alpine: set up firewall

Get services from NetBox and enable SSH unconditionally for now.

roles/alpine/tasks/main.yml

@@ -30,6 +30,18 @@
       value: 'prohibit-password'
   notify: reload sshd
 
+- name: Set up firewall
+  template:
+    dest: /etc/nftables.d/local.nft
+    src: local.nft.j2
+  notify: reload nftables
+
+- name: Enable firewall
+  service:
+    name: nftables
+    enabled: yes
+    state: started
+
 - name: Enable QEMU guest agent
   when: is_virtual
   block: