---
- name: install nftables
  apt:
    name: nftables

- name: create include base directory
  file:
    path: /etc/nftables.d
    state: directory

- name: generate rules files
  loop: "{{ nftables_base_rules | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  copy:
    content: |
      # Ansible managed

      {{ item.value }}
    dest: "/etc/nftables.d/{{ item.key }}.nft"
  notify: reload nftables

- name: generate base nft script
  copy:
    content: |
      #!/usr/sbin/nft -f

      # Ansible managed
      flush ruleset
      include "/etc/nftables.d/*.nft"
    dest: /etc/nftables.conf
  notify: reload nftables

- name: make sure nftables systemd service unit is enabled and started
  systemd:
    name: nftables.service
    state: started
    enabled: yes