diff --git a/roles/mediaserver/tasks/main.yml b/roles/mediaserver/tasks/main.yml
index f1e451865438dff801ebc14416a6e6b76d0b4ce3..db1c4b46086fa96350a1ded572a7aadfa1e28e02 100644
--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -6,6 +6,21 @@
     install_recommends: false
     name: "{{ server_packages }}"
 
+- name: fetch postgres ssh public key
+  register: root_ssh_pubkey
+  slurp:
+    path: /root/.ssh/id_ed25519.pub
+
+- name: register postgres ssh public key as an ansible fact
+  set_fact:
+    pubkey: "{{ root_ssh_pubkey['content'] | b64decode }}"
+
+- name: share postgres ssh public key between cluster members
+  loop: "{{ groups['mediaserver'] }}"
+  authorized_key:
+    user: root
+    key: "{{ hostvars[item]['pubkey'] }}"
+
 - name: resolve domain name to localhost
   when: not in_docker
   notify: restart nginx
@@ -26,6 +41,7 @@
     dest: "{{ item }}"
     mode: push
     copy_links: yes
+    set_remote_user: no
   delegate_to: "{{ groups['mediaserver'][0] }}"
 
 - name: create instances