Give GitLab SSH port 22 and use 2309 for SSH access

ansible/inventory

@@ -1,2 +1,2 @@
 [misc]
-h2954114.stratoserver.net
+pbrinkmeier.de

ansible/misc-all.yaml

@@ -0,0 +1,8 @@
+# All tasks for misc, use this to check whether everything is deployed.
+---
+- name: Set up basic packages, Docker, Nix, sshd
+  import_playbook: misc-setup.yaml
+- name: Deploy Docker configuration
+  import_playbook: misc-docker.yaml
+- name: Check out static websites from git
+  import_playbook: misc-sites.yaml

ansible/misc-setup.yaml

@@ -30,3 +30,23 @@
           - docker
           - docker-compose
           - requests
+    - name: Configure sshd
+      register: sshdconfig
+      become: yes
+      copy:
+        dest: /etc/ssh/sshd_config.d/00_pbri.conf
+        mode: u=rw,g=r,o=r
+        # Included by /etc/ssh/sshd_config before other configuration
+        content: |
+          Port 2309
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        validate: /usr/sbin/sshd -T -f %s
+    - name: Restart sshd
+      when: sshdconfig.changed
+      become: yes
+      service:
+        name: sshd
+        state: restarted

docker/web/docker-compose.yaml

@@ -49,7 +49,7 @@ services:
   gitlab:
     image: gitlab/gitlab-ce:15.3.2-ce.0
     ports:
-      - "2222:22"
+      - "22:22"
     volumes:
       - gitlab_data:/var/opt/gitlab
       - gitlab_logs:/var/log/gitlab
@@ -74,7 +74,7 @@ services:
         gitlab_rails['gitlab_email_from'] = 'git@pbrinkmeier.de'
         gitlab_rails['gitlab_email_reply_to'] = 'noreply@pbrinkmeier.de'
 
-        gitlab_rails['gitlab_shell_ssh_port'] = 2222
+        gitlab_rails['gitlab_shell_ssh_port'] = 22
 
         # https://docs.gitlab.com/omnibus/settings/rpi.html
         puma['worker_processes'] = 2