---
- name: Install nftables
  become: true
  apt:
    name: nftables
    state: latest

- name: Create nftables.d directory
  become: true
  file:
    path: /etc/nftables.d
    state: directory
    owner: root
    group: root
    mode: u=rwx,g=rx,o=

- name: Configure nftables
  become: true
  template:
    src: "{{ item }}.j2"
    dest: "/etc/{{ item }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  loop:
    - nftables.d/10-vars.conf
    - nftables.d/20-blacklist.conf
    - nftables.d/30-rp-filter.conf
    - nftables.d/40-signup.conf
    - nftables.d/50-filter.conf
    - nftables.d/60-nat.conf
    - nftables.conf
  notify: Reload nftables

- name: Enable and start nftables
  become: true
  systemd:
    name: nftables.service
    state: started
    enabled: true
...