From bdd381df4420e5d3fbe6b8f6f53565ac7a0c2b8f Mon Sep 17 00:00:00 2001
From: Matchu <matchu1993@gmail.com>
Date: Thu, 12 Oct 2023 15:01:47 -0700
Subject: [PATCH] Clarify a note in the deploy playbook

Looking back at this now I'm just like. Oh right, of course, we don't have passwordless access to *become root*, so of course Ansible's strategy of becoming root and then running the playbook step was failing!
---
 deploy/deploy.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/deploy/deploy.yml b/deploy/deploy.yml
index ac5c594e..887a1bbb 100644
--- a/deploy/deploy.yml
+++ b/deploy/deploy.yml
@@ -76,9 +76,10 @@
     # NOTE: This uses the passwordless sudo rule we set up in deploy:setup.
     # We write it as a command rather than using the built-in `systemd` Ansible
     # module, to make sure we're invoking it exactly as we wrote in that rule.
-    # TODO: I'm not sure why it works to write `sudo` in the command instead of
-    # `become_user: root`, which complains about the missing sudo password, which
-    # we already fixed for the rest of the playbook I thought?
+    #
+    # NOTE: We use `sudo` instead of `become_user: root`, because we don't have
+    # permission to *become* the root user; we only have permission to run this
+    # one command as them.
     - name: Restart the app
       become: no
       command: sudo systemctl restart impress