- name: Install nftables
  apt:
    name: nftables

- name: Configure nftables
  template:
    src: ./filesystem/{{ ansible_host }}/etc/nftables.conf.j2
    dest: /etc/nftables.conf
    mode: 0755
  register: nftables_conf

- name: Enable nftables
  systemd:
    name: nftables
    enabled: yes

- name: Start nftables
  systemd:
    name: nftables
    state: started
  register: nftables_start

- name: Restart nftables
  systemd:
    name: nftables
    state: restarted
  register: nftables_restart
  when:
    nftables_conf is changed and
    nftables_start is not changed

- block:
    - name: List all post-up nft scripts for interfaces
      find:
        paths: /usr/local/sbin
        patterns: "post-up-*.nft"
      register: nft_post_up_scripts

    - name: Reload nft scripts for interfaces
      command: "{{ item.path }}"
      with_items:
        - "{{ nft_post_up_scripts.files }}"

  when:
    nftables_restart is changed