diff --git a/LESSONS_LEARNED.md b/LESSONS_LEARNED.md
deleted file mode 100644
index ee5d5ed..0000000
--- a/LESSONS_LEARNED.md
+++ /dev/null
@@ -1,12 +0,0 @@
-# Lessons Learned
-
-*   The `network` role in this repository is a powerful tool that sets up a complete network stack, including Nginx Proxy Manager for reverse proxying and `wireguard-easy` for a WireGuard web UI.
-*   The `gitea` and `postgres` roles use Docker Compose to deploy their respective services.
-*   Properly managing variables, especially secrets like passwords and API keys, is crucial. Using `group_vars` and a `.gitignore`d `secrets` directory is a good practice.
-*   It's important to have a clear plan and get user feedback before making any changes. The "planning mode" and "acting mode" paradigm is a good way to structure the workflow.
-*   The `docker` role proved problematic on Ubuntu 24.04 (`noble`) due to repository issues.
-*   Podman is a viable and simpler alternative to Docker for container management.
-*   Ansible modules designed for Docker (e.g., `community.docker.docker_compose_v2`, `docker_container`) are not directly compatible with Podman.
-*   `podman-compose` can be used with `ansible.builtin.shell` for managing `docker-compose.yml` files with Podman.
-*   `containers.podman.podman_container` is the direct replacement for `docker_container` for managing individual Podman containers.
-*   Ansible Vault is crucial for securely managing sensitive data like passwords in version control.
\ No newline at end of file
diff --git a/playbooks/roles/network/tasks/main.yml b/playbooks/roles/network/tasks/main.yml
index edeb574..ea4a7d8 100644
--- a/playbooks/roles/network/tasks/main.yml
+++ b/playbooks/roles/network/tasks/main.yml
@@ -5,4 +5,28 @@
     owner: root
     group: root
     mode: '0644'
-  become: true
\ No newline at end of file
+  become: true
+
+- name: Allow Nginx HTTP port
+  ansible.posix.firewalld:
+    port: 80/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  become: true
+
+- name: Allow Nginx HTTPS port
+  ansible.posix.firewalld:
+    port: 443/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  become: true
+
+- name: Allow Wireguard port
+  ansible.posix.firewalld:
+    port: 51820/udp
+    permanent: true
+    state: enabled
+    immediate: true
+  become: true
diff --git a/playbooks/roles/portainer/tasks/main.yml b/playbooks/roles/portainer/tasks/main.yml
index 032131b..4c73a53 100644
--- a/playbooks/roles/portainer/tasks/main.yml
+++ b/playbooks/roles/portainer/tasks/main.yml
@@ -20,3 +20,11 @@
   containers.podman.podman_container:
     name: portainer
     state: started
+
+- name: Allow Portainer UI port
+  ansible.posix.firewalld:
+    port: 9000/tcp
+    permanent: true
+    state: enabled
+    immediate: true
+  become: true