r/gitea: use sshd_config.d

Recent(-ish) versions of Fedora have a drop-in configuration directory
for `sshd`.  This allows applications, etc. to define certain settings
for the SSH server, without having to manage the entire server
configuration.  For Gitea specifically, we only need to set a few
settings for the *gitea* user, leaving the remaining settings alone.

This commit does not include any migration to undo the settings that
were originally set,  but that should be as simple as `mv
/etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config && systemctl reload
sshd`.

gitea.yml

@@ -3,7 +3,6 @@
   - apache
   - role: gitea
     tags: gitea
-  - sshd
   tasks:
   - name: ensure apache is running
     service:

roles/gitea/files/gitea.sshd_config

@@ -0,0 +1,3 @@
+Match User gitea
+	PasswordAuthentication no
+	PermitTTY no

roles/gitea/handlers/main.yml

@@ -9,3 +9,7 @@
   service:
     name=gitea
     state=restarted
+- name: reload sshd
+  service:
+    name: sshd
+    state: reloaded

roles/gitea/tasks/main.yml

@@ -84,3 +84,15 @@
     name=httpd_can_network_connect
     persistent=yes
     state=yes
+
+- name: ensure sshd is configured for gitea
+  copy:
+    src: gitea.sshd_config
+    dest: /etc/ssh/sshd_config.d/80-gitea.conf
+    mode: u=rw,go=r
+    owner: root
+    group: root
+  notify:
+  - reload sshd
+  tags:
+  - sshd-config