---
- name: Configure firewall
  hosts: all
  tasks:
    - name: Install required packages
      ansible.builtin.apt:
        name:
          - nftables

    - name: Override nftables configurations
      ansible.builtin.copy:
        src: nftables.conf
        dest: /etc/
        owner: root
        mode: '0755'

    - name: Restart nftables
      ansible.builtin.systemd:
        name: nftables.service
        state: restarted
        enabled: true

  # TODO check docker is not pissed off by nftables restart
    # - name: Restart docker daemon
    #   ansible.builtin.systemd:
    #       name: docker.service
    #       state: restarted
    #       enabled: true