diff --git a/tasks/blog.yml b/roles/blog/tasks/main.yml
similarity index 82%
rename from tasks/blog.yml
rename to roles/blog/tasks/main.yml
index b6cf33e..9f29ed5 100644
--- a/tasks/blog.yml
+++ b/roles/blog/tasks/main.yml
@@ -4,6 +4,7 @@
     repo: "https://github.com/CPunch/openpunk.git"
     dest: "/var/www/{{ domain }}"
 
+# TODO: make idempotent
 - name: Build blog
   command:
     cmd: hugo
@@ -11,7 +12,7 @@
 
 - name: Install updateBlog script
   template:
-    src: templates/blog/updateBlog
+    src: templates/updateBlog
     dest: /usr/local/bin/updateBlog
     mode: u+rx
 
diff --git a/templates/blog/updateBlog b/roles/blog/templates/updateBlog
similarity index 100%
rename from templates/blog/updateBlog
rename to roles/blog/templates/updateBlog
diff --git a/static/blog/deadswitch b/roles/deadswitch/files/deadswitch
similarity index 100%
rename from static/blog/deadswitch
rename to roles/deadswitch/files/deadswitch
diff --git a/static/blog/imdead.sh b/roles/deadswitch/files/imdead.sh
similarity index 100%
rename from static/blog/imdead.sh
rename to roles/deadswitch/files/imdead.sh
diff --git a/tasks/deadswitch.yml b/roles/deadswitch/tasks/main.yml
similarity index 90%
rename from tasks/deadswitch.yml
rename to roles/deadswitch/tasks/main.yml
index ca5c593..19f145b 100644
--- a/tasks/deadswitch.yml
+++ b/roles/deadswitch/tasks/main.yml
@@ -6,13 +6,13 @@
 
 - name: Install deadswitch script
   copy:
-    src: static/blog/deadswitch
+    src: deadswitch
     dest: /usr/local/bin/deadswitch
     mode: u+rx
 
 - name: Install imdead.sh
   copy:
-    src: static/blog/imdead.sh
+    src: imdead.sh
     dest: /root/deadman/imdead.sh
     mode: u+rx
 
@@ -22,6 +22,7 @@
     dest: /root/deadman/dead.patch
     mode: u+rw
 
+# TODO: make idempotent
 - name: Install deadtrigger
   file:
     name: /root/.deadtrigger
diff --git a/static/.zshrc b/roles/essential/files/.zshrc
similarity index 100%
rename from static/.zshrc
rename to roles/essential/files/.zshrc
diff --git a/tasks/essential.yml b/roles/essential/tasks/main.yml
similarity index 90%
rename from tasks/essential.yml
rename to roles/essential/tasks/main.yml
index 54f47c1..687fa8e 100644
--- a/tasks/essential.yml
+++ b/roles/essential/tasks/main.yml
@@ -1,7 +1,9 @@
 ---
+# TODO: make idempotent
 - name: Add Gitea repo key
   shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import
 
+# TODO: make idempotent
 - name: Set key perms
   shell: sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
 
@@ -30,6 +32,7 @@
       - zsh # :D
       - python3-certbot-nginx
 
+# TODO: make idempotent
 - name: Setup default shell (zsh)
   shell: chsh -s /usr/bin/zsh
 
@@ -41,6 +44,6 @@
 
 - name: Install .zshrc
   copy:
-    src: static/.zshrc
+    src: .zshrc
     dest: /root/.zshrc
     force: no
\ No newline at end of file
diff --git a/static/fail2ban/jails.local b/roles/firewall/files/jails.local
similarity index 100%
rename from static/fail2ban/jails.local
rename to roles/firewall/files/jails.local
diff --git a/tasks/firewall.yml b/roles/firewall/tasks/main.yml
similarity index 90%
rename from tasks/firewall.yml
rename to roles/firewall/tasks/main.yml
index e3db21c..3d11d67 100644
--- a/tasks/firewall.yml
+++ b/roles/firewall/tasks/main.yml
@@ -23,7 +23,7 @@
 
 - name: Copy fail2ban jail config
   copy:
-    src: static/fail2ban/jails.local
+    src: jails.local
     dest: /etc/fail2ban/jail.d/jails.local
 
 - name: Enable fail2ban service
diff --git a/static/.gitconfig b/roles/git/files/.gitconfig
similarity index 100%
rename from static/.gitconfig
rename to roles/git/files/.gitconfig
diff --git a/tasks/git.yml b/roles/git/tasks/main.yml
similarity index 92%
rename from tasks/git.yml
rename to roles/git/tasks/main.yml
index 117e0b2..646e5fa 100644
--- a/tasks/git.yml
+++ b/roles/git/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Setup git config
   copy:
-    src: static/.gitconfig
+    src: .gitconfig
     dest: /root/.gitconfig
     owner: root
     mode: u=rw,g=,o=
@@ -9,6 +9,7 @@
 # make sure our vps trusts the github.com key signature. we pipe the output
 # of ssh-keyscan into .ssh/known_hosts
 
+# TODO: make idempotent
 - name: Scan for SSH host keys
   command: ssh-keyscan github.com 2>/dev/null
   register: ssh_scan
diff --git a/tasks/gitea.yml b/roles/gitea/tasks/main.yml
similarity index 80%
rename from tasks/gitea.yml
rename to roles/gitea/tasks/main.yml
index d8203d5..83f1756 100644
--- a/tasks/gitea.yml
+++ b/roles/gitea/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Configure Gitea
   template:
-    src: templates/gitea/app.ini
+    src: app.ini
     dest: /etc/gitea/app.ini
     owner: gitea
     force: no # we don't want to kill our existing config D:
diff --git a/templates/gitea/app.ini b/roles/gitea/templates/app.ini
similarity index 100%
rename from templates/gitea/app.ini
rename to roles/gitea/templates/app.ini
diff --git a/static/goaccess/goaccess.conf b/roles/goaccess/files/goaccess.conf
similarity index 100%
rename from static/goaccess/goaccess.conf
rename to roles/goaccess/files/goaccess.conf
diff --git a/tasks/goaccess.yml b/roles/goaccess/tasks/main.yml
similarity index 66%
rename from tasks/goaccess.yml
rename to roles/goaccess/tasks/main.yml
index 8f9d53e..1d9a861 100644
--- a/tasks/goaccess.yml
+++ b/roles/goaccess/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: Copy goaccess config
   copy:
-    src: static/goaccess/goaccess.conf
+    src: goaccess.conf
     dest: /etc/goaccess/goaccess.conf
diff --git a/static/nginx/nginx.conf b/roles/nginx/files/nginx.conf
similarity index 100%
rename from static/nginx/nginx.conf
rename to roles/nginx/files/nginx.conf
diff --git a/tasks/nginx.yml b/roles/nginx/tasks/main.yml
similarity index 86%
rename from tasks/nginx.yml
rename to roles/nginx/tasks/main.yml
index edd90f3..46abc8f 100644
--- a/tasks/nginx.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,9 +1,12 @@
 ---
+
+# TODO: make idempotent
 - name: Remove default nginx config
   file:
     name: /etc/nginx/sites-enabled
     state: absent
 
+# TODO: make idempotent
 - name: Restore sites-enabled
   file:
     name: /etc/nginx/sites-enabled
@@ -11,7 +14,7 @@
 
 - name: Install system nginx config
   copy:
-    src: static/nginx/nginx.conf
+    src: nginx.conf
     dest: /etc/nginx/nginx.conf
 
 # setup our configs for each host (we don't want to 
@@ -20,19 +23,19 @@
 
 - name: Install nginx config for {{ domain }}
   template:
-    src: templates/nginx/site.conf
+    src: templates/site.conf
     dest: /etc/nginx/conf.d/{{ domain }}.conf
     force: no
 
 - name: Install nginx config for git.{{ domain }}
   template:
-    src: templates/nginx/gitea.conf
+    src: templates/gitea.conf
     dest: /etc/nginx/conf.d/git.{{ domain }}.conf
     force: no
 
 - name: Install nginx config for our Hidden Service
   template:
-    src: templates/nginx/tor.conf
+    src: templates/tor.conf
     dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
     force: no
 
diff --git a/templates/nginx/gitea.conf b/roles/nginx/templates/gitea.conf
similarity index 100%
rename from templates/nginx/gitea.conf
rename to roles/nginx/templates/gitea.conf
diff --git a/templates/nginx/site.conf b/roles/nginx/templates/site.conf
similarity index 100%
rename from templates/nginx/site.conf
rename to roles/nginx/templates/site.conf
diff --git a/templates/nginx/tor.conf b/roles/nginx/templates/tor.conf
similarity index 100%
rename from templates/nginx/tor.conf
rename to roles/nginx/templates/tor.conf
diff --git a/tasks/tor.yml b/roles/tor/tasks/main.yml
similarity index 88%
rename from tasks/tor.yml
rename to roles/tor/tasks/main.yml
index 1caacb0..88c0509 100644
--- a/tasks/tor.yml
+++ b/roles/tor/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install torrc
   template:
-    src: templates/tor/torrc
+    src: torrc
     dest: /etc/tor/torrc
     owner: root
     group: root
@@ -23,7 +23,7 @@
     group: debian-tor
     mode: u=rw,g=,o=
 
-- name: Reload Tor
+- name: Enable Tor Service
   systemd:
     name: tor
     enabled: yes
diff --git a/templates/tor/torrc b/roles/tor/templates/torrc
similarity index 100%
rename from templates/tor/torrc
rename to roles/tor/templates/torrc
diff --git a/run.yml b/run.yml
index d0da04f..7e7a361 100644
--- a/run.yml
+++ b/run.yml
@@ -9,13 +9,13 @@
       prompt: domain pointing to the vps
       private: no
 
-  tasks:
-    - import_tasks: tasks/essential.yml
-    - import_tasks: tasks/firewall.yml
-    - import_tasks: tasks/blog.yml
-    - import_tasks: tasks/gitea.yml
-    - import_tasks: tasks/tor.yml
-    - import_tasks: tasks/nginx.yml
-    - import_tasks: tasks/git.yml
-    - import_tasks: tasks/goaccess.yml
-    - import_tasks: tasks/deadswitch.yml
\ No newline at end of file
+  roles:
+    - essential
+    - git
+    - deadswitch
+    - firewall
+    - blog
+    - gitea
+    - nginx
+    - goaccess
+    - tor
\ No newline at end of file