diff --git a/playbooks/add-gitea-ssh-key.yml b/playbooks/add-gitea-ssh-key.yml
new file mode 100644
index 0000000..c557d6a
--- /dev/null
+++ b/playbooks/add-gitea-ssh-key.yml
@@ -0,0 +1,22 @@
+---
+- name: Add SSH key from Gitea
+  hosts: all
+  become: true
+  vars:
+    username: ryan  # set this at runtime or override with --extra-vars
+
+  tasks:
+    - name: Ensure .ssh directory exists
+      file:
+        path: "/home/{{ username }}/.ssh"
+        state: directory
+        owner: "{{ username }}"
+        group: "{{ username }}"
+        mode: '0700'
+
+    - name: Add public key from Gitea to authorized_keys
+      ansible.posix.authorized_key:
+        user: "{{ username }}"
+        key: "https://gitea.purpleraft.com/{{ username }}.keys"
+        state: present
+        manage_dir: false  # we already ensured it