roles/common: fix logic for copying AbuseIPDB.com nft sets

We have to force these because they are not updated on the host like
the other lists (API limit of five requests per day!). We update the
list periodically here in git.

roles/common/tasks/firewall_Debian.yml

@@ -36,13 +36,13 @@
 
   - name: Copy extra nftables configuration files
     when: ansible_distribution_major_version is version('11', '>=')
-    copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 force=no
+    copy: src={{ item.src }} dest=/etc/nftables/{{ item.src }} owner=root group=root mode=0644 force={{ item.force }}
     loop:
-      - spamhaus-ipv4.nft
-      - spamhaus-ipv6.nft
-      - abusech-ipv4.nft
-      - abuseipdb-ipv4.nft
-      - abuseipdb-ipv6.nft
+      - { src: "spamhaus-ipv4.nft", force: "no" }
+      - { src: "spamhaus-ipv6.nft", force: "no" }
+      - { src: "abusech-ipv4.nft", force: "no" }
+      - { src: "abuseipdb-ipv4.nft", force: "yes" }
+      - { src: "abuseipdb-ipv6.nft", force: "yes" }
     notify:
       - restart nftables
 

roles/common/tasks/firewall_Ubuntu.yml

@@ -42,13 +42,13 @@
 
   - name: Copy extra nftables configuration files
     when: ansible_distribution_version is version('20.04', '>=')
-    copy: src={{ item }} dest=/etc/nftables/{{ item }} owner=root group=root mode=0644 force=no
+    copy: src={{ item.src }} dest=/etc/nftables/{{ item.src }} owner=root group=root mode=0644 force={{ item.force }}
     loop:
-      - spamhaus-ipv4.nft
-      - spamhaus-ipv6.nft
-      - abusech-ipv4.nft
-      - abuseipdb-ipv4.nft
-      - abuseipdb-ipv6.nft
+      - { src: "spamhaus-ipv4.nft", force: "no" }
+      - { src: "spamhaus-ipv6.nft", force: "no" }
+      - { src: "abusech-ipv4.nft", force: "no" }
+      - { src: "abuseipdb-ipv4.nft", force: "yes" }
+      - { src: "abuseipdb-ipv6.nft", force: "yes" }
     notify:
       - restart nftables