---
# tasks file for nftables

- name: Déployer la configuration générale
  ansible.builtin.template:
    owner: root
    group: root
    mode: u=rw,g=,o=
    src: nftables.conf.j2
    dest: /etc/nftables.conf
  become: true
  notify: Redémarrer nftables.service

- name: Construire la liste des règles
  ansible.builtin.set_fact:
    nftables_rules: "{{ nftables_rules + specific }}"
  when: specific | length > 0
  loop: "{{ lookup('ansible.builtin.varnames', '^nftables_rules_.+', wantlist=True) }}"
  vars:
    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"

- name: Construire la liste des tables
  ansible.builtin.set_fact:
    nftables_tables: "{{ nftables_tables + specific }}"
  when: specific | length > 0
  loop: "{{ lookup('ansible.builtin.varnames', '^nftables_tables_.+', wantlist=True) }}"
  vars:
    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"

- name: Déployer les règles
  ansible.builtin.template:
    owner: root
    group: root
    mode: u=rw,g=,o=
    src: "{{ role_path }}/templates/rules.conf.j2"
    dest: "/srv/nftables/rules.conf"
  when: nftables_rules | length > 0 
  become: true
  notify: Redémarrer nftables.service

- name: Déployer les tables
  ansible.builtin.template:
    owner: root
    group: root
    mode: u=rw,g=,o=
    src: tables.conf.j2
    dest: /srv/nftables/tables.conf
  when: nftables_tables | length > 0
  become: true
  notify: Redémarrer nftables.service