I've updated my notes on nftables, so it works of 19.07.
The main loading of rules hasn't changed. However when I updated to 19.07 I could see that I think all nftables modules are loaded. Also I could stop iptable NAT loading by removing /etc/modules.d/ipt-nat, so the modules are still there, and just not loaded, which is easier than remove them.
Though I asks if there were any comments, anything to change or make better. In particular removing /etc/modules.d/ipt-nat means that:
Don't load. Its clear that ipt_MASQUERADE and iptable_nat should not be loaded, but I'm not sure about the xt_* modules. I need to look them up.
Any other thoughts let me know. I know I have to update how to let in ssh, to something safer than written. I do this when I come up with something better.