diff --git a/run.yml b/run.yml
index 635810a..d0da04f 100644
--- a/run.yml
+++ b/run.yml
@@ -12,7 +12,7 @@
   tasks:
     - import_tasks: tasks/essential.yml
     - import_tasks: tasks/firewall.yml
-    - import_tasks: tasks/blog-setup.yml
+    - import_tasks: tasks/blog.yml
     - import_tasks: tasks/gitea.yml
     - import_tasks: tasks/tor.yml
     - import_tasks: tasks/nginx.yml
diff --git a/tasks/blog-setup.yml b/tasks/blog.yml
similarity index 100%
rename from tasks/blog-setup.yml
rename to tasks/blog.yml
diff --git a/tasks/git.yml b/tasks/git.yml
index 1d62698..117e0b2 100644
--- a/tasks/git.yml
+++ b/tasks/git.yml
@@ -6,6 +6,9 @@
     owner: root
     mode: u=rw,g=,o=
 
+# make sure our vps trusts the github.com key signature. we pipe the output
+# of ssh-keyscan into .ssh/known_hosts
+
 - name: Scan for SSH host keys
   command: ssh-keyscan github.com 2>/dev/null
   register: ssh_scan
@@ -18,6 +21,9 @@
     mode: u=rw,g=,o=
     force: no # if we already have a known_hosts file, ignore!
 
+# this keypair is trusted under my github account, so it allows my vps to make pushes
+# to the main branch of my openpunk repository. (for my deadswitch: see static/blog/imdead.sh)
+
 - name: Install ssh priv key
   copy:
     src: secrets/id_ed25519