diff --git a/.gitea/workflows/deploy-compose-stack.yml b/.gitea/workflows/deploy-compose-stack.yml
index 405b644..1355b3c 100644
--- a/.gitea/workflows/deploy-compose-stack.yml
+++ b/.gitea/workflows/deploy-compose-stack.yml
@@ -2,6 +2,11 @@ name: Deploy Stack
 
 on:
   workflow_call:
+    inputs:
+      extra_vars:
+        required: false
+        type: string
+        description: "JSON string of extra variables to pass to Ansible"
 
 jobs:
   deploy:
@@ -26,6 +31,22 @@ jobs:
             echo "❌ ORG_GITEA_TOKEN secret is required"
             exit 1
           fi
+          if [ -z "${{ secrets.STAF_PUID }}" ]; then
+            echo "❌ STAF_PUID secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_PGID }}" ]; then
+            echo "❌ STAF_PGID secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_TIMEZONE }}" ]; then
+            echo "❌ STAF_TIMEZONE secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_CONFIG_ROOT }}" ]; then
+            echo "❌ STAF_CONFIG_ROOT secret is required"
+            exit 1
+          fi
 
       - name: Checkout stack repository
         uses: actions/checkout@v4
@@ -49,15 +70,19 @@ jobs:
 
       - name: Setup SSH
         run: |
-          echo "${{ secrets.STAF_SSH_KEY }}" > /tmp/ssh_key
-          chmod 600 /tmp/ssh_key
+          echo "${{ secrets.STAF_SSH_KEY }}" > ~/.ssh/ssh_key
+          chmod 600 ~/.ssh/ssh_key
           eval $(ssh-agent -s)
-          ssh-add /tmp/ssh_key
+          ssh-add ~/.ssh/ssh_key
 
       - name: Deploy stack with Ansible
         run: |
           cd ansible-shared
-          if ! ansible-playbook -i inventory.ini deploy-compose-stack.yml; then
+          EXTRA_VARS_FLAG=""
+          if [ -n "${{ inputs.extra_vars }}" ]; then
+            EXTRA_VARS_FLAG="--extra-vars '${{ inputs.extra_vars }}'"
+          fi
+          if ! eval "ansible-playbook -i inventory.ini deploy-compose-stack.yml $EXTRA_VARS_FLAG"; then
             echo "❌ Ansible playbook execution failed"
             exit 1
           fi
@@ -67,6 +92,10 @@ jobs:
           REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
           STAF_HOST: ${{ secrets.STAF_HOST }}
           STAF_ANSIBLE_USER: ${{ secrets.STAF_ANSIBLE_USER }}
+          STAF_PUID: ${{ secrets.STAF_PUID }}
+          STAF_PGID: ${{ secrets.STAF_PGID }}
+          STAF_TZ: ${{ secrets.STAF_TIMEZONE }}
+          STAF_APPDATA_ROOT: ${{ secrets.STAF_APPDATA_ROOT }}
 
       - name: Notify deployment status
         if: always()
@@ -80,4 +109,4 @@ jobs:
       - name: Cleanup SSH key
         if: always()
         run: |
-          rm -f /tmp/ssh_key
+          rm -f ~/.ssh/ssh_key