nft role + disable iptables when nft enabled

roles/monitoring/tasks/main.yaml

@@ -1,42 +1,41 @@
 ---
-- name: monitoring
-  tags: monitoring
-  block:
-    - name: Install nginx site
-      ansible.builtin.template:
-        src: nginx-site.conf
-        dest: /etc/nginx/sites-available/monitoring
-        owner: root
-        group: root
-        mode: 0644
-      notify: reload nginx
 
-    - name: Enable nginx site
-      ansible.builtin.file:
-        src: /etc/nginx/sites-available/monitoring
-        dest: /etc/nginx/sites-enabled/monitoring
-        state: link
-      notify: reload nginx
+- name: Install nginx site
+  ansible.builtin.template:
+    src: nginx-site.conf
+    dest: /etc/nginx/sites-available/monitoring
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
 
-    - name: Start nginx
-      ansible.builtin.systemd:
-        name: nginx
-        state: started
-        enabled: yes
+- name: Enable nginx site
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/monitoring
+    dest: /etc/nginx/sites-enabled/monitoring
+    state: link
+  notify: reload nginx
 
-    - name: Allow HTTP/HTTPS
-      ansible.builtin.iptables:
-        chain: INPUT
-        protocol: tcp
-        destination_port: "{{ item.port }}"
-        ctstate: NEW
-        jump: ACCEPT
-        ip_version: "{{ item.ip }}"
-        action: insert
-      with_items:
-        - { ip: ipv6, port: 80 }
-        - { ip: ipv6, port: 443 }
-      notify: persist iptables
+- name: Start nginx
+  ansible.builtin.systemd:
+    name: nginx
+    state: started
+    enabled: yes
+
+- name: Allow HTTP/HTTPS
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: "{{ item.port }}"
+    ctstate: NEW
+    jump: ACCEPT
+    ip_version: "{{ item.ip }}"
+    action: insert
+  with_items:
+    - { ip: ipv6, port: 80 }
+    - { ip: ipv6, port: 443 }
+  notify: persist iptables
+  when: not nft | bool
 
 - name: mqtt_exporter
   tags: mqtt_exporter