How to enforce RSA host keys over ECDSA (using official Docker image)?

We register and announce our servers by their public RSA host key (over puppet). In order to move our GitLab from source-distributed to Omnibus-Docker I mounted the keys of the hosting metal to prevent key collisions and make the migration transparent to the connected git clones. However, the sshd inside the Docker container talks ECDSA rather than RSA which breaks automated clones and gave me slight the headache.

I found four possible solutions but none of them are ideal:

1. Re-register all servers with ECDSA: Long term solution but highly unpredictable work load. Potentially multi-week project.
2. Comment ECDSA HostKey in /assets/sshd_config
3. Redefine HostbasedAcceptedKeyTypes in /assets/sshd_config, remove ECDSA ciphers
4. Make non-RSA keys group readable

Note that sshd(8) will refuse to use a file if it is group/world-accessible and that the HostKeyAlgorithms option restricts which of the keys are actually used by sshd(8).

-- sshd_config (5)

(1) is out because I need a solution now.

(2)/(3) would be my solution of choice but I don't see any reference in /etc/gitlab/gilab.rb to achieve this. I'd volume-mount/override the config but that obviously breaks gitlab-ctl reconfigure.

(4) is the least desirable, dirty hack. Only viable if (2)/(3) aren't feasible.

Question: What needs to go into gitlab.rb to favour RSA?