Add host nanna

.gitea/workflows/check.yaml

@@ -1,5 +1,5 @@
 name: Check
-on: [push]
+"on": [push]
 jobs:
   "Lint Ansible Files":
     runs-on: node-22-bookworm

ansible/group_vars/gods/vars.yaml

@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3

ansible/host_vars/nanna/vars.yaml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+37646262396235383766303137613134323330396364346261653036303935663935323930663630
+3562306337383765323635623838646538376362396638360a366336336134616163663533373836
+30333834306466633162613264376266646239343432646162396132643437663934613464363437
+6530653234336133360a666232386537353835386364613065343063613536613638393736666635
+65363362363766353231646461343764306637353465373633363861333436336263393561656330
+39613761373437313663613737613961666330373135666365373433376437383232383461633861
+333763383538633430303663636338363537

ansible/inventory

@@ -1,2 +1,5 @@
 [misc]
 vmd98928.contaboserver.net ansible_port=2309
+
+[gods]
+nanna

ansible/playbooks/nanna-setup.yaml

@@ -0,0 +1,26 @@
+---
+- name: Basic setup for nanna
+  hosts: nanna
+  tasks:
+    - name: Configure sshd
+      become: true
+      ansible.builtin.copy:
+        dest: /etc/ssh/sshd_config.d/00_pbri.conf
+        mode: u=rw,g=r,o=r
+        # Included by /etc/ssh/sshd_config before other configuration
+        content: |
+          Port 2309
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        validate: /usr/sbin/sshd -T -f %s
+      notify:
+        - Restart sshd
+
+  handlers:
+    - name: Restart sshd
+      become: true
+      ansible.builtin.service:
+        name: ssh
+        state: restarted