- name: ensure nft is installed
  apt:
    pkg:
      - nftables
  notify:
  - reload nftables

- name: remove legacy firewalls
  apt:
    pkg:
      - ferm
#      - iptables
    purge: True
    state: absent

- name: setup firewall directories
  file:
    path: /etc/nftables.d
    owner: root
    group: root
    mode: "0755"
    state: directory

- name: update firewall rules
  template:
    src: nftables.conf.j2
    dest: /etc/nftables.conf
    owner: root
    group: root
    mode: "0755"
  notify:
  - reload nftables