update comments, realign steps

roles/docker/tasks/main.yml

@@ -11,6 +11,8 @@
     gpgkey: https://download.docker.com/linux/centos/gpg
     gpgcheck: true
 
+# while debian repo seems to work perfectly fine for ubuntu, there is a separate one
+# to keep things simple we'll just use fact variables instead of checking and hard coding
 - name: Set up repo for apt
   when: ansible_os_family == "Debian"
   block:

roles/iconserver/tasks/main.yml

@@ -1,9 +1,5 @@
 ---
-- name: Install dependencies
+# this can accomodate for permissions if necessary, just use list of dicts
-  ansible.builtin.package:
-    name: python3-cryptography
-    state: present
-
 - name: Create directories
   loop:
     - /containers/compose/iconserver
@@ -13,6 +9,7 @@
     state: directory
     recurse: true
 
+# this too
 - name: Install files from templates
   loop:
     - containers/compose/iconserver/compose.yml
@@ -24,6 +21,11 @@
 # I would assume it does not matter how we get the self signed cert to the host
 # so it's nicer (and safer) to generate one for each of the hosts.
 # Another option is to pre-generate it and store it in ansible-vault.
+- name: Install dependencies
+  ansible.builtin.package:
+    name: python3-cryptography
+    state: present
+
 - name: Create openssl key
   community.crypto.openssl_privatekey:
     path: /containers/data/nginx/conf.d/iconserver.key