fix: playbook task already has access to inventory-level variables

host_vars/vps1

@@ -2,7 +2,7 @@
 ---
 # vars file
 custom_vars:
-  generality:
+  shared:
     ssh_authorized_keys:
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIO0sbFLwfgSWpWwn4cy4cddKvV74efUMZVYTTjX2vnjAAAABHNzaDo= rika@hikiki
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHJqHHMplgqm8yiq4Qwisk67p9+f9sLM8tIAzuw2qkwpAAAABHNzaDo= rika@hikiki
@@ -56,6 +56,7 @@ groups:
   remote:
     group_name: remote
     type: system
+    id: ~
 users:
   # @NOTE key/field names MUST match value of 'username' key or field of its object
   senpai:
@@ -81,8 +82,8 @@ users:
       - sudo
       - "{{ groups.remote.group_name }}"
     services: [sshd]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys:
       - id: 558041D5CF2AB23B # @NOTE professional
@@ -128,8 +129,8 @@ users:
     groups:
       - "{{ groups.remote.group_name }}"
     services: [proftpd,sftp,ftps]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys: []
     gpg_keyid_pref: 0

init_env

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+SKATO_ANSIBLE_ROOT=$(dirname "$0")
+set -o allexport
+source "${SKATO_ANSIBLE_ROOT}/standard_paths"
+set +o allexport

playbooks/init.yml

@@ -13,7 +13,7 @@
         private_ip: true
         region: "{{ vps_service.region }}"
         root_pass: "{{ vps_service.password }}"
-        tags: "{{ hostvars[inventory_hostname].keywords }}" 
+        tags: "{{ keywords }}" 
         state: "{{ 'present' if vps_service.exists else 'absent' }}"
       tags:
         - vps_step

standard_paths

@@ -0,0 +1,28 @@
+# SKATO_ANSIBLE_ROOT=
+
+# Relative directory paths for role templates/files
+SKANSIBLE_ARIA="aria2"
+SKANSIBLE_PROFTPD="proftpd"
+SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
+# @NOTE below 4 filepaths have filenames that must correspond to 
+# the filenames in role ProFTPd templates'/files' Display settings 
+SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
+SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
+SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
+SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
+SKANSIBLE_SSHD_CONFS="sshd_config.d"
+SKANSIBLE_SYSTEMD="systemd"
+SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
+SKANSIBLE_FAIL2BAN="fail2ban"
+SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
+SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
+SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
+# @NOTE files in here must have extension "key" with IDs in  
+# "gpg_keys" inventory variable list as basenames.
+SKANSIBLE_GPG="gnupg"
+# @NOTE files in path below must have extensions "key" (private), 
+# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
+SKANSIBLE_SSL="ca-certificates"
+
+# Other directories
+SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"