diff --git a/.gitea/workflows/checks-impure.yaml b/.gitea/workflows/checks-impure.yaml
index 6e627ab4..893d9dd6 100644
--- a/.gitea/workflows/checks-impure.yaml
+++ b/.gitea/workflows/checks-impure.yaml
@@ -5,6 +5,7 @@ on:
     branches: main
 jobs:
   test:
+    if: ${{ github.actor != 'clan-bot' }}
     runs-on: nix
     steps:
       - uses: actions/checkout@v3
diff --git a/.gitea/workflows/checks.yaml b/.gitea/workflows/checks.yaml
index 6705af0d..21fced7d 100644
--- a/.gitea/workflows/checks.yaml
+++ b/.gitea/workflows/checks.yaml
@@ -5,6 +5,7 @@ on:
     branches: main
 jobs:
   test:
+    if: ${{ github.actor != 'clan-bot' }}
     runs-on: nix
     steps:
       - uses: actions/checkout@v3
diff --git a/.gitea/workflows/ui_assets.yaml b/.gitea/workflows/ui_assets.yaml
index 9fb58ef8..834d8596 100644
--- a/.gitea/workflows/ui_assets.yaml
+++ b/.gitea/workflows/ui_assets.yaml
@@ -1,10 +1,11 @@
-name: assets
-# on:
-#   push:
-#     branches:
-#       - main
+name: assets1
+on:
+  push:
+    branches:
+      - main
 jobs:
   test:
+    if: ${{ github.actor != 'clan-bot' }}
     runs-on: nix
     steps:
       - name: Checkout code
@@ -29,9 +30,33 @@ jobs:
 
             # git push if we have a diff
             if [[ -n $(git diff) ]]; then
+
+              DEPS=$(nix shell --inputs-from '.#' "nixpkgs#coreutils-full" -c bash -c "echo \$PATH")
+              export PATH=$PATH:$DEPS
+
+              # Setup git config
               git config --global user.email "clan-bot@clan.lol"
               git config --global user.name "clan-bot"
+
+              ################################################
+              #                                              #
+              # WARNING: SECRETS ARE BEING PROCESSED HERE.   #
+              #             !DO NOT LOG THIS!                #
+              #                                              #
+              ################################################
+              set +x
+              AUTH_TOKEN=$(echo -n "x-access-token:$GITEA_TOKEN" | base64)
+              git config http."$GITHUB_SERVER_URL/".extraheader "AUTHORIZATION: basic $AUTH_TOKEN"
+              set -x
+              ################################################
+              #                                              #
+              #             END OF SECRETS AREA              #
+              #                                              #
+              ################################################
+
+              # Commit and push
               git commit -am "update ui-assets.nix"
+
               echo "Current branch: $GITHUB_REF_NAME"
               git push origin HEAD:$GITHUB_REF_NAME
             fi
@@ -40,4 +65,4 @@ jobs:
           fi
         env:
           MODIFIED_FILES: ${{ steps.changed-files.outputs.modified_files }}
-          GITEA_TOKEN: ${{ secrets.TEA_TOKEN_QUBASA }}
+          GITEA_TOKEN: ${{ secrets.BOT_ACCESS_TOKEN }}
diff --git a/pkgs/ui/nix/update-ui-assets.sh b/pkgs/ui/nix/update-ui-assets.sh
index 6d420c74..0b0e88fc 100755
--- a/pkgs/ui/nix/update-ui-assets.sh
+++ b/pkgs/ui/nix/update-ui-assets.sh
@@ -4,6 +4,7 @@ set -xeuo pipefail
 # GITEA_TOKEN
 if [[ -z "${GITEA_TOKEN:-}" ]]; then
   echo "GITEA_TOKEN is not set"
+  echo "Go to https://git.clan.lol/user/settings/applications and generate a token"
   exit 1
 fi
 
@@ -23,7 +24,9 @@ NAR_HASH=$(nix-prefetch-url --unpack file://<(cat "$tmpdir/assets.tar.gz"))
 
 
 url="https://git.clan.lol/api/packages/clan/generic/ui/$NAR_HASH/assets.tar.gz"
-curl -v --upload-file "$tmpdir/assets.tar.gz" -X PUT "$url?token=$GITEA_TOKEN"
+set +x
+curl --upload-file "$tmpdir/assets.tar.gz" -X PUT "$url?token=$GITEA_TOKEN"
+set -x
 
 TEST_URL=$(nix-prefetch-url --unpack "$url")
 if [[ $TEST_URL != "$NAR_HASH" ]]; then
@@ -40,4 +43,3 @@ fetchzip {
 }
 EOF
 
-