--- # The Molecule Docker image ships with /var/lib/apt/lists/ cleared to minimise size. # KVM/libvirt packages cannot be installed in a container; converge only runs the # `firewall` tag. Pre-create /etc/nftables.d so the drop-in template task succeeds. - name: Prepare hosts: all become: true gather_facts: false tasks: - name: Create nftables drop-in dir (normally created by the config task) ansible.builtin.file: path: /etc/nftables.d state: directory mode: "0755"