diff --git a/roles/nginx/files/nginx.conf b/roles/nginx/files/nginx.conf
index d098f1c..ad5b66e 100644
--- a/roles/nginx/files/nginx.conf
+++ b/roles/nginx/files/nginx.conf
@@ -2,7 +2,7 @@ user www-data;
 worker_processes auto;
 include /etc/nginx/modules-enabled/*.conf;
 pid /run/nginx.pid;
-
+ 
 events {
     worker_connections 768;
 }
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..4a1573a
--- /dev/null
+++ b/roles/nginx/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: setup-nginx
+  include_tasks: setup.yml
+  listen: "setup nginx"
\ No newline at end of file
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 46abc8f..8e12204 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,21 +1,9 @@
 ---
-
-# TODO: make idempotent
-- name: Remove default nginx config
-  file:
-    name: /etc/nginx/sites-enabled
-    state: absent
-
-# TODO: make idempotent
-- name: Restore sites-enabled
-  file:
-    name: /etc/nginx/sites-enabled
-    state: directory
-
 - name: Install system nginx config
   copy:
     src: nginx.conf
     dest: /etc/nginx/nginx.conf
+  notify: setup nginx
 
 # setup our configs for each host (we don't want to 
 # overwrite certbot's changes, so if it already exists,
@@ -26,30 +14,24 @@
     src: templates/site.conf
     dest: /etc/nginx/conf.d/{{ domain }}.conf
     force: no
+  notify: setup nginx
 
 - name: Install nginx config for git.{{ domain }}
   template:
     src: templates/gitea.conf
     dest: /etc/nginx/conf.d/git.{{ domain }}.conf
     force: no
+  notify: setup nginx
 
 - name: Install nginx config for our Hidden Service
   template:
     src: templates/tor.conf
     dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
     force: no
+  notify: setup nginx
 
-- name: Reload Nginx to install LetsEncrypt
-  service:
-    name: nginx
-    state: restarted
-
-# certbot is a life saver. thank you certbot devs!
-- name: Setup certbot
-  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
-
-- name: Reload Nginx with LetsEncrypt installed
+- name: Enable Nginx
   systemd:
     name: nginx
     enabled: yes
-    state: restarted
\ No newline at end of file
+    state: started
\ No newline at end of file
diff --git a/roles/nginx/tasks/setup.yml b/roles/nginx/tasks/setup.yml
new file mode 100644
index 0000000..fc146b6
--- /dev/null
+++ b/roles/nginx/tasks/setup.yml
@@ -0,0 +1,9 @@
+---
+- name: Setup certbot
+  shell: "certbot --nginx --non-interactive --agree-tos -m {{ contact_email }} -d {{ domain }} -d git.{{ domain }}"
+
+- name: Reload Nginx
+  systemd:
+    name: nginx
+    enabled: yes
+    state: restarted
\ No newline at end of file