- name: Install fail2ban and nftables
  become: true
  dnf:
    name: ['fail2ban', 'nftables-services', 'nftables']
    state: latest
    update_cache: yes
  notify: Restart firewall

- name: Disable firewalld
  become: true
  service:
    name: firewalld.service
    state: stopped
    enabled: no

- name: Enable fail2ban
  become: true
  service:
    name: fail2ban
    state: started
    enabled: yes

- name: Enable nftables-service
  become: true
  service:
    name: nftables
    state: started
    enabled: yes

- name: Configure firewall
  become: true
  copy:
    src: etc
    dest: /
    owner: root
    group: root
    directory_mode: '0750'
    mode: '0750'
    force: no
  notify: Restart firewall

- name: Fix permissions for /etc/network/functions
  become: true
  file:
    path: /etc/network/functions.phd
    mode: '0640'
  notify: Restart firewall