Implement SSH passthrough mode and refactor Gitea domain configuration

Major Changes:
- Add dual SSH mode system (passthrough default, dedicated fallback)
- Refactor domain configuration to use direct specification pattern
- Fix critical fail2ban security gap in dedicated mode
- Separate HTTP and SSH domains for cleaner Git URLs

host_vars/arch-vps/main.yml

@@ -72,6 +72,12 @@ nextcloud_admin_password: "{{ vault_nextcloud_admin_password }}"
 nextcloud_service_enabled: true
 nextcloud_service_state: "started"
 
+# =================================================================
+# Gitea Configuration
+# =================================================================
+gitea_http_domain: "git.jnss.me"
+gitea_ssh_domain: "jnss.me"
+
 # =================================================================
 # Security & Logging
 # =================================================================