From 336d44e8f858708fc139817da9d441b2bddb7ef5 Mon Sep 17 00:00:00 2001
From: Jakob Meier <comcloudway@ccw.icu>
Date: Wed, 27 Dec 2023 10:54:34 +0100
Subject: [PATCH] Made ssh port configurable

---
 group_vars/all/default.yml                  | 1 +
 roles/network/nftables/templates/50_ssh.nft | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/group_vars/all/default.yml b/group_vars/all/default.yml
index 33b9312..37c2569 100644
--- a/group_vars/all/default.yml
+++ b/group_vars/all/default.yml
@@ -7,6 +7,7 @@ base_packages:
   - htop
   - doas
 shell: /bin/ash
+ssh_port: "22"
 docker_subid: "100000:65536"
 container_dir: "/home/{{ username }}"
 domain: "example.com"
diff --git a/roles/network/nftables/templates/50_ssh.nft b/roles/network/nftables/templates/50_ssh.nft
index 5ff510f..7234009 100644
--- a/roles/network/nftables/templates/50_ssh.nft
+++ b/roles/network/nftables/templates/50_ssh.nft
@@ -3,6 +3,6 @@
 table inet filter {
 	chain input {
 		# allow ssh
-		tcp dport 22 accept comment "accept SSH"
+		tcp dport {{ ssh_port }} accept comment "accept SSH"
 	}
 }
-- 
2.38.5