From e5dc6ac404a3e99154b25834a6209fdade5fe59e Mon Sep 17 00:00:00 2001
From: Von Random <von@mechanus.net>
Date: Thu, 3 Oct 2024 02:38:51 +0300
Subject: [PATCH] update comments, realign steps

---
 roles/docker/tasks/main.yml     |  2 ++
 roles/iconserver/tasks/main.yml | 12 +++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 2970320..feffdb8 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -11,6 +11,8 @@
     gpgkey: https://download.docker.com/linux/centos/gpg
     gpgcheck: true
 
+# while debian repo seems to work perfectly fine for ubuntu, there is a separate one
+# to keep things simple we'll just use fact variables instead of checking and hard coding
 - name: Set up repo for apt
   when: ansible_os_family == "Debian"
   block:
diff --git a/roles/iconserver/tasks/main.yml b/roles/iconserver/tasks/main.yml
index e93c27b..51601ce 100644
--- a/roles/iconserver/tasks/main.yml
+++ b/roles/iconserver/tasks/main.yml
@@ -1,9 +1,5 @@
 ---
-- name: Install dependencies
-  ansible.builtin.package:
-    name: python3-cryptography
-    state: present
-
+# this can accomodate for permissions if necessary, just use list of dicts
 - name: Create directories
   loop:
     - /containers/compose/iconserver
@@ -13,6 +9,7 @@
     state: directory
     recurse: true
 
+# this too
 - name: Install files from templates
   loop:
     - containers/compose/iconserver/compose.yml
@@ -24,6 +21,11 @@
 # I would assume it does not matter how we get the self signed cert to the host
 # so it's nicer (and safer) to generate one for each of the hosts.
 # Another option is to pre-generate it and store it in ansible-vault.
+- name: Install dependencies
+  ansible.builtin.package:
+    name: python3-cryptography
+    state: present
+
 - name: Create openssl key
   community.crypto.openssl_privatekey:
     path: /containers/data/nginx/conf.d/iconserver.key