diff --git a/share/organisation/gitea-user.tf b/share/organisation/gitea-user.tf
index 50d4fec..7d88a9f 100644
--- a/share/organisation/gitea-user.tf
+++ b/share/organisation/gitea-user.tf
@@ -27,7 +27,7 @@ resource "null_resource" "get_known" {
   count = local.needUser?1:0
   triggers  =  { always_run = "${timestamp()}" }
   provisioner "local-exec" {
-    command = "ssh-keyscan -p ${data.kubernetes_service.gitea-ssh.spec.0.port.0.port} ${data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host} > ${path.module}/known_host.txt"
+    command = "ssh-keyscan -p ${data.kubernetes_service.gitea-ssh.spec.0.port.0.port} ${var.gitea-ssh-domain!=""?var.gitea-ssh-domain:data.kubernetes_ingress_v1.gitea.spec[0].rule[0].host} > ${path.module}/known_host.txt"
   }
 }
 
@@ -53,6 +53,11 @@ resource "kubectl_manifest" "ssh-creds" {
       data:
         known_hosts: "${data.local_file.known_host[0].content}"
   EOF
+  lifecycle {
+    ignore_changes = [
+      yaml_body,
+    ]
+  }
 }
 
 data "kubernetes_secret_v1" "ssh-creds-read" {
diff --git a/share/organisation/index.yaml b/share/organisation/index.yaml
index 1ef47c2..5d4bc1e 100644
--- a/share/organisation/index.yaml
+++ b/share/organisation/index.yaml
@@ -6,6 +6,31 @@ metadata:
   name: organisation
   description: null
 options:
+  haveGitea:
+    default: false
+    examples:
+    - false
+    type: boolean
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
   domain:
     default: your-company
     examples:
@@ -41,52 +66,6 @@ options:
         default: backup-settings
         type: string
     type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  datasets:
-    default: []
-    items:
-      properties:
-        engine:
-          default: pg
-          type: string
-        name:
-          default: ''
-          type: string
-      type: object
-    type: array
-  haveGitea:
-    default: false
-    examples:
-    - false
-    type: boolean
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
-  stages:
-    default: []
-    items:
-      properties:
-        name:
-          default: prod
-          type: string
-      type: object
-    type: array
   distributions:
     default:
       core: core
@@ -102,6 +81,32 @@ options:
         default: domain
         type: string
     type: object
+  gitea-ssh-domain:
+    default: ''
+    examples:
+    - ''
+    type: string
+  stages:
+    default: []
+    items:
+      properties:
+        name:
+          default: prod
+          type: string
+      type: object
+    type: array
+  datasets:
+    default: []
+    items:
+      properties:
+        engine:
+          default: pg
+          type: string
+        name:
+          default: ''
+          type: string
+      type: object
+    type: array
 dependencies: []
 providers:
   kubernetes: true