diff --git a/roles/matrix-base/tasks/setup_server_base.yml b/roles/matrix-base/tasks/setup_server_base.yml index 5a41bd731..f4a8352f2 100644 --- a/roles/matrix-base/tasks/setup_server_base.yml +++ b/roles/matrix-base/tasks/setup_server_base.yml @@ -23,7 +23,6 @@ - bash-completion - docker-ce - docker-python - - firewalld - ntp - fuse state: latest @@ -67,13 +66,6 @@ update_cache: yes when: ansible_os_family == 'Debian' -- name: Ensure firewalld is started and autoruns - service: - name: firewalld - state: started - enabled: yes - when: ansible_os_family == 'RedHat' - - name: Ensure Docker is started and autoruns service: name: docker diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 619ed3780..9f79f4c82 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -54,20 +54,6 @@ daemon_reload: yes when: "matrix_coturn_enabled and matrix_coturn_systemd_service_result.changed" -- name: Allow access to Coturn ports in firewalld - firewalld: - port: "{{ item }}" - state: enabled - immediate: yes - permanent: yes - with_items: - - '3478/tcp' - - '3478/udp' - - '5349/tcp' - - '5349/udp' - - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN - when: "matrix_coturn_enabled and ansible_os_family == 'RedHat'" - # This may be unnecessary when more long-lived certificates are used. # We optimize for the common use-case though (short-lived Let's Encrypt certificates). # Reloading doesn't hurt anyway, so there's no need to make this more flexible. diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index c0188a4e1..9f8345605 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -99,17 +99,6 @@ name: "{{ matrix_nginx_proxy_docker_image }}" when: matrix_nginx_proxy_enabled -- name: Allow access to nginx proxy ports in firewalld - firewalld: - service: "{{ item }}" - state: enabled - immediate: yes - permanent: yes - with_items: - - "http" - - "https" - when: "matrix_nginx_proxy_enabled and ansible_os_family == 'RedHat'" - - name: Ensure matrix-nginx-proxy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 16f7c2fe1..e4613ed78 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -33,17 +33,6 @@ - "{{ matrix_ssl_lets_encrypt_support_email }}" when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none" -- name: Allow access to HTTP/HTTPS in firewalld - firewalld: - service: "{{ item }}" - state: enabled - immediate: yes - permanent: yes - with_items: - - http - - https - when: "matrix_ssl_retrieval_method == 'lets-encrypt' and ansible_os_family == 'RedHat'" - - name: Ensure certbot Docker image is pulled docker_image: name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}" diff --git a/roles/matrix-synapse/tasks/setup_synapse_main.yml b/roles/matrix-synapse/tasks/setup_synapse_main.yml index e2d7baea3..388e28ce8 100644 --- a/roles/matrix-synapse/tasks/setup_synapse_main.yml +++ b/roles/matrix-synapse/tasks/setup_synapse_main.yml @@ -77,12 +77,3 @@ dest: "/usr/local/bin/matrix-synapse-register-user" mode: 0750 -- name: Allow access to Matrix ports in firewalld - firewalld: - port: "{{ item }}" - state: enabled - immediate: yes - permanent: yes - with_items: - - '8448/tcp' # Matrix federation - when: ansible_os_family == 'RedHat'