---
- name: install firewall rules
  become: true
  ansible.builtin.template:
    src: ../templates/vault.nft.j2
    dest: /etc/nftables.d/vault.nft
    mode: '0600'
    owner: root
    group: root
  vars:
    firewall_lb_ips: '{{ hc_vault_security_lb_ips | default({}, True) }}'
    firewall_cluster_nodes_ips: '{{ hc_vault_security_cluster_nodes | default({}, True) }}'
  notify:
    - 'vault : load firewall rules'