diff --git a/roles/pve_auth/templates/shadow.cfg.j2 b/roles/pve_auth/templates/shadow.cfg.j2
index b45c40d..25842f3 100644
--- a/roles/pve_auth/templates/shadow.cfg.j2
+++ b/roles/pve_auth/templates/shadow.cfg.j2
@@ -1,7 +1,5 @@
 {{ ansible_managed | comment }}
 
 {% for name, user in pve_auth__users.items() %}
-{% if user.enabled | default(True) %}
 {{ name }}:{{ user.password }}:
-{% endif %}
 {% endfor %}
diff --git a/roles/pve_auth/templates/user.cfg.j2 b/roles/pve_auth/templates/user.cfg.j2
index 5bb9da7..3407fff 100644
--- a/roles/pve_auth/templates/user.cfg.j2
+++ b/roles/pve_auth/templates/user.cfg.j2
@@ -1,15 +1,17 @@
 {{ ansible_managed | comment }}
 
 {% for name, user in pve_auth__users.items() %}
-{% if user.enabled | default(True) %}
-user:{{ name }}@pve:1:0::::::
-{% endif %}
+{% set enabled = user.enabled | default(True) %}
+user:{{ name }}@pve:{{ enabled | ternary(1, 0) }}:0::::::
 {% endfor %}
 
 {% for group in pve_auth__groups.keys() %}
 {% set users = pve_auth__users
-               | selectattr("groups", "defined")
-	       | selectattr("groups", "contains", group) %}
+               | dict2items
+               | selectattr("value.groups", "defined")
+	       | selectattr("value.groups", "contains", group)
+	       | map(attribute="key")
+	       | map("suffix", "@pve") %}
 group:{{ group }}:{{ users | join(",") }}::
 {% endfor %}