Remove expose_ssh and support SSH listening on nebula and PVE

No more wireguard SSH for me

ansible/roles/base/files/sshd_config

@@ -2,11 +2,7 @@
 # Change to a high/odd port if this server is exposed to the internet directly
 Port {{ ssh_port }}
 
-{% if expose_ssh %}
-AllowUsers {{ user }}
-{% else %}
-AllowUsers {{ user }}@{{ wireguard.cidr }}
-{% endif %}
+AllowUsers {% if ansible_hostname in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if ansible_hostname in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %}
 
 # Bind to all interfaces (change to specific interface if needed)
 ListenAddress 0.0.0.0