- name: 'Get architecture using dpkg'
  command: dpkg --print-architecture
  register: dpkg_architecture
  changed_when: False
  check_mode: no
  tags:
    - 'firewall'

- name: 'Install firewall package (ferm)'
  apt:
    pkg:
      - 'linux-image-{{ dpkg_architecture.stdout }}'
      - 'ferm'
    state: 'present'
  tags:
    - 'firewall'

- name: 'Install firewall configuration (ferm.conf)'
  template:
    src: 'ferm/ferm.conf.j2'
    dest: '/etc/ferm/ferm.conf'
    owner: 'root'
    group: 'root'
    mode: '0644'
  notify:
    - 'Apply firewall rules (ferm)'
  tags:
    - 'firewall'

# vim: ft=yaml.ansible