Reset SSH-port of host-machines to 1022

I want to use port 22 for my git-server, therefore I have to make this port free for use of kubernetes. This change allows this, so when I want to connect to the host-machines I'll use port 1022.
2025-09-17 00:50:26 +02:00
parent 1b32fb309c
commit 75a485fbff
6 changed files with 16 additions and 2 deletions
--- a/infra/README.adoc
+++ b/infra/README.adoc
@@ -17,5 +17,9 @@ terraform apply # <2>
 ----

 <1> Init the terraform modules if necessary
-<2> Setup infrastructure and create/update inventory.ini (This might take some time, even after it's "ready")
+<2> Setup infrastructure and create/update inventory.ini
+
+[WARNING]
+The setup will take longer than just the `terraform apply`, since it will install some.
+As a rule of thumb wait ca. 5 minutes after the apply to do other work.
 // end::setup[]
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -51,6 +51,7 @@ module "k8s" {
  kubernetes_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
  ssh_exposed_ips        = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
  public_tcp_services = {
+    git-ssh = ["22"]
    http = ["80", "443"]
  }
 }
--- a/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
+++ b/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
@@ -5,6 +5,10 @@ users:
 - name: cluster
  shell: /bin/bash
 runcmd:
+# setup ssh over port 1022 instead of 22
+- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
+- systemctl daemon-reload
+- systemctl restart ssh.socket
 # configure correct routing via NAT
 - ip route add default via ${network_gateway}
 - NIC=$(ifconfig | grep -q enp7s0 && echo enp7s0 || echo ens10)
--- a/infra/modules/hetzner/kubernetes/server-init.yaml.tftpl
+++ b/infra/modules/hetzner/kubernetes/server-init.yaml.tftpl
@@ -5,6 +5,10 @@ users:
 - name: cluster
  shell: /bin/bash
 runcmd:
+# setup ssh over port 1022 instead of 22
+- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
+- systemctl daemon-reload
+- systemctl restart ssh.socket
 # configure NAT
 - echo '#!/bin/bash' > /etc/networkd-dispatcher/routable.d/10-eth0-post-up
 - echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/networkd-dispatcher/routable.d/10-eth0-post-up
--- a/k3s/group_vars/agent/config.yml
+++ b/k3s/group_vars/agent/config.yml
@@ -1,2 +1,2 @@
-ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 22 -W %h:%p -q root@188.245.199.197"'
+ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 1022 -W %h:%p -q root@{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
 k3s_version: v1.31.6+k3s1
--- a/k3s/group_vars/k3s_cluster/config.yml
+++ b/k3s/group_vars/k3s_cluster/config.yml
@@ -1,3 +1,4 @@
 ansible_user: root
+ansible_port: 1022
 api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"