ansible-proxy-chain/openspec/changes/archive/2026-04-22-fix-ssh-port-default/design.md

Context

Inventory defines ansible_port: 21212 per host. group_vars/all.yml was supposed to derive ssh_port from ansible_port (matching the .example template), but was hardcoded to 22 instead. This means the sshd config, UFW rules, and fail2ban jail all use port 22 regardless of the actual SSH port.

Goals / Non-Goals

Goals:

• Make ssh_port automatically follow ansible_port from inventory

Non-Goals:

• No other changes

Decisions

Change ssh_port: 22 to ssh_port: "{{ ansible_port | default(22) }}" in group_vars/all.yml. This matches the .example and ensures per-host ansible_port is respected. The default(22) fallback handles the case where ansible_port is not defined.