diff --git a/README.md b/README.md
index a014242..5f5fcef 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,12 @@
 ansible playbook for solanum that supports hosts running debian or alpine
 
 ## setup
-- add new host to your hosts file
+- add new host to your ansible hosts file
 - run `solanum.yml` on new host to compile solanum
+- (optional) add your ssh key to ircd user
 - (optional) add your `ssl.pem` and `ssl.key` to `/home/ircd/ircd/etc/`. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to `openssl dhparam -out dh.pem 2048` in `/home/ircd/ircd/etc/` to make safe dh parameters!
-- run config.yml on the whole network
+- run `config.yml` on the whole network
+- run `enable.yml` on new host to enable and install the service file
 - repeat steps periodically for network maintainance
 
 ## hosts ini
diff --git a/config.yml b/config.yml
index 0fd3407..d796447 100644
--- a/config.yml
+++ b/config.yml
@@ -1,5 +1,5 @@
 - hosts: all
-  remote_user: root
+  remote_user: ircd
 
   tasks:
     - name: check for ssl cert
@@ -27,26 +27,7 @@
         src: challenge/
         dest: /home/ircd/ircd/challenge/
 
-    - name: create openrc service
-      template:
-        src: openrc.j2
-        dest: /etc/init.d/solanum
-        mode: 0755
-      when: ansible_distribution == 'Alpine'
-
-    - name: create systemd service
-      template:
-        src: systemd.j2
-        dest: /etc/systemd/system/solanum.service
-        mode: 0755
-      when: ansible_distribution == 'Debian'
-
-    - name: enable service
-      service:
-        name: solanum
-        state: started
-        enabled: yes
-      ignore_errors: yes
-
     - name: reload solanum
       command: killall -1 solanum
+      ignore_errors: yes
+
diff --git a/enable.yml b/enable.yml
new file mode 100644
index 0000000..4cf99d9
--- /dev/null
+++ b/enable.yml
@@ -0,0 +1,25 @@
+- hosts: all
+  remote_user: root
+
+  tasks:
+    - name: create openrc service
+      template:
+        src: openrc.j2
+        dest: /etc/init.d/solanum
+        mode: 0755
+      when: ansible_distribution == 'Alpine'
+
+    - name: create systemd service
+      template:
+        src: systemd.j2
+        dest: /etc/systemd/system/solanum.service
+        mode: 0755
+      when: ansible_distribution == 'Debian'
+
+    - name: enable service
+      service:
+        name: solanum
+        state: started
+        enabled: yes
+      ignore_errors: yes
+