- name: ensure nftables is installed
  dnf:
    name: nftables >= 0.8
    state: present
    enablerepo: updates-testing
  tags:
  - install

- name: ensure nftables ruleset drop-in directory exists
  file:
    path=/etc/nftables/ruleset.d
    mode=0755
    state=directory
- name: ensure nftables is configured
  copy:
    src=nftables.conf
    dest=/etc/sysconfig/nftables.conf
    mode=0644
  notify: reload nftables

- name: ensure nftables starts at boot
  service:
    name=nftables
    enabled=yes
- meta: flush_handlers
- name: ensure nftables is running
  service:
    name=nftables
    state=started