From 7d3e1fc47fd4de1352064683211b6d30c9c59922 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Tue, 27 Jan 2026 17:49:42 -0700
Subject: [PATCH] add ports for syncthing - lock down later for home subs

---
 ansible/roles/syncthing/tasks/main.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ansible/roles/syncthing/tasks/main.yaml b/ansible/roles/syncthing/tasks/main.yaml
index 74b2aba..45ad79c 100644
--- a/ansible/roles/syncthing/tasks/main.yaml
+++ b/ansible/roles/syncthing/tasks/main.yaml
@@ -19,3 +19,20 @@
   args:
     chdir: /root/syncthing
 
+- name: Permit traffic in default zone on port 8384/tcp
+  ansible.posix.firewalld:
+    port: 8384/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+
+- name: Permit traffic in default zone on port 22000/tcp
+  ansible.posix.firewalld:
+    port: 22000/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+
+