---
- name: "Configure SSH for Public Key Authentication"
  shell: |
    sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
- name: "Restarting the SSH daemon."
  shell: |
    sudo systemctl restart sshd

- name: Remove cloud-init files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
    - /etc/cloud/cloud.cfg.d/50-curtin-networking.cfg
    - /etc/cloud/cloud.cfg.d/curtin-preserve-sources.cfg
    - /etc/cloud/cloud.cfg.d/99-installer.cfg
    - /etc/netplan/00-installer-config.yaml
  when:
    - cloud_init | bool
    - ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04"

- name: Disable cloud-init if configured to 
  block:
    - name: Check if /etc/cloud/ exists
      ansible.builtin.stat:
        path: '/etc/cloud/'
      register: etc_cloud_folder

    - name: 'Generate /etc/cloud/cloud-init.disabled'
      ansible.builtin.copy:
        dest: '/etc/cloud/cloud-init.disabled'
        content: 'disabled by ansible\n'
        owner: 'root'
        group: 'root'
        mode: '0644'
      when:
        - 'etc_cloud_folder.stat.exists'
  when: 
    - not cloud_init | bool
    - ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04"

- name: Copy cloud-init PVE default file
  ansible.builtin.copy:
    dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
    content: |
      datasource_list: [ ConfigDrive, NoCloud ]
  when: cloud_init | bool

- name: "Modifying GRUB."
  shell: |
    sed -i -e "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\(.*\)\"/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/" /etc/default/grub
    update-grub
  when: ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04"

- name: Creating SSH key regeneration service file
  ansible.builtin.copy:
    dest: /etc/systemd/system/regenerate_ssh_host_keys.service
    content: |
      [Unit]
      Description=Regenerate SSH host keys
      Before=ssh.service
      ConditionFileIsExecutable=/usr/bin/ssh-keygen

      [Service]
      Type=oneshot
      ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
      ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
      ExecStart=/usr/bin/ssh-keygen -A -v
      ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys

      [Install]
      WantedBy=multi-user.target
  when: not cloud_init | bool

- name: Reload systemd to re-read configurations
  ansible.builtin.systemd:
    daemon-reload: true
  when: not cloud_init | bool

- name: Enable regenerate_ssh_host_keys service
  ansible.builtin.systemd:
    name: regenerate_ssh_host_keys
    enabled: true
  when: not cloud_init | bool

...