diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f9abfbc..048de67 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,16 +14,31 @@ tf-validate:
     - terraform init
     - terraform validate
 
-tf-plan:
+tf-plan-private:
   stage: tf-plan
   script:
     - terraform init
     - terraform plan -out plan.tfplan
+  environment:
+    name: Just Jammin
+    url: https://ejam.vereto.net    
   artifacts:
     paths:
       - plan.tfplan
 
-tf-apply-private:
+tf-plan-public:
+  stage: tf-plan
+  script:
+    - terraform init
+    - terraform plan -out plan.tfplan -var="broadcast_enabled=true"
+  environment:
+    name: Public Jammin
+    url: https://ejam.vereto.net
+  artifacts:
+    paths:
+      - plan.tfplan
+
+tf-apply:
   stage: tf-apply
   image:
     name: hashicorp/terraform
@@ -35,9 +50,6 @@ tf-apply-private:
   script:
     - terraform init
     - terraform apply plan.tfplan
-  environment:
-    name: Just Jammin
-    url: https://ejam.vereto.net
   dependencies:
     - tf-plan
   when: manual
@@ -55,10 +67,7 @@ tf-apply-public:
     - chmod 600 jamulus.pem
   script:
     - terraform init
-    - terraform apply plan.tfplan -var="broadcast_enabled=true"
-  environment:
-    name: Public Jammin
-    url: https://ejam.vereto.net
+    - terraform apply plan.tfplan
   dependencies:
     - tf-plan
   when: manual
diff --git a/main.tf b/main.tf
index a215f8b..f7bf362 100644
--- a/main.tf
+++ b/main.tf
@@ -61,7 +61,6 @@ resource "aws_security_group_rule" "ssh" {
   security_group_id = aws_security_group.ssh.id
 }
 
-
 resource "aws_security_group" "jamulus" {
   name        = "jamulus-port-access"
   description = "Allow jamulus inbound traffic"
@@ -90,7 +89,6 @@ resource "aws_security_group_rule" "node-exporter" {
   security_group_id = aws_security_group.node-exporter.id
 }
 
-
 output "jamulus_ip" {
   value = "${aws_instance.jamulus.public_ip}"
 }