diff --git a/playbooks/rebuild-pacman-keyring.yml b/playbooks/rebuild-pacman-keyring.yml
new file mode 100644
index 0000000..60c4de9
--- /dev/null
+++ b/playbooks/rebuild-pacman-keyring.yml
@@ -0,0 +1,33 @@
+---
+
+ - hosts: "{{ targets | default('all') }}"
+   become: true
+   gather_facts: false
+
+   tasks:
+
+     - name: Clean
+       command: rm -Rf /etc/pacman.d/gnupg
+
+     - name: Initialize keyring
+       command: /usr/bin/pacman-key --init
+
+     - name: Add ArchLinux
+       command: /usr/bin/pacman-key --populate archlinux
+
+     - name: Add AniNIX
+       command: /usr/bin/pacman-key --populate aninix
+
+     - name: Locally sign AniNIX
+       command: /usr/bin/pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296
+
+     - name: Update DB
+       command: /usr/bin/pacman-key --updatedb
+
+     - name: Update packages
+       pacman:
+         name:
+           - archlinux-keyring
+           - ShadowArch
+         state: latest
+         update_cache: true