diff --git a/playbook.vars.yml b/playbook.vars.yml
deleted file mode 100644
index 5541641..0000000
--- a/playbook.vars.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-operations_admin_users: []
-
-operations_control_user: control
-operations_control_home: /var/control
-
-operations_platform_user: platform
-operations_platform_home: /var/platform
-
-# Pass the list of users to geerlingguy.security and geerlingguy.github.
-security_ssh_allowed_users: "{{ operations_admin_users }}"
-github_users: "{{ operations_admin_users }}"
-security_sudoers_passwordless: "{{ operations_admin_users }}"
diff --git a/playbook.yml b/playbook.yml
index 5ac187e..dc6ac41 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,21 +2,22 @@
 ---
 - name: Configure Server
   hosts: all
-  vars_files: playbook.vars.yml
   become: true
 
   roles:
     - role: geerlingguy.security
       tags: system
       vars:
-        security_sudoers_passwordless: "{{ ['control'] + operations_admin_users }}"
+        security_sudoers_passwordless: "{{ [operations_control_user] + operations_admin_users }}"
+        security_ssh_allowed_users: "{{ operations_admin_users }}"
 
     - role: geerlingguy.github-users
       tags: system
+      vars:
+        github_users: "{{ operations_admin_users }}"
 
 - name: "Configure Hosting: DDEV"
   hosts: operations_host_ddev
-  vars_files: playbook.vars.yml
 
   roles:
     - role: geerlingguy.php
diff --git a/roles/operations.users/defaults/main.yml b/roles/operations.users/defaults/main.yml
new file mode 100644
index 0000000..69c8f99
--- /dev/null
+++ b/roles/operations.users/defaults/main.yml
@@ -0,0 +1,7 @@
+operations_admin_users: []
+
+operations_control_user: control
+operations_control_home: /var/control
+
+operations_platform_user: platform
+operations_platform_home: /var/platform