diff --git a/.gitea/workflows/nix-update.yml b/.gitea/workflows/nix-update.yml
index 0d37533..55deaa4 100644
--- a/.gitea/workflows/nix-update.yml
+++ b/.gitea/workflows/nix-update.yml
@@ -15,6 +15,9 @@ env:
   GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
   GIT_COMMITTER_NAME: "nix-update bot"
   GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
+  # Global environment variables to prevent interactive prompts in any step
+  GIT_TERMINAL_PROMPT: "0"
+  GIT_ASKPASS: "/bin/echo"
 
 jobs:
   nix-update:
@@ -28,10 +31,6 @@ jobs:
             rm -rf /tmp/nixpkgs
           fi
 
-          # Disable terminal prompts for all git operations
-          export GIT_TERMINAL_PROMPT=0
-          export GIT_ASKPASS="/bin/echo"
-
           # Clone repository with token authentication
           git clone --no-single-branch \
             "https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git" \
@@ -210,10 +209,13 @@ jobs:
           BRANCH="${{ steps.update.outputs.branch_name }}"
           PACKAGES="${{ steps.update.outputs.updated_packages }}"
 
-          echo "Pushing branch ${BRANCH}..."
+          echo "Configuring git push authentication..."
+          # Ensure the remote URL has the token to prevent interactive prompts
+          git remote set-url origin "https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git"
 
-          # Push the branch
-          git push origin "${BRANCH}" || (git fetch origin "${BRANCH}" 2>/dev/null && git push origin "${BRANCH}" --force)
+          echo "Pushing branch ${BRANCH}..."
+          # Force push if needed (though branch is new)
+          git push origin "${BRANCH}"
 
           echo "Creating pull request..."
 
@@ -222,14 +224,16 @@ jobs:
              exit 1
           fi
 
-          # Authenticate tea if needed
-          if ! tea login list | grep -q "code.m3ta.dev"; then
-             echo "Adding tea login..."
-             tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
-          fi
+          # Remove existing tea login to ensure we use the fresh token
+          # We ignore errors in case the login doesn't exist
+          tea login delete m3ta >/dev/null 2>&1 || true
+
+          # Add tea login with the secret token
+          echo "Adding tea login..."
+          tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
 
           # Get commit messages
-          COMMITS=$(git log origin/master..origin/"${BRANCH}" --pretty=format:"%h %s" | sed 's/^/- /')
+          COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /')
 
           # Create PR
           tea pr create \