base_config: disable cloud-init ssh module to avoid hostkey regeneration

It should run once on first boot anyway and since it apparently runs for
every change in the Proxmox cloud init config, disable it, so it
doesn't, since it's annoying to have "random" hostkey changes.

resources/chaosknoten/router/nftables/nftables.conf

@@ -45,7 +45,7 @@ table inet host {
         tcp dport 22 accept comment "allow ssh access"
 
         # Allow DHCP server access.
-		iifname $if_net0_3_ci_runner udp dport 67 accept comment "allow dhcp server access"
+		iifname { $if_net0_2_v4_nat, $if_net0_3_ci_runner } udp dport 67 accept comment "allow dhcp server access"
     }
 }
 

resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network

@@ -11,6 +11,12 @@ Description=v4-NAT
 # Masquerading done in nftables (nftables.conf).
 IPv6SendRA=yes
 
+DHCPServer=true
+
+[DHCPServer]
+PoolOffset=100
+PoolSize=150
+
 [Address]
 Address=10.32.2.1/24
 

roles/base_config/tasks/main.yaml

@@ -0,0 +1,13 @@
+# Ensure the ssh module is disabled, so a cloud-init config change doesn't regenerate the host keys for no reason.
+- name: check if cloud-init config file exists
+  ansible.builtin.stat:
+    path: /etc/cloud/cloud.cfg
+  register: base_config__stat_cloud_cfg
+
+- name: ensure the cloud-init ssh module is disabled
+  ansible.builtin.replace:
+    path: /etc/cloud/cloud.cfg
+    regexp: " - ssh$"
+    replace: " #- ssh"
+  become: true
+  when: base_config__stat_cloud_cfg.stat.exists