nft role + disable iptables when nft enabled

group_vars/git.yaml

@@ -6,6 +6,11 @@ git_server_domain: git.bitlair.nl
 git_server_title: Gitlair
 git_server_bootstrap_cert: no
 
+nft: true
+group_nft_input:
+  - "# Allow web-traffic from world"
+  - "tcp dport { http, https } accept"
+
 nginx_client_max_body_size: 4G
 
 nginx_sites: