---
# KVM/libvirt APT packages cannot be installed in the Docker Molecule container
# (no internet; KVM unusable in a container). This converge exercises only the
# nftables drop-in rendering via tasks_from, which IS meaningful in a container.
# The full role (packages/libvirt) is exercised by make test-integration.
#
# Coverage split:
#   Docker Molecule (this file): nftables drop-in rendering only.
#   make test-integration (ADR-025, real KVM): libvirt/KVM package install, cache
#     dir creation, and end-to-end VM lifecycle — the role's substrate tasks.
# The Docker scenario intentionally covers only the firewall drop-in; substrate
# coverage lives in the real-KVM integration harness, not here.
- name: Converge
  hosts: all
  become: true
  gather_facts: true
  tasks:
    - name: Include integration_test firewall tasks
      ansible.builtin.include_role:
        name: integration_test
        tasks_from: firewall.yml