From fda7cac5c053796a370a88c95c25a5a097eb0204 Mon Sep 17 00:00:00 2001
From: Felix Nehrke <felix@nehrke.info>
Date: Thu, 18 Sep 2025 16:42:21 +0200
Subject: [PATCH] Only make ssh-port free on k8s-servers since the agents
 doesn't need to

The only reason I even change the port is to make sure a git-client can
reach the my upcoming git-servers on the standard ssh-port. Though to
achive this I only have to make sure that the port is reacheable on the
internet, after that the port is routed through the kubernetes network.
This means that my agents can keep using the standard-port, which makes
everything easier for me :)
---
 infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl | 4 ----
 k3s/group_vars/agent/config.yml                        | 1 +
 k3s/group_vars/k3s_cluster/config.yml                  | 1 -
 k3s/group_vars/server/config.yml                       | 1 +
 4 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl b/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
index 89f8df3..71a2ffd 100644
--- a/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
+++ b/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
@@ -5,10 +5,6 @@ users:
 - name: cluster
   shell: /bin/bash
 runcmd:
-# setup ssh over port 1022 instead of 22
-- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
-- systemctl daemon-reload
-- systemctl restart ssh.socket
 # configure correct routing via NAT
 - ip route add default via ${network_gateway}
 - NIC=$(ifconfig | grep -q enp7s0 && echo enp7s0 || echo ens10)
diff --git a/k3s/group_vars/agent/config.yml b/k3s/group_vars/agent/config.yml
index 90c7fc7..f508f29 100644
--- a/k3s/group_vars/agent/config.yml
+++ b/k3s/group_vars/agent/config.yml
@@ -1,2 +1,3 @@
 ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 1022 -W %h:%p -q root@{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
+ansible_port: 22
 k3s_version: v1.31.6+k3s1
diff --git a/k3s/group_vars/k3s_cluster/config.yml b/k3s/group_vars/k3s_cluster/config.yml
index b02a06f..db4f021 100644
--- a/k3s/group_vars/k3s_cluster/config.yml
+++ b/k3s/group_vars/k3s_cluster/config.yml
@@ -1,4 +1,3 @@
 ansible_user: root
-ansible_port: 1022
 api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
 
diff --git a/k3s/group_vars/server/config.yml b/k3s/group_vars/server/config.yml
index ce192f6..f78b458 100644
--- a/k3s/group_vars/server/config.yml
+++ b/k3s/group_vars/server/config.yml
@@ -1,2 +1,3 @@
 ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
+ansible_port: 1022
 k3s_version: v1.31.6+k3s1