Use nftables for firewall on ingress

See ya never, iptables!

ansible/roles/ingress/tasks/firewall.yml

@@ -0,0 +1,19 @@
+- name: Install nftables
+  package:
+    name: nftables
+  become: true
+
+- name: Copy firewall config
+  template:
+    src: files/nftables.conf
+    dest: /etc/nftables.conf
+    validate: nft -c -f %s
+  become: true
+  notify: reload firewall
+
+- name: Enable nftables
+  service:
+    name: nftables
+    enabled: true
+    state: started
+  become: true

ansible/roles/ingress/tasks/main.yml

@@ -3,3 +3,6 @@
 
 - name: Configure nginx
   include_tasks: nginx.yml
+
+- name: Configure firewall
+  include_tasks: firewall.yml