Consolidate nftables setup for alpine, debian and ceph roles

roles/debian/tasks/main.yml

@@ -21,6 +21,7 @@
     name:
       - git
       - ifupdown2
+      - nftables
       - rsync
       - vim
       - tmux
@@ -67,6 +68,29 @@
       value: 'prohibit-password'
   notify: reload sshd
 
+- name: Set up generic firewall rules
+  copy:
+    dest: /etc/nftables.conf
+    src: nftables.conf
+  notify: reload nftables
+
+- name: Create nftables include directory
+  file:
+    path: /etc/nftables.d
+    state: directory
+
+- name: Set up local firewall rules
+  template:
+    dest: /etc/nftables.d/services.nft
+    src: services.nft.j2
+  notify: reload nftables
+
+- name: Enable firewall
+  service:
+    name: nftables
+    enabled: yes
+    state: started
+
 - name: Run SSH instance in management VRF
   when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
   block:
@@ -90,4 +114,4 @@
         enabled: yes
       notify: reboot
 
-- meta: flush_handlers
+    - meta: flush_handlers