diff --git a/roles/yoda_external_user_service/tasks/main.yml b/roles/yoda_external_user_service/tasks/main.yml
index de0fcb963..6927a10e6 100644
--- a/roles/yoda_external_user_service/tasks/main.yml
+++ b/roles/yoda_external_user_service/tasks/main.yml
@@ -1,6 +1,15 @@
 ---
 # copyright Utrecht University
 
+# EUS depends on the Yoda portal for theming information. So running mismatched versions
+# can result in unexpected errors.
+- name: Check whether Yoda portal version matches EUS version
+  ansible.builtin.fail: # noqa ignore-errors
+    msg: "Warning: mismatched EUS and portal version can result in EUS theming problems."
+  when: "yoda_portal_version != yoda_eus_version"
+  ignore_errors: true
+
+
 - name: Remove no longer used Yoda External User Service dependencies
   ansible.builtin.package:
     name:
@@ -10,15 +19,44 @@
       - php-PHPMailer
     state: absent
 
+
+- name: Ensure yodadeployment user exists
+  ansible.builtin.user:
+    name: "{{ yoda_deployment_user }}"
+
+
+- name: Ensure parent directories for EUS repositories are accessible
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ yoda_deployment_user }}"
+    group: "{{ yoda_deployment_user }}"
+    mode: '0711'
+  with_items:
+    - /var/www/extuser
+    - /var/www/yoda
+
+
+- name: Check out Yoda portal for themes used by External User Service
+  become_user: "{{ yoda_deployment_user }}"
+  become: true
+  ansible.builtin.git:
+    repo: "https://github.com/UtrechtUniversity/yoda-portal.git"
+    dest: "/var/www/yoda"
+    version: "{{ yoda_portal_version }}"
+    force: true
+  when: "'portals' not in group_names"
+
+
 - name: Generate Flask secret key
-  ansible.builtin.shell: openssl rand -base64 32 > /var/www/yoda/flask_secret_key
-    creates=/var/www/yoda/flask_secret_key
+  ansible.builtin.shell: openssl rand -base64 32 > /var/www/extuser/flask_secret_key
+    creates=/var/www/extuser/flask_secret_key
   when: not ansible_check_mode and flask_secret_key is not defined
 
 
 - name: Retrieve Flask secret key
   ansible.builtin.slurp:
-    src: /var/www/yoda/flask_secret_key
+    src: /var/www/extuser/flask_secret_key
   register: secret_key
   when: not ansible_check_mode and flask_secret_key is not defined
 
@@ -37,32 +75,6 @@
     persistent: true
 
 
-- name: Ensure yodadeployment user exists
-  ansible.builtin.user:
-    name: "{{ yoda_deployment_user }}"
-
-
-- name: Ensure parent directories for EUS repositories are accessible
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ yoda_deployment_user }}"
-    group: "{{ yoda_deployment_user }}"
-    mode: '0711'
-  with_items:
-    - /var/www/extuser
-    - /var/www/yoda
-
-
-# EUS depends on the Yoda portal for theming information. So running mismatched versions
-# can result in unexpected errors.
-- name: Check whether Yoda portal version matches EUS version
-  ansible.builtin.fail: # noqa ignore-errors
-    msg: "Warning: mismatched EUS and portal version can result in EUS theming problems."
-  when: "yoda_portal_version != yoda_eus_version"
-  ignore_errors: true
-
-
 - name: Checkout Yoda External User Service source
   become_user: "{{ yoda_deployment_user }}"
   become: true
@@ -73,17 +85,6 @@
     force: true
 
 
-- name: Check out Yoda portal for themes used by External User Service
-  become_user: "{{ yoda_deployment_user }}"
-  become: true
-  ansible.builtin.git:
-    repo: "https://github.com/UtrechtUniversity/yoda-portal.git"
-    dest: "/var/www/yoda"
-    version: "{{ yoda_portal_version }}"
-    force: true
-  when: "'portals' not in group_names"
-
-
 - name: Check portal version for cache buster
   become_user: "{{ yoda_deployment_user }}"
   become: true