- hosts: localhost
  tasks:
    - name: "network/firewall : Install nftables packages"
      package:
        name:
          - nftables
        state: present
    - name: "network/firewall : Create nftables.d directory"
      file:
        state: directory
        path: /etc/nftables.d
        owner: root
        group: root
        mode: "0755"
    - name: "network/firewall : Firewall rules"
      template:
        src: files/firewall_rules.nft.j2
        dest: /etc/nftables.d/noveria.nft
        owner: root
        group: root
        mode: "0600"
      vars:
        ALLOWED_PORTS: [80, 443]
    - name: "network/firewall : Enable nftables service"
      service:
        name: nftables
        state: started
        enabled: true