Use port 1022 for all cluster nodes as SSH-port and fix some config-errors

I'm oversaw completely, that I have to change the SSH-port for all nodes
in the cluster otherwise I cannot provide a meaningful load-balancer for
the git-ssh port in it.

Additionally this allowed me to fix some config errors which I simply
oversaw.

roles/agent-setup/handlers/main.yml

@@ -1,3 +1,9 @@
+- name: Restart sshd
+  systemd_service:
+    name: ssh.socket
+    state: restarted
+    daemon_reload: true
+
 - name: Restart resolved
   service:
     name: systemd-resolved

roles/agent-setup/tasks/main.yml

@@ -1,3 +1,47 @@
+- name: Set facts for target SSH-connection
+  set_fact:
+    target_ansible_port: "{{ ansible_port }}"
+
+- name: Check if SSH-connection is already adjusted
+  ping:
+  ignore_errors: "yes"
+  ignore_unreachable: "yes"
+  register: target_ssh
+
+- name: Set ansible_port to 22 when SSH-connection is not adjusted
+  set_fact:
+    ansible_port: "22"
+  when: target_ssh.unreachable is defined and
+        target_ssh.unreachable == True
+
+- name: Check if initial SSH-connection is active
+  ping:
+  when: target_ssh.unreachable is defined and
+        target_ssh.unreachable == True
+
+- name: Set SSH-port to 1022
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?\s*Port\s+[0-9]+$'
+    line: Port 1022
+  notify: Restart sshd
+  when: target_ssh.unreachable is defined and
+        target_ssh.unreachable == True
+
+- name: Ensure SSH is reloaded
+  meta: flush_handlers
+  when: target_ssh.unreachable is defined and
+        target_ssh.unreachable == True
+
+- name: Reset ansible_port to configured value
+  set_fact:
+    ansible_port: "{{ target_ansible_port }}"
+  when: target_ssh.unreachable is defined and
+        target_ssh.unreachable == True
+
+- name: Run deferred setup to gather facts
+  setup:
+
 - name: Set default network route
   shell: "ip route add default via {{ private_nat }}"
   ignore_errors: "yes"