---
- name: install nftables
  apt:
    name: nftables

- name: create include base directory
  file:
    path: /etc/nftables.d
    state: directory

- name: generate base nft script
  copy:
    content: |
      #!/usr/sbin/nft -f

      # Ansible managed
      flush ruleset
      include "/etc/nftables.d/*.nft"
    dest: /etc/nftables.conf
  notify: reload nftables

- name: make sure nftables systemd service unit is enabled and started
  systemd:
    name: nftables.service
    state: started
    enabled: yes