diff --git a/README.md b/README.md
index 1777ae5..2ae01aa 100644
--- a/README.md
+++ b/README.md
@@ -77,7 +77,12 @@ Now access the admin panel with the user account you created earlier: http://loc
 
 ## Troubleshooting
 
-- Issues with migrating database tables in SQLite during development? Try `./manage.py migrate --fake`
+Issues with migrating database tables in SQLite during development? Try `./manage.py migrate --fake`
+
+Having trouble installing any packages with npm or yarn? Add IPv6 addresses to your hosts:
+
+   2606:4700::6810:1823 registry.npmjs.org
+   2606:4700::6810:1123 registry.yarnpkg.com
 
 ## Production notes
 
@@ -85,14 +90,10 @@ We use [Ansible](https://www.ansible.com) and [Docker Compose](https://docs.dock
 
 To use Docker Compose to manually deploy the site, copy `ansible/roles/web/templates/docker-compose.j2` to `/docker-compose.yml` and fill in all `{{ variables }}`. This can also be done automatically in Ansible.
 
-Install or update the following roles from [Ansible Galaxy](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html) to use our scripts:
+To update all roles from [Ansible Galaxy](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html) used in our install scripts:
 
 ```
-ansible-galaxy install \
-   dev-sec.nginx-hardening \
-   dev-sec.ssh-hardening \
-   dev-sec.os-hardening \
-   geerlingguy.nodejs
+ansible-galaxy install `ls ansible/roles -x -I wagtail` --force
 ```
 
 To check that the scripts and roles are correctly installed, use this command to do a "dry run":
@@ -123,14 +124,6 @@ You can also use the `gitrepo` parameter to use a different fork of the source c
 
 Once the basic system set up, i.e. you have an `ansible` user in the sudoers and docker group, you are ready to run the playbook.
 
-The typical order of deployment is:
-
-- internet.yaml
-- docker.yaml
-- node.yaml
-- web.yaml
-- wagtail.yaml
-
 ### Production releases
 
 For further deployment and system maintenance we have a `Makefile` which automates Docker Compose tasks. This should be converted to use [Ansible Container](http://docs.ansible.com/ansible-container/getting_started.html). In the meantime, start a release with Ansible, then complete it using `make`, i.e.:
diff --git a/ansible/internet.yaml b/ansible/alpha.yaml
similarity index 78%
rename from ansible/internet.yaml
rename to ansible/alpha.yaml
index 33284c0..1cb894f 100644
--- a/ansible/internet.yaml
+++ b/ansible/alpha.yaml
@@ -3,13 +3,10 @@
   gather_facts: True
   vars:
     ssh_server_ports: "{{ vault_ssh_server_ports }}"
-    nginx_add_header: []
     sysctl_overwrite:
       # Enable IPv4 traffic forwarding.
       net.ipv4.ip_forward: 1
   roles:
     - role: dev-sec.os-hardening
     - role: dev-sec.ssh-hardening
-    - role: nginxinc.nginx
-    - role: dev-sec.nginx-hardening
     - role: jnv.unattended-upgrades
diff --git a/ansible/nginx.yaml b/ansible/nginx.yaml
new file mode 100644
index 0000000..4a7e48e
--- /dev/null
+++ b/ansible/nginx.yaml
@@ -0,0 +1,8 @@
+- hosts: webservers
+  become: True
+  gather_facts: True
+  vars:
+    nginx_add_header: []
+  roles:
+    - role: nginxinc.nginx
+    - role: dev-sec.nginx-hardening
diff --git a/ansible/node.yaml b/ansible/node.yaml
index aa33fae..645ca9e 100644
--- a/ansible/node.yaml
+++ b/ansible/node.yaml
@@ -6,4 +6,5 @@
     - role: geerlingguy.nodejs
       nodejs_install_npm_user: ansible
       nodejs_npm_global_packages:
+        - name: yarn
         - name: grunt-cli
diff --git a/ansible/roles/wagtail/tasks/install.yaml b/ansible/roles/wagtail/tasks/install.yaml
index d49d5f1..76e95df 100644
--- a/ansible/roles/wagtail/tasks/install.yaml
+++ b/ansible/roles/wagtail/tasks/install.yaml
@@ -1,9 +1,21 @@
 ---
 
+- name: Ensure Make is installed
+  become: true
+  apt:
+    pkg: make
+
 - name: Create release directory
   file: path={{ release_dir }} state=directory owner=ansible group=ansible mode=u=rwX,g=rX,o=rX
   become: true
 
+- name: Checkout code branch from git
+  git:
+    dest: "{{ release_dir }}"
+    repo: "{{ gitrepo }}"
+    version: "{{ gitversion }}"
+    force: true
+
 - name: Create media directory
   file: path={{ release_dir }}/media state=directory owner=ansible group=www-data
   become: true
@@ -11,40 +23,3 @@
 - name: Set media directory permissions
   file: dest={{ release_dir }}/media owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes
   become: true
-
-- name: Checkout code branch from git
-  git:
-    dest: "{{ release_dir }}"
-    repo: "{{ gitrepo }}"
-    version: "{{ gitversion }}"
-    force: false
-
-- name: Copy Docker site configuration
-  template:
-    src: docker-compose.j2
-    dest: "{{ release_dir }}/docker-compose.yml"
-
-- name: Ensure Make is installed
-  become: true
-  apt:
-    pkg: make
-
-- name: Deploy Wagtail site on Docker
-  shell: make build-cached
-  args:
-    chdir: "{{ release_dir }}"
-
-- name: Start Wagtail site
-  shell: make run
-  args:
-    chdir: "{{ release_dir }}"
-
-- name: Prepare compress frontend
-  shell: make compress
-  args:
-    chdir: "{{ release_dir }}"
-
-- name: Finish setup of Wagtail site
-  shell: make setup EMAIL={{ email_admin }}
-  args:
-    chdir: "{{ release_dir }}"
diff --git a/ansible/roles/wagtail/tasks/main.yaml b/ansible/roles/wagtail/tasks/main.yaml
index 2275ffc..2f6e969 100644
--- a/ansible/roles/wagtail/tasks/main.yaml
+++ b/ansible/roles/wagtail/tasks/main.yaml
@@ -1,13 +1,17 @@
 ---
 
-- include: frontend.yaml
-  tags:
-    - frontend
-
 - include: install.yaml
   tags:
     - install
 
+- include: packages.yaml
+  tags:
+    - packages
+
 - include: release.yaml
   tags:
     - release
+
+- include: setup.yaml
+  tags:
+    - setup
diff --git a/ansible/roles/wagtail/tasks/frontend.yaml b/ansible/roles/wagtail/tasks/packages.yaml
similarity index 65%
rename from ansible/roles/wagtail/tasks/frontend.yaml
rename to ansible/roles/wagtail/tasks/packages.yaml
index 68da353..49745b0 100644
--- a/ansible/roles/wagtail/tasks/frontend.yaml
+++ b/ansible/roles/wagtail/tasks/packages.yaml
@@ -12,32 +12,6 @@
   file: dest={{ release_dir }}/static owner=ansible group=www-data mode=u=rwX,g=rX,o=rX recurse=yes
   become: true
 
-- name: Install JavaScript Yarn
-  become: true
-  npm:
-    name: yarn
-    global: true
-
-- name: Link the Yarn executable
-  become: true
-  file:
-    src: "/usr/local/lib/npm/bin/yarn"
-    dest: "/usr/local/bin/yarn"
-    state: link
-
-- name: Install JavaScript Grunt
-  become: true
-  yarn:
-    name: grunt-cli
-    global: true
-
-- name: Link the Grunt executable
-  become: true
-  file:
-    src: "/usr/local/lib/npm/bin/grunt"
-    dest: "/usr/local/bin/grunt"
-    state: link
-
 - name: Install JavaScript packages with Yarn
   yarn:
     path: "{{ release_dir }}"
diff --git a/ansible/roles/wagtail/tasks/setup.yaml b/ansible/roles/wagtail/tasks/setup.yaml
new file mode 100644
index 0000000..4bd5732
--- /dev/null
+++ b/ansible/roles/wagtail/tasks/setup.yaml
@@ -0,0 +1,26 @@
+---
+
+- name: Copy Docker site configuration
+  template:
+    src: docker-compose.j2
+    dest: "{{ release_dir }}/docker-compose.yml"
+
+- name: Deploy Wagtail site on Docker
+  shell: make build-cached
+  args:
+    chdir: "{{ release_dir }}"
+
+- name: Start Wagtail site
+  shell: make run
+  args:
+    chdir: "{{ release_dir }}"
+
+- name: Prepare compress frontend
+  shell: make compress
+  args:
+    chdir: "{{ release_dir }}"
+
+- name: Finish setup of Wagtail site
+  shell: make setup EMAIL={{ email_admin }}
+  args:
+    chdir: "{{ release_dir }}"