- name: Install nftables
  package:
    name: nftables

- name: Set up generic firewall rules
  copy:
    dest: /etc/nftables.conf
    src: nftables.conf
  notify: reload nftables

- name: Create nftables include directory
  file:
    path: /etc/nftables.d
    state: directory

- name: Set up local firewall rules
  template:
    dest: /etc/nftables.d/services.nft
    src: services.nft.j2
  notify: reload nftables

- name: Enable firewall
  service:
    name: nftables
    enabled: yes
    state: started