From 6f73b83bc0fd60740fdeddff4c4d0ffcec37cc4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20=C5=BD=C3=A1=C4=8Dek?= <jakub@zacekj.cz>
Date: Sat, 23 May 2026 14:53:41 +0200
Subject: [PATCH] Centralize users list in group_vars and rename baseline
 playbook

Move the canonical user list to group_vars/all/users.yml so both
setup_linux.yml (renamed from initial_setup.yml) and the
initial_install users role consume the same source of truth.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 group_vars/all/users.yml                   | 22 +++++++++++++++++++
 initial_install/roles/users/tasks/main.yml | 25 +---------------------
 initial_setup.yml => setup_linux.yml       | 24 ---------------------
 3 files changed, 23 insertions(+), 48 deletions(-)
 create mode 100644 group_vars/all/users.yml
 rename initial_setup.yml => setup_linux.yml (64%)

diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml
new file mode 100644
index 0000000..dad4f81
--- /dev/null
+++ b/group_vars/all/users.yml
@@ -0,0 +1,22 @@
+---
+# Canonical user list — consumed by both setup_linux.yml and
+# initial_install/roles/users.
+users:
+  - name: automation
+    shell: /bin/bash
+    sudo_nopasswd: true
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@internet-master.cz"
+
+  - name: hellsos
+    shell: /bin/bash
+    sudo_nopasswd: true
+    ssh_keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wC3T4/HSs1q5jf34sCqicSQOb05k+bxfmNMMKEGzRrGT3BfCG428F19OBIswvcuBPC0Q4TpPz84BkiATCx2o1JUH1xIOFcHzxxXbyzHAhjwto1wOr1DkwZWAvDPbdnJ39OsC0EdmrAHSXut93q4vzOsLlS34bOWP1THGY9nBKOHwJUQmS5tLw6dqbhKA886TrPXJDR9euEC+SYaytMyDUPYEa6dlDyRp77eII/uI/hf/6e+34wm9XyFyGMiMrQeO0u6Gq5NhsoBlhrCW3ds0To+DBZ/YKNzpzcN+uPKM1+r9nN8KwdwjRkQEwSdB4osz/UeGTiXB0jwb0+ftFthBFdOil86cd1OiAMmuKB/19QHv0NsVhs2JocP5JcrAgx8ktQzLIkOM4lt6Kt9rjHv1KNfdsZdiHqlOwrDv9B2Ei44qEUAsWlFSzEi7R3mOED4F04N3FeQ9TkrRRH6SE733t1Kum2VAz6wr4BSNyYxQOCnXoANy/JyoM5e5tQ7pht7tuxX78zhFlC7pAmVu0dnCQimSsIsXNlYGM7DQ7QMva8mKu49V3B7tU0ChghSRJUb2Sg0tkTAxzCR+WOOf8kAnkXNOV5vExQ3h5Xmb52A+az37Hyex379ryKqpffaf9RTx9pBagQf1XbUtA4KazuEi3fMmqCQjz+xFZJAZQ== hellsos@hellsos-PC"
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhfQt1VNQo8EbIog4yjU5VEF3mTyMEC7o1Qe95X4JwG jan@rabcan.cz"
+
+  - name: jim
+    shell: /bin/bash
+    sudo_nopasswd: true
+    ssh_keys:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"
diff --git a/initial_install/roles/users/tasks/main.yml b/initial_install/roles/users/tasks/main.yml
index 9747ec3..31305f9 100644
--- a/initial_install/roles/users/tasks/main.yml
+++ b/initial_install/roles/users/tasks/main.yml
@@ -1,28 +1,5 @@
 ---
-- name: Define users
-  ansible.builtin.set_fact:
-    users:
-      - name: automation
-        shell: /bin/bash
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@internet-master.cz"
-
-      - name: hellsos
-        shell: /bin/bash
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-ed25519 AAAAC3..."
-
-      - name: jim
-        shell: /bin/bash
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"
-
-# --------------------------------------------------
-# Create users
-# --------------------------------------------------
+# `users` comes from group_vars/all/users.yml
 - name: Ensure users exist
   ansible.builtin.user:
     name: "{{ item.name }}"
diff --git a/initial_setup.yml b/setup_linux.yml
similarity index 64%
rename from initial_setup.yml
rename to setup_linux.yml
index a4fb930..b891a4c 100644
--- a/initial_setup.yml
+++ b/setup_linux.yml
@@ -3,30 +3,6 @@
   hosts: all
   become: true
 
-  vars:
-    users:
-      - name: automation
-        shell: /bin/bash
-        groups: []
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx+ltCKNIEM7F4PzGLv22cIu7N0Fpn5gxwV02xq0GS9 automation@internet-master.cz"
-
-      - name: hellsoslocal
-        shell: /bin/bash
-        groups: []
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB+wC3T4/HSs1q5jf34sCqicSQOb05k+bxfmNMMKEGzRrGT3BfCG428F19OBIswvcuBPC0Q4TpPz84BkiATCx2o1JUH1xIOFcHzxxXbyzHAhjwto1wOr1DkwZWAvDPbdnJ39OsC0EdmrAHSXut93q4vzOsLlS34bOWP1THGY9nBKOHwJUQmS5tLw6dqbhKA886TrPXJDR9euEC+SYaytMyDUPYEa6dlDyRp77eII/uI/hf/6e+34wm9XyFyGMiMrQeO0u6Gq5NhsoBlhrCW3ds0To+DBZ/YKNzpzcN+uPKM1+r9nN8KwdwjRkQEwSdB4osz/UeGTiXB0jwb0+ftFthBFdOil86cd1OiAMmuKB/19QHv0NsVhs2JocP5JcrAgx8ktQzLIkOM4lt6Kt9rjHv1KNfdsZdiHqlOwrDv9B2Ei44qEUAsWlFSzEi7R3mOED4F04N3FeQ9TkrRRH6SE733t1Kum2VAz6wr4BSNyYxQOCnXoANy/JyoM5e5tQ7pht7tuxX78zhFlC7pAmVu0dnCQimSsIsXNlYGM7DQ7QMva8mKu49V3B7tU0ChghSRJUb2Sg0tkTAxzCR+WOOf8kAnkXNOV5vExQ3h5Xmb52A+az37Hyex379ryKqpffaf9RTx9pBagQf1XbUtA4KazuEi3fMmqCQjz+xFZJAZQ== hellsos@hellsos-PC"
-          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhfQt1VNQo8EbIog4yjU5VEF3mTyMEC7o1Qe95X4JwG jan@rabcan.cz"
-
-      - name: jimlocal
-        shell: /bin/bash
-        groups: []
-        sudo_nopasswd: true
-        ssh_keys:
-          - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFS4fsqMjMMu/Bi/884bw7yJBqvWusDRESvanH6Owco jakub@jimbuntu"
-
   tasks:
 
     - name: Pick sudo group per distro