---
- name: Install dependencies
  ansible.builtin.apt:
    name: php-fpm
    state: present

- name: Install security.txt
  ansible.builtin.template:
    src: security.txt
    dest: /opt/security.txt
    owner: root
    group: root
    mode: 0644

- name: Allow HTTP/HTTPS
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ item.port }}"
    ctstate: NEW
    jump: ACCEPT
    ip_version: "{{ item.ip }}"
    action: insert
  with_items:
    - { ip: ipv4, port: 80 }
    - { ip: ipv4, port: 443 }
    - { ip: ipv6, port: 80 }
    - { ip: ipv6, port: 443 }
  notify: persist iptables
  when: not nft | bool