Just a followup, since I was working on applying netdev-family rules after interface creation on some of my own systems. Assuming you are using a system with systemd and udev, you can do something like this:
/etc/udev/rules.d/99-nftables-netdev.rules
----
SUBSYSTEM=="net", KERNEL=="enp1s0f0", ACTION=="add", ENV{SYSTEMD_WANTS}+="nftables-netdev@enp1s0f0.service"
----
/etc/systemd/system/nftables-netdev@.service
----
[Unit]
Description=nftables-netdev for an interface
[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
ProtectSystem=full
ProtectHome=true
ExecStart=/usr/sbin/nft --includepath /etc/nftables.d --file /etc/nftables.d/netdev-%I.nft
ExecReload=/usr/sbin/nft --includepath /etc/nftables.d --file /etc/nftables.d/netdev-%I.nft --check
ExecReload=/usr/sbin/nft --includepath /etc/nftables.d --file /etc/nftables.d/netdev-%I.nft
----
With these in place, you can create a file named /etc/nftables.d/netdev-enp1s0f0.nft containing the 'nft' commands you wish to run when that interface appears. This will work for physical interfaces (in which case the udev rule will be triggered during the transition from early-userspace to regular userspace when the device addition events are replayed) and for virtual interfaces (in which case the udev rule will be triggered immediately after the interface is created).
