diff --git a/defaults/main.yaml b/defaults/main.yaml
index 6e181ac..a7b94b2 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -11,3 +11,15 @@ semaphore_email_host: "smtp"
 semaphore_email_port: "465"
 semaphore_email_username: "smtp-user"
 semaphore_email_password: "smtp-pass"
+
+# semaphore ansible ssh key
+semaphore_ansible_ssh_key: "supersecure"
+
+# semaphore ssh config
+semaphore_ssh_config: |
+  host *
+    user ansible
+    identityfile /home/semaphore/.ssh/ansible.key
+    addressfamily inet
+    stricthostkeychecking no
+    userknownhostsfile /dev/null
diff --git a/tasks/install.yaml b/tasks/install.yaml
index 50ffe07..c912dcb 100644
--- a/tasks/install.yaml
+++ b/tasks/install.yaml
@@ -11,8 +11,27 @@
   loop:
     - "/mnt/semaphore"
     - "/mnt/semaphore/data"
+    - "/mnt/semaphore/ssh"
     - "/mnt/semaphore/tmp"
 
+# semaphore ssh config
+- name: "ssh config"
+  ansible.builtin.template:
+    src: "templates/semaphore/config.j2"
+    dest: "/mnt/semaphore/ssh/config"
+    owner: "1001"
+    group: "1001"
+    mode: "0640"
+
+# semaphore ansible ssh key
+- name: "ansible ssh config"
+  ansible.builtin.template:
+    src: "templates/semaphore/ansible.key.j2"
+    dest: "/mnt/semaphore/ssh/ansible.key"
+    owner: "1001"
+    group: "1001"
+    mode: "0400"
+
 # run semaphore
 - name: "run semaphore"
   community.docker.docker_container:
@@ -43,6 +62,8 @@
     network_mode: "host"
 
     volumes:
+      - "/mnt/semaphore/ssh/config:/home/semaphore/.ssh/config"
+      - "/mnt/semaphore/ssh/ansible.key:/home/semaphore/.ssh/ansible.key"
       - "/mnt/semaphore/data:/var/lib/semaphore"
       - "/mnt/semaphore/tmp:/tmp/semaphore"
 
@@ -51,23 +72,10 @@
 
     env:
 
-      # ansible
-      ANSIBLE_HOST_KEY_CHECKING: "False"
-
       # semaphore
-      SEMAPHORE_EMAIL_SENDER: "{{ semaphore_email_sender }}"
-      SEMAPHORE_EMAIL_USERNAME: "{{ semaphore_email_username }}"
-      SEMAPHORE_EMAIL_HOST: "{{ semaphore_email_host }}"
-      SEMAPHORE_EMAIL_PORT: "{{ semaphore_email_port }}"
-      SEMAPHORE_EMAIL_PASSWORD: "{{ semaphore_email_password }}"
-      SEMAPHORE_EMAIL_SECURE: "True"
-      SEMAPHORE_EMAIL_TLS: "True"
-
       SEMAPHORE_DB_DIALECT: "sqlite"
-      SEMAPHORE_RUNNER_REGISTRATION_TOKEN: "{{ semaphore_runner_token }}"
       SEMAPHORE_TOTP_ALLOW_RECOVERY: "True"
       SEMAPHORE_TOTP_ENABLED: "True"
-      SEMAPHORE_USE_REMOTE_RUNNER: "True"
       SEMAPHORE_SCHEDULE_TIMEZONE: "Europe/Amsterdam"
 
       # global
diff --git a/templates/semaphore/ansible.key.j2 b/templates/semaphore/ansible.key.j2
new file mode 100644
index 0000000..b1a7024
--- /dev/null
+++ b/templates/semaphore/ansible.key.j2
@@ -0,0 +1 @@
+{{ semaphore_ansible_ssh_key }}
diff --git a/templates/semaphore/config.j2 b/templates/semaphore/config.j2
new file mode 100644
index 0000000..0b12d24
--- /dev/null
+++ b/templates/semaphore/config.j2
@@ -0,0 +1 @@
+{{ semaphore_ssh_config }}