---

- name: Install nftables related packages
  ansible.builtin.apt:
    state: present
    pkg:
      - nftables
      - net-tools
      - ipset

- name: Template nftables.conf
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "root"
    mode: "0700"
    validate: "{{ item.validate | default() }}"
  with_items:
    - { src: "nftables.conf.j2", dest: "{{ nft_main_config }}",
        backup: "yes", validate: "/usr/sbin/nft -c -f %s" }
  tags:
    - nft
    - nftconfig
  when:
    - nft | bool
  notify:
    - Reload nftables

- name: Cleanup netfilter packages
  ansible.builtin.apt:
    state: absent
    pkg:
      - netfilter-persistent
  when:
    - nft | bool

- name: Cleanup iptables stuff
  ansible.builtin.file:
    state: absent
    path: "{{ item }}"
  with_items:
    - "/etc/iptables/rules/v4"
    - "/etc/iptables/rules/v6"
    - "/etc/iptables"
  when:
    - nft | bool