa1d7dea6cce3497b5ad99cb8d0ab Mon Sep 17 00:00:00 2001
From: directlx <directlx.dev@gmail.com>
Date: Fri, 6 Feb 2026 11:30:14 -0500
Subject: [PATCH] Enable MySQL connectivity for Docker applications

- Add MySQL host_vars with firewall rules for port 3306
- Enable IP forwarding on Docker hosts (hiveops, smartjournal)
- Fix container-to-external-network connectivity issue

The IP forwarding setting was previously disabled by the common role's
security defaults, preventing Docker containers from reaching external
databases. This change overrides that setting for hosts running Docker.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 host_vars/hiveops.yml      | 6 ++++++
 host_vars/mysql.yml        | 7 +++++++
 host_vars/smartjournal.yml | 6 ++++++
 3 files changed, 19 insertions(+)
 create mode 100644 host_vars/mysql.yml

diff --git a/host_vars/hiveops.yml b/host_vars/hiveops.yml
index ee09f2a..d1284ae 100644
--- a/host_vars/hiveops.yml
+++ b/host_vars/hiveops.yml
@@ -3,3 +3,9 @@
 
 # Disable firewall (too many ports needed)
 common_firewall_enabled: false
+
+# Enable IP forwarding for Docker networking
+common_sysctl_settings:
+  net.ipv4.ip_forward: 1
+  net.ipv4.conf.all.send_redirects: 0
+  net.ipv4.conf.default.send_redirects: 0
diff --git a/host_vars/mysql.yml b/host_vars/mysql.yml
new file mode 100644
index 0000000..aaa37f7
--- /dev/null
+++ b/host_vars/mysql.yml
@@ -0,0 +1,7 @@
+---
+# MySQL specific variables
+
+# Allow MySQL port through firewall
+common_firewall_allowed_ports:
+  - "22/tcp"    # SSH
+  - "3306/tcp"  # MySQL
diff --git a/host_vars/smartjournal.yml b/host_vars/smartjournal.yml
index 1b340d8..1e86257 100644
--- a/host_vars/smartjournal.yml
+++ b/host_vars/smartjournal.yml
@@ -3,3 +3,9 @@
 
 # Disable firewall
 common_firewall_enabled: false
+
+# Enable IP forwarding for Docker networking
+common_sysctl_settings:
+  net.ipv4.ip_forward: 1
+  net.ipv4.conf.all.send_redirects: 0
+  net.ipv4.conf.default.send_redirects: 0