diff --git a/roles/nginx/tasks/main.json b/roles/nginx/tasks/main.json
index 9748e6d..0ef3b0e 100644
--- a/roles/nginx/tasks/main.json
+++ b/roles/nginx/tasks/main.json
@@ -5,73 +5,10 @@
 		"ansible.builtin.apt": {
 			"update_cache": true,
 			"pkg": [
-				"nginx",
-				"openssl"
+				"nginx"
 			]
 		}
 	},
-	{
-		"name": "generate dhparams file",
-		"become": true,
-		"ansible.builtin.command": {
-			"cmd": "openssl dhparam -out /etc/nginx/dhparam 4096"
-		},
-		"args": {
-			"creates": "/etc/nginx/dhparam"
-		}
-	},
-	{
-		"name": "place hardening config",
-		"become": true,
-		"ansible.builtin.copy": {
-			"src": "ssl-hardening.conf",
-			"dest": "/etc/nginx/ssl-hardening.conf"
-		}
-	},
-	{
-		"name": "ufw | check",
-		"become": true,
-		"check_mode": true,
-		"community.general.ufw": {
-			"state": "enabled"
-		},
-		"register": "ufw_enable_check"
-	},
-	{
-		"name": "ufw | allow port 80",
-		"when": "not ufw_enable_check.changed",
-		"become": true,
-		"community.general.ufw": {
-			"rule": "allow",
-			"port": "80",
-			"proto": "tcp"
-		}
-	},
-	{
-		"name": "ufw | allow port 443",
-		"when": "not ufw_enable_check.changed",
-		"become": true,
-		"community.general.ufw": {
-			"rule": "allow",
-			"port": "443",
-			"proto": "tcp"
-		}
-	},
-	{
-		"name": "auto reload",
-		"when": "var_nginx_auto_reload_interval == None",
-		"become": true,
-		"ansible.builtin.cron": {
-			"name": "nginx_auto_reload",
-			"disabled": true,
-			"minute": "0",
-			"hour": "*/{{var_nginx_auto_reload_interval | string}}",
-			"day": "*",
-			"month": "*",
-			"weekday": "*",
-			"job": "systemctl reload nginx"
-		}
-	},
 	{
 		"name": "auto reload",
 		"when": "var_nginx_auto_reload_interval != None",