chore: added iac

Signed-off-by: ITQ <itq.dev@ya.ru>

infrastructure/iac/ansible/group_vars/all/sysctl.yaml

@@ -0,0 +1,25 @@
+---
+sysctl_tuning:
+  # Network tuning
+  net.core.somaxconn: 65535
+  net.ipv4.tcp_max_syn_backlog: 65535
+  net.ipv4.tcp_fin_timeout: 30
+  net.ipv4.tcp_keepalive_time: 600
+  net.ipv4.tcp_keepalive_probes: 5
+  net.ipv4.tcp_keepalive_intvl: 15
+  net.ipv4.ip_local_port_range: "1024 65535"
+
+  # Memory tuning
+  vm.swappiness: 10
+  vm.vfs_cache_pressure: 50
+  vm.dirty_ratio: 15
+  vm.dirty_background_ratio: 5
+  vm.overcommit_memory: 1
+  vm.overcommit_ratio: 90
+
+  # Security tuning
+  net.ipv4.conf.all.rp_filter: 1
+  net.ipv4.conf.default.rp_filter: 1
+  net.ipv4.icmp_echo_ignore_broadcasts: 1
+  net.ipv4.icmp_ignore_bogus_error_responses: 1
+  net.ipv4.tcp_syncookies: 1