---
- name: Set hostname to generic localhost
  ansible.builtin.hostname:
    name: localhost.localdomain
    # use: systemd

- name: Ensure IPv4 localhost entry exists in /etc/hosts
  ansible.builtin.lineinfile:
    path: /etc/hosts
    line: "127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4"
    state: present
    create: yes
    regexp: '^127\.0\.0\.1\s+localhost'

- name: Remove IPv6 localhost entry (::1) from /etc/hosts
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '^::1\s+localhost'
    state: absent

- name: Clean APT cache
  ansible.builtin.apt:
    autoclean: yes
    autoremove: yes
    update_cache: no

# - name: Remove xbazzi user
#   ansible.builtin.user:
#     name: xbazzi
#     state: absent
#     remove: true

- name: Truncate machine-id
  ansible.builtin.command: truncate -s 0 /etc/machine-id

- name: Remove DBus machine-id if exists
  ansible.builtin.file:
    path: /var/lib/dbus/machine-id
    state: absent

- name: Remove root SSH folder
  ansible.builtin.file:
    path: /root/.ssh
    state: absent

- name: Remove anaconda kickstart config
  ansible.builtin.file:
    path: /root/anaconda-ks.cfg
    state: absent

- name: Truncate logs
  ansible.builtin.shell: |
    find /var/log -type f -exec truncate -s 0 {} \;

# - name: Clear logs
#   ansible.builtin.file:
#     path: "{{ item }}"
#     state: absent
#   loop:
#     - /var/log/boot.log
#     - /var/log/cron
#     - /var/log/dmesg
#     - /var/log/grubby
#     - /var/log/lastlog
#     - /var/log/maillog
#     - /var/log/messages
#     - /var/log/secure
#     - /var/log/spooler
#     - /var/log/tallylog
#     - /var/log/wtmp
#     - /var/log/yum.log
#     - /var/log/audit/audit.log
#     - /var/log/tuned/tuned.log
#     - /var/log/wpa_supplicant.log
#     - /var/log/ovirt-guest-agent/ovirt-guest-agent.log

- name: Truncate logs
  ansible.builtin.shell: |
    find /var/log -type f -exec truncate -s 0 {} \;


- name: Rotate and vacuum journal logs
  ansible.builtin.shell: |
    journalctl --rotate
    journalctl --vacuum-time=1s
  when: ansible_facts['distribution_major_version'] is version('8', '>=')

- name: Clear bash history
  ansible.builtin.shell: |
    unset HISTFILE
    rm -f /root/.bash_history
    find /home -name .bash_history -exec rm -f {} \;
  become: true

- name: Find all SSH keys
  ansible.builtin.find:
    paths:
      - /etc/ssh
      - /home/
    patterns: 
      - "ssh_host*"
      - "id_*"
      - "authorized_keys"
      - "known_hosts"
    use_regex: false
    recurse: true
    file_type: file
  register: ssh_files

- name: Debug found SSH keys
  debug:
    msg: "{{ item.path }}"
  loop: "{{ ssh_files.files }}"

- name: Remove SSH keys
  ansible.builtin.file:
    path: "{{  item.path }}"
    state: absent
  loop: "{{ ssh_files.files }}"
  # loop: "{{ ssh_keys.results | map(attribute='files') | flatten }}"

- name: Sync changes to disk
  ansible.builtin.command: sync

- name: Remove old local SSH known_hosts entry (necessary to avoid fingerprint warning)
  become_user: xbazzi
  local_action: 
    module: command
    args:
      cmd: ssh-keygen -R "{{ hostvars['sysprep_vm'].ansible_host }}"