Enable MySQL connectivity for Docker applications

- Add MySQL host_vars with firewall rules for port 3306
- Enable IP forwarding on Docker hosts (hiveops, smartjournal)
- Fix container-to-external-network connectivity issue

The IP forwarding setting was previously disabled by the common role's
security defaults, preventing Docker containers from reaching external
databases. This change overrides that setting for hosts running Docker.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

host_vars/hiveops.yml

@@ -3,3 +3,9 @@
 
 # Disable firewall (too many ports needed)
 common_firewall_enabled: false
+
+# Enable IP forwarding for Docker networking
+common_sysctl_settings:
+  net.ipv4.ip_forward: 1
+  net.ipv4.conf.all.send_redirects: 0
+  net.ipv4.conf.default.send_redirects: 0

host_vars/mysql.yml

@@ -0,0 +1,7 @@
+---
+# MySQL specific variables
+
+# Allow MySQL port through firewall
+common_firewall_allowed_ports:
+  - "22/tcp"    # SSH
+  - "3306/tcp"  # MySQL

host_vars/smartjournal.yml

@@ -3,3 +3,9 @@
 
 # Disable firewall
 common_firewall_enabled: false
+
+# Enable IP forwarding for Docker networking
+common_sysctl_settings:
+  net.ipv4.ip_forward: 1
+  net.ipv4.conf.all.send_redirects: 0
+  net.ipv4.conf.default.send_redirects: 0