---
- name: Ensure epel-release and firewalld are installed
  ansible.builtin.dnf:
    name:
      - epel-release
      - firewalld
      - rocky-release-core
    state: present
  notify:
    - enable_firewalld
    - enable_crb
    - enable_core_infra

# We need this immediately.
- name: Flush handlers
  ansible.builtin.meta: flush_handlers

- name: Ensure 'dns=none' is set for Network Manager
  community.general.ini_file:
    path: /etc/NetworkManager/NetworkManager.conf
    state: present
    no_extra_spaces: true
    section: main
    option: dns
    value: none
    owner: root
    group: root
    mode: '0644'
    backup: true
  notify:
    - reload_networkmanager

- name: Install ipa-fas
  ansible.builtin.dnf:
    name: ipa-fas
    state: present

- name: Open firewalld service before hand
  ansible.posix.firewalld:
    service: freeipa-4
    permanent: true
    immediate: true
    state: enabled
...