diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2a9bad2..8a85abe 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,9 +22,19 @@ apply:
   stage: apply
   script:
     - nix-env --install colmena
+    - eval $(ssh-agent -s)
+    - chmod 600 "$SSH_PRIVATE_KEY"
+    - ssh-add "$SSH_PRIVATE_KEY"
+    - git clone https://oauth2:${ACCESS_TOKEN_KNOWN_HOSTS}@git.grzb.de/yuri/known_hosts.git /root/.ssh
     - colmena apply --no-keys
 
 commit_flake:
   stage: commit_flake
+  variables:
+    GIT_AUTHOR_EMAIL: $GIT_AUTHOR_EMAIL
+    GIT_AUTHOR_NAME: $GIT_AUTHOR_NAME
+    GIT_COMMITTER_EMAIL: $GIT_COMMITTER_EMAIL
+    GIT_COMMITTER_NAME: $GIT_COMMITTER_NAME
+    ACCESS_TOKEN: $ACCESS_TOKEN
   script:
-    - echo "commit_flake"
\ No newline at end of file
+    - nix-env --install git 
diff --git a/configuration/common/default.nix b/configuration/common/default.nix
index 5150469..71f1052 100644
--- a/configuration/common/default.nix
+++ b/configuration/common/default.nix
@@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 {
   imports = [
+    ../../users/colmena-deploy
     ../../users/yuri
   ];
 
@@ -14,7 +15,7 @@
   security.sudo.wheelNeedsPassword = false;
 
   nix.settings = {
-    trusted-users = [ "@wheel" ];
+    trusted-users = [ "colmena-deploy" ];
     auto-optimise-store = true;
     experimental-features = [ "nix-command" "flakes" ];
   };
diff --git a/flake.lock b/flake.lock
index bfa6a15..80f0d19 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1689048911,
-        "narHash": "sha256-pODI2CkjWbSLo5nPMZoLtkRNJU/Nr3VSITXZqqmNtIk=",
+        "lastModified": 1689209875,
+        "narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8163a64662b43848802092d52015ef60777d6129",
+        "rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 7b641bc..c752aaa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,7 @@
       nitter = { name, nodes, pkgs, ... }: {
         deployment = {
           targetHost = "nixos-nitter.vs.grzb.de";
-          targetUser = "yuri";
+          targetUser = "colmena-deploy";
         };
         imports = [
           ./configuration/common
@@ -26,7 +26,7 @@
       coturn = { name, nodes, pkgs, ... }: {
         deployment = {
           targetHost = "nixos-coturn.vs.grzb.de";
-          targetUser = "yuri";
+          targetUser = "colmena-deploy";
         };
         imports = [
           ./configuration/common
diff --git a/users/colmena-deploy/default.nix b/users/colmena-deploy/default.nix
new file mode 100644
index 0000000..bebd6ef
--- /dev/null
+++ b/users/colmena-deploy/default.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  users.users.colmena-deploy = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPJbR09ZqPnfZkx9JNjCurJDXWa5XtNeNQfkPRU/ZnY colmena-deploy"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
+    ];
+  };
+}