- name: ensure nft is installed
  apt:
    pkg:
      - nftables
  notify:
  - reload nftables

- name: remove legacy firewalls
  apt:
    pkg:
      - ferm
#      - iptables
    purge: True
    state: absent

- name: setup firewall directories
  file:
    path: /etc/nftables.d
    owner: root
    group: root
    mode: "0755"
    state: directory

- name: update firewall rules
  template:
    src: nftables.conf.j2
    dest: /etc/nftables.conf
    owner: root
    group: root
    mode: "0755"
  notify:
  - reload nftables

- name: copy netforwarding script
  when: firewall.routing
  template:
    src: netforwarding.j2
    dest: /usr/local/bin/netforwarding
    mode: 0755

- name: setup netforwarding service
  when: firewall.routing
  notify: restart netforwarding
  template:
    src: netforwarding.service.j2
    dest: /etc/systemd/system/netforwarding.service
    mode: 0644