diff --git a/.build.yml b/.build.yml
index f9d3bff..0f28fe2 100644
--- a/.build.yml
+++ b/.build.yml
@@ -3,6 +3,7 @@ environment:
   FF_ENABLE_COMMIT_DATA: "true"
   FF_GENERATE_SOCIAL_CARDS: "true"
   #SKIP_VENV_SETUP: "true"
+oauth: "meta.sr.ht/PROFILE pages.sr.ht/SITES:RW pages.sr.ht/PAGES:RW pages.sr.ht/PROFILE"
 packages:
   - openssh-client
   - rsync
@@ -45,11 +46,15 @@ tasks:
   - generate-archive: |
       cd web
       tar -C build -cvz . -f tildeweb-prod-build.tar.gz
-  - deploy: |
+  - deploy-html: |
       cd web
       echo "StrictHostKeyChecking=no" >> ~/.ssh/config
-      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/p.psf.lt ajhalili2006@p.projectsegfau.lt:/home/ajhalili2006/public_html
-      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/ctrl-c.club ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_html
-      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/dimension.sh ajhalili2006@s1.dimension.sh:/home/ajhalili2006/public_html
+      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/p.psf.lt/ ajhalili2006@p.projectsegfau.lt:/home/ajhalili2006/public_html/
+      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/ctrl-c.club/ ajhalili2006@ctrl-c.club:/home/ajhalili2006/public_html/
+      rsync -rP -e 'ssh -i ~/.ssh/passwordless-auth-sshfs' build/dimension.sh/ ajhalili2006@s1.dimension.sh:/home/ajhalili2006/public_html/
+  - deploy-gemini:
+      cd web
+      set +x
+      SOURCEHUT_PAGES_TOKEN=${OAUTH2_TOKEN} PRIVATE_SSH_KEY=~/.ssh/passwordless-auth-sshfs ./bin/deploy-gmi.sh
 artifacts:
   - web/tildeweb-prod-build.tar.gz
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e5e07bc..393a645 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,7 +37,7 @@ pages:
     # This ensures that only pushes to the default branch will trigger
     # a pages deploy
     - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
-pages:srht:
+.pages:srht:
   stage: build
   needs:
     - pages
diff --git a/bin/deploykit-gmi.sh b/bin/deploykit-gmi.sh
index f288cd4..ccd8c4d 100755
--- a/bin/deploykit-gmi.sh
+++ b/bin/deploykit-gmi.sh
@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
-set -xe
 
+PRIVATE_SSH_KEY=${PRIVATE_SSH_KEY:-"/run/secrets/passwordless"}
 SOURCEHUT_USERNAME=${SOURCEHUT_PAGES_SUBDOMAIN:-"ajhalili2006"}
+SOURCEHUT_PAGES_TOKEN=${SOURCEHUT_PAGES_TOKEN}
 GEMINI_CUSTOM_DOMAIN=${GEMINI_CUSTOM_DOMAIN:-"gemini.andreijiroh.eu.org"}
 
 if [[ $SOURCEHUT_PAGES_TOKEN == "" ]]; then
@@ -21,5 +22,6 @@ curl --oauth2-bearer "$SOURCEHUT_PAGES_TOKEN" \
     -Fcontent=@gemini-site.tar.gz \
     -Fprotocol=GEMINI \
     "https://pages.sr.ht/publish/${GEMINI_CUSTOM_DOMAIN}"
-rsync -rP -e 'ssh -i /run/secrets/passwordless' gmi/ ajhalili2006@p.projectsegfau.lt:/home/ajhalili2006/public_gemini
-rsync -rP -e 'ssh -i /run/secrets/passwordless' gmi/ ajhalili2006@s1.dimension.sh:/home/ajhalili2006/public_gemini
+
+rsync -rP -e "ssh -i ${PRIVATE_SSH_KEY} -o StrictHostKeyChecking=no" gmi/ ajhalili2006@p.projectsegfau.lt:/home/ajhalili2006/public_gemini
+rsync -rP -e "ssh -i ${PRIVATE_SSH_KEY} -o StrictHostKeyChecking=no" gmi/ ajhalili2006@s1.dimension.sh:/home/ajhalili2006/public_gemini