---
- name: Install nftables
  ansible.builtin.apt:
    pkg: nftables
    state: present

- name: Install SCE port mapping rules
  ansible.builtin.template:
    src: nft.conf.j2
    dest: /etc/{{ firewall_nft_table_filename }}.conf
    mode: "0755"
    validate: /usr/sbin/nft -cf %s
  notify: Reload port mapping service

- name: Install SCE port mapping systemd service
  ansible.builtin.template:
    src: nft.service.j2
    dest: /etc/systemd/system/{{ firewall_nft_table_filename }}.service
    mode: "0644"
  notify: Reload systemd daemon

# Must be placed here to ensure proper ordering of events
- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Ensure nft SCE port mapping service is started and enabled
  ansible.builtin.systemd_service:
    name: "{{ firewall_nft_table_filename }}.service"
    state: started
    enabled: true