diff --git a/playbooks/group_vars/db.yml b/playbooks/group_vars/db.yml
index b176ce3d..4931128a 100644
--- a/playbooks/group_vars/db.yml
+++ b/playbooks/group_vars/db.yml
@@ -40,10 +40,3 @@ postgresql_ssl_certificate:
 firewalld_rich_rules:
   - zone: "internal"
     rule: "family=ipv4 source address={{ web_server.subnet | default(web_server.ip + '/32') }} port protocol=tcp port={{ db_server.port }} accept"
-
-# mirsg.infrastructure.firewalld
-firewalld_internal_zone_sources:
-  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
-
-firewalld_internal_zone_open_services:
-  - "postgresql"
diff --git a/playbooks/molecule/resources/omero/inventory/group_vars/db.yml b/playbooks/molecule/resources/omero/inventory/group_vars/db.yml
new file mode 100644
index 00000000..e985a07b
--- /dev/null
+++ b/playbooks/molecule/resources/omero/inventory/group_vars/db.yml
@@ -0,0 +1,7 @@
+---
+# mirsg.infrastructure.firewalld
+firewalld_internal_zone_sources:
+  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
+
+firewalld_internal_zone_open_services:
+  - postgresql
diff --git a/playbooks/molecule/resources/xnat/inventory/group_vars/db.yml b/playbooks/molecule/resources/xnat/inventory/group_vars/db.yml
new file mode 100644
index 00000000..e985a07b
--- /dev/null
+++ b/playbooks/molecule/resources/xnat/inventory/group_vars/db.yml
@@ -0,0 +1,7 @@
+---
+# mirsg.infrastructure.firewalld
+firewalld_internal_zone_sources:
+  - "{{ web_server.subnet | default(web_server.ip + '/32') }}"
+
+firewalld_internal_zone_open_services:
+  - postgresql