- hosts: localhost
  tasks:
    - name: Install firewall packages
      package:
        name:
          - nftables
        state: present
    - name: Create firewall rules directory
      file:
        state: directory
        path: /etc/nftables.d
        owner: root
        group: root
        mode: '0755'
    - name: Firewall rules
      template:
        src: files/firewall_rules.nft.j2
        dest: /etc/nftables.d/noveria.nft
        owner: root
        group: root
        mode: '0600'
      vars:
        ALLOWED_PORTS: [80, 443]
    - name: Enable nftables service
      service:
        name: nftables
        state: started
        enabled: true