diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index d6d3a44..35e1659 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -10,3 +10,30 @@
   apt:
     name: [ufw]
     state: absent
+
+- name: check which users exist
+  ansible.builtin.user:
+    name: "{{ item }}"
+  loop: ["root", "finn", "debian"]
+  check_mode: true
+  register: users
+
+- name: Ensure SSH key is set
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: present
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJs5PJ6jQF7Sx3T1b1+NBXt4JRsnjGnWv8+bCf4RpwGM finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'
+
+- name: Invalidate old SSH key
+  ansible.posix.authorized_key:
+    user: "{{ item.item }}"
+    state: absent
+    key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMaJrZWSrAYTaCoGhW+o8HivmBj5oZi7Dei73FtCl0d finn@taint
+  loop: "{{ users.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item.state | d('') == 'present'