---

- name: Remove audit log files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - "/var/log/audit/audit.log"
    - "/var/log/wtmp"
    - "/var/log/lastlog"

- name: Check to see if the /var/log/audit directory exists
  ansible.builtin.stat:
    path: "/var/log/audit"
  register: audit_directory

- name: Ensure /var/log/audit directory exists
  ansible.builtin.file:
    path: /var/log/audit
    state: directory
    mode: "0750"
    owner: root
    group: adm
  when: audit_directory.stat.exists

- name: Ensure /var/log/audit/audit.log exists
  ansible.builtin.file:
    path: /var/log/audit/audit.log
    state: touch
    mode: "0640"
    owner: root
    group: adm
  when: audit_directory.stat.exists

- name: Ensure wtmp and lastlog exist with the correct permissions
  ansible.builtin.copy:
    dest: "{{ item }}"
    content: ""
    mode: "0664"
    owner: root
    group: utmp
  loop:
    - "/var/log/wtmp"
    - "/var/log/lastlog"

- name: Cleaning persistent udev rules
  ansible.builtin.file:
    path: /etc/udev/rules.d/70-persistent-net.rules
    state: absent

- name: "Cleaning the /tmp directories"
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - "/tmp/*"
    - "/var/tmp/*"

- name: Cleaning the SSH host keys
  shell: |
    rm -f /etc/ssh/ssh_host_*

- name: remove /etc/machine-id
  file:
    path: /etc/machine-id
    state: absent

- name: remove /var/lib/dbus/machine-id
  file:
    path: /var/lib/dbus/machine-id
    state: absent

- name: generate new machine-id
  command: systemd-machine-id-setup

- name: Clean apt
  ansible.builtin.apt:
    autoclean: yes
    autoremove: yes
    clean: yes

- name: Cleaning the shell history
  shell: |
    unset HISTFILE
    history -cw
    echo > ~/.bash_history
    rm -fr /root/.bash_history

- name: Clean cloud-init
  ansible.builtin.command: cloud-init clean
  when: cloud_init | bool

...