Add nftables role

roles/nftables/tasks/Ubuntu.yaml

@@ -0,0 +1,5 @@
+---
+- name: remove ufw
+  ansible.builtin.package:
+    name: "{{ nftables_ufw_package_name | default('ufw') }}"
+    state: "{{ nftables_ufw_package_state | default('absent') }}"

roles/nftables/tasks/configure.yaml

@@ -0,0 +1,16 @@
+---
+- name: configure rules
+  ansible.builtin.template:
+    src: nftables.conf.j2
+    dest: "{{ nftables_config_path | default('/etc/nftables.conf') }}"
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - restart nftables
+
+- name: manage service
+  ansible.builtin.service:
+    name: "{{ nftables_service_name | default('nftables') }}"
+    state: "{{ nftables_service_state | default('started') }}"
+    enabled: "{{ nftables_service_enabled | default(true) }}"

roles/nftables/tasks/install.yaml

@@ -0,0 +1,5 @@
+---
+- name: remove ufw
+  ansible.builtin.package:
+    name: "{{ nftables_package_name | default('nftables') }}"
+    state: "{{ nftables_package_state | default('present') }}"

roles/nftables/tasks/main.yaml

@@ -0,0 +1,28 @@
+---
+- name: gather OS specific variables
+  ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: run os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- include_tasks: install.yaml
+
+- include_tasks: configure.yaml