diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml
index d214612..ca5ca75 100644
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@@ -63,18 +63,30 @@
         force: true
       become: true
 
-    # TODO(decentral1se): make this work...
-    # - name: Set authorized_keys file for git user
-    #   lineinfile:
-    #     path: /var/lib/gitea/git/.ssh/authorized_keys
-    #     regexp: "^{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}"
-    #     line: "{{ lookup('file', '/home/git/.ssh/id_rsa.pub') }}{{ lookup('file', '/var/lib/gitea/git/.ssh/authorized_keys') }}"
-    #     state: present
-    #     insertbefore: BOF
-    #     create: true
-    #   become: true
+    - name: Store the git user public key
+      shell: cat /home/git/.ssh/id_rsa.pub
+      register: git_id_rsa_pub
+      become: true
 
-    - name: Symlink the authorized keys configuration
+    - name: Store the gitea authorized_keys file
+      shell: cat /var/lib/gitea/git/.ssh/authorized_keys
+      register: git_auth_keys
+      become: true
+
+    - name: Ensure git public key is in gitea loaded authorized_keys
+      blockinfile:
+        path: /var/lib/gitea/git/.ssh/authorized_keys
+        block: "{{ git_id_rsa_pub.stdout }}"
+        state: present
+        owner: git
+        group: git
+        create: true
+        insertbefore: BOF
+        backup: true
+        marker: "# ansible inserted git <-> gitea public key"
+      become: true
+
+    - name: Symlink the gitea authorized keys configuration to the host git user
       file:
         src: /var/lib/gitea/git/.ssh/authorized_keys
         dest: /home/git/.ssh/authorized_keys