diff --git a/.forgejo/workflows/push.yaml b/.forgejo/workflows/push.yaml
index 5552415..5785a83 100644
--- a/.forgejo/workflows/push.yaml
+++ b/.forgejo/workflows/push.yaml
@@ -1,10 +1,23 @@
 on: [push]
 jobs:
-  test:
+  check:
     runs-on: nix
     steps:
       - uses: https://code.forgejo.org/actions/checkout@v3
-      # - uses: DeterminateSystems/nix-installer-action@main
-      # - uses: DeterminateSystems/magic-nix-cache-action@main
       - run: nix flake check .
-      # - run: echo hi
+      - run: nix develop
+
+  deploy:
+    runs-on: nix
+    needs: check
+    if: contains(github.event.head_commit.message, 'deploy:')
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSHKEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+        env:
+          SSHKEY: ${{ secrets.SSHKEY }}
+      - run: deploy
diff --git a/modules/flake/devshell.nix b/modules/flake/devshell.nix
index 96412b6..4684ac8 100644
--- a/modules/flake/devshell.nix
+++ b/modules/flake/devshell.nix
@@ -6,6 +6,8 @@
         name = "nixos-unified-template-shell";
         meta.description = "Shell environment for modifying this Nix configuration";
         packages = with pkgs; [
+          openssh
+          deploy-rs
           ssh-to-age
           sops
           just