Only make ssh-port free on k8s-servers since the agents doesn't need to

The only reason I even change the port is to make sure a git-client can
reach the my upcoming git-servers on the standard ssh-port. Though to
achive this I only have to make sure that the port is reacheable on the
internet, after that the port is routed through the kubernetes network.
This means that my agents can keep using the standard-port, which makes
everything easier for me :)

infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl

@@ -5,10 +5,6 @@ users:
 - name: cluster
   shell: /bin/bash
 runcmd:
-# setup ssh over port 1022 instead of 22
-- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
-- systemctl daemon-reload
-- systemctl restart ssh.socket
 # configure correct routing via NAT
 - ip route add default via ${network_gateway}
 - NIC=$(ifconfig | grep -q enp7s0 && echo enp7s0 || echo ens10)

k3s/group_vars/agent/config.yml

@@ -1,2 +1,3 @@
 ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 1022 -W %h:%p -q root@{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
+ansible_port: 22
 k3s_version: v1.31.6+k3s1

k3s/group_vars/k3s_cluster/config.yml

@@ -1,4 +1,3 @@
 ansible_user: root
-ansible_port: 1022
 api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
 

k3s/group_vars/server/config.yml

@@ -1,2 +1,3 @@
 ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
+ansible_port: 1022
 k3s_version: v1.31.6+k3s1