diff --git a/playbooks/files/keys b/playbooks/files/keys
deleted file mode 120000
index f86df4c..0000000
--- a/playbooks/files/keys
+++ /dev/null
@@ -1 +0,0 @@
-../../keys
\ No newline at end of file
diff --git a/playbooks/keys b/playbooks/keys
new file mode 120000
index 0000000..b660cfb
--- /dev/null
+++ b/playbooks/keys
@@ -0,0 +1 @@
+../keys
\ No newline at end of file
diff --git a/playbooks/provision.yml b/playbooks/provision.yml
index 4dca9f1..be28de4 100644
--- a/playbooks/provision.yml
+++ b/playbooks/provision.yml
@@ -1,4 +1,6 @@
 ---
+- include_playbook: dependencies.yml
+
 - hosts: all
   name: Init
   tasks:
diff --git a/playbooks/update-users.yml b/playbooks/update-users.yml
index 1d8fc6c..9ac4f70 100644
--- a/playbooks/update-users.yml
+++ b/playbooks/update-users.yml
@@ -1,32 +1,44 @@
 ---
+- import_playbook: dependencies.yml
+
 - hosts: all
   name: Prompt for variables
   vars_prompt:
     - name: "generate_keys"
       prompt: "Generate SSH keypair for new users?"
       default: yes
+      private: no
       when: generate_keys is not defined
     - name: "enable_sudo_password"
       prompt: "Require user password when running sudo commands?"
       default: yes
+      private: no
       when: enable_sudo_password is not defined
     - name: "disable_gnome_user_list"
       prompt: "Disable the GNOME user list?"
       default: yes
+      private: no
       when: disable_gnome_user_list is not defined
 
   tasks:
-    - name: Load user variables
-      include_vars:
-        file: users.yml
-
-    - name: Create local user accounts
+    - name: Pre-processing
+      tags: always
       block:
+        - name: Load users
+          include_vars:
+            file: users.yml
         - name: Reconcile user targets with host targets to get host users
           set_fact:
             local_users: "{{ local_users | default([]) + [item if item.targets | intersect(targets) else None] }}"
           with_items: "{{ users }}"
+        - name: Get administrative users
+          set_fact:
+            local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}"
+          with_items: "{{ local_users | difference([None]) }}"
 
+    - name: Create local user accounts
+      tags: users_create
+      block:
         - name: Create groups
           become: true
           group:
@@ -46,11 +58,14 @@
             system: "{{ item.svc | default('no') }}"
             state: present
             generate_ssh_key: "{{ generate_keys }}"
+            ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}"
+            ssh_key_bits: 4096
             password: "{{ item.password }}"
           with_items:
             - "{{ local_users | difference([None]) }}"
 
     - name: Delete users that have been removed
+      tags: users_delete
       block:
         - name: Determine existing users
           shell: 'grep omni /etc/group | cut -d: -f4 | tr "," "\n"'
@@ -74,12 +89,8 @@
           with_items: "{{ removed_users }}"
 
     - name: Grant sudo permissions
+      tags: users_sudo
       block:
-        - name: Get administrative users
-          set_fact:
-            local_admin_users: "{{ local_admin_users | default([]) + [item.name if item.admin else None] }}"
-          with_items: "{{ local_users | difference([None]) }}"
-
         - name: Add users to sudo group on Fedora/CentOS/RHEL
           when: ansible_distribution == "Fedora" or ansible_distribution == "Red Hat Enterprise Linux" or ansible_distribution == "CentOS"
           become: true
@@ -94,23 +105,24 @@
           become: true
           lineinfile:
             create: yes
-            path: /etc/sudoers/30-ansible
+            path: /etc/sudoers.d/30-ansible
             line: "ansible ALL=(ALL) NOPASSWD:ALL"
             mode: 0644
 
         - name: Disable sudo password for admin users
-          when: enable_sudo_password is False
+          when: not enable_sudo_password
           become: true
           lineinfile:
             create: yes
-            path: /etc/sudoers/30-ansible
+            path: /etc/sudoers.d/30-ansible
             line: "{{ item }} ALL=(ALL) NOPASSWD:ALL"
             mode: 0644
           with_items:
             - "{{ local_admin_users | difference([None] )}}"
 
     - name: Configure GNOME
-      when: ansible_distribution == "Fedora" and disable_gnome_user_list is True
+      tags: users_gnome
+      when: ansible_distribution == "Fedora" and disable_gnome_user_list
       block:
         - name: Configure GDM profile
           become: true
@@ -132,8 +144,38 @@
 
         - name: Delete existing user database
           become: true
-          shell: "mv /var/lib/gdm/.config/dconf/user /var/lib/gdm/.config/user.bkup"
+          file:
+            path: /var/lib/gdm/.config/dconf/user
+            state: absent
 
         - name: Restart dconf database
           become: true
           shell: dconf update
+
+    - name: Install public keys
+      tags: users_keys
+      become: true
+      block:
+        - name: Ensure SSH directory exists
+          file:
+            state: directory
+            path: /home/{{ item.name }}/.ssh
+          with_items: "{{ local_users | difference([None]) }}"
+        - name: Put keys on remote
+          authorized_key:
+            user: "{{ item.name }}"
+            key: "{{ lookup('pipe','cat keys/' + item.name + '/*') if item.name != 'root' else '' }}"
+            state: present
+            exclusive: yes
+          with_items: "{{ local_users | difference([None]) }}"
+
+    - name: Ensure proper ownership of user home directories
+      become: true
+      file:
+        group: "{{ item.name }}"
+        owner: "{{ item.name }}"
+        path: /home/{{ item.name }}
+        recurse: yes
+        state: directory
+      with_items:
+        - "{{ local_users | difference([None]) }}"