draft: r/gitea: use sshd_config.d

gitea.yml

@@ -3,7 +3,6 @@
   - apache
   - role: gitea
     tags: gitea
-  - sshd
   tasks:
   - name: ensure apache is running
     service:

roles/gitea/files/gitea.sshd_config

@@ -0,0 +1,3 @@
+Match User gitea
+	PasswordAuthentication no
+	PermitTTY no

roles/gitea/handlers/main.yml

@@ -9,3 +9,7 @@
   service:
     name=gitea
     state=restarted
+- name: reload sshd
+  service:
+    name: sshd
+    state: reloaded

roles/gitea/tasks/main.yml

@@ -84,3 +84,15 @@
     name=httpd_can_network_connect
     persistent=yes
     state=yes
+
+- name: ensure sshd is configured for gitea
+  copy:
+    src: gitea.sshd_config
+    dest: /etc/ssh/sshd_config.d/80-gitea.conf
+    mode: u=rw,go=r
+    owner: root
+    group: root
+  notify:
+  - reload sshd
+  tags:
+  - sshd-config