diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
index ab7808f..44a0a78 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@@ -325,6 +325,19 @@
     # - name: Create umbrella application
     #   ansible.builtin.template:
     #
+    - name: Configure metacluster-gitops repository
+      ansible.builtin.template:
+        src: gitrepo.j2
+        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
+        owner: root
+        group: root
+        mode: 0600
+      vars:
+        _template:
+          name: argocd-gitrepo-metacluster
+          namespace: argo-cd
+          uid: "{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed=inventory_hostname') }}"
+          privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
 
   module_defaults:
     ansible.builtin.uri:
diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/gitrepo.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/gitrepo.j2
new file mode 100644
index 0000000..c5351f9
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/gitrepo.j2
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ _template.name }}-{{ _template.uid }}
+  namespace: {{ _template.namespace }}
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  url: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
+  name: {{ _template.name }}
+  insecure: 'true'
+  sshPrivateKey: |
+{{ _template.privatekey }}