diff --git a/group_vars/all/archusers.yml b/group_vars/all/archusers.yml
index 6ccdfa5ec4da71c50515f5b60170eab4cdafe787..346f58dff825dbc04e26b86e3b85295de48651b4 100644
--- a/group_vars/all/archusers.yml
+++ b/group_vars/all/archusers.yml
@@ -572,3 +572,9 @@ arch_users:
     ssh_key: yan12125.pub
     groups:
       - tu
+
+# utility accounts to protect from the "disable ssh keys of disabled users" task
+utility_users:
+  gemini.archlinux.org:
+    - svn-packages
+    - svn-community
diff --git a/roles/archusers/tasks/main.yml b/roles/archusers/tasks/main.yml
index 5c42f33452e94650c2e6c6dfc209afd809d1671e..1a37793306dd7965252dfedaec0a99b4053ec0a0 100644
--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
@@ -39,8 +39,9 @@
   find: paths="/home" file_type="directory"
   register: all_users
 
-  # TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users?
 - name: disable ssh keys of disabled users
   file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
-  when: item not in (arch_users_filtered | map(attribute='key'))
+  when:
+    - item not in (arch_users_filtered | map(attribute='key'))
+    - item not in (utility_users[inventory_hostname] | default([]))
   with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"