diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..44e7c28
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,22 @@
+name: Deploy
+
+on:
+  push:
+    branches: master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v22
+      - uses: DeterminateSystems/magic-nix-cache-action@v2
+      - name: crane auth login
+        shell: bash
+        run: >
+          nix shell .#crane --command
+          crane auth login registry.digitalocean.com
+          --username ch.martin@gmail.com
+          --password "${{ secrets.DIGITAL_OCEAN }}"
+      - run: nix build .#container --no-link
+      - run: nix develop .#deploy --command deploy-chris-martin
diff --git a/Makefile b/Makefile
index 49e340a..f2356d6 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,4 @@
 build:
 	cabal run site
 
-deploy:
-	rsync -avz -e 'ssh' out/ chris-martin.org:/var/www/chris-martin.org/
-
-.PHONY: build deploy
+.PHONY: build
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..86ea7ca
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,78 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixos-23.11": {
+      "locked": {
+        "lastModified": 1703900474,
+        "narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9dd7699928e26c3c00d5d46811f1358524081062",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-unstable": {
+      "locked": {
+        "lastModified": 1703637592,
+        "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixos-23.11": "nixos-23.11",
+        "nixos-unstable": "nixos-unstable"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..6464278
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,59 @@
+{
+  inputs = {
+    "nixos-23.11".url = "github:NixOS/nixpkgs/nixos-23.11";
+    "nixos-unstable".url = "github:NixOS/nixpkgs/nixos-unstable";
+    "flake-utils".url = "github:numtide/flake-utils";
+  };
+  outputs = inputs@{ self, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        nixpkgs = {
+          "nixos-23.11" = import inputs."nixos-23.11" { inherit system; };
+          "nixos-unstable" = import inputs."nixos-unstable" { inherit system; };
+        };
+        pkgs = nixpkgs."nixos-23.11";
+        inherit (pkgs) runCommand crane;
+        inherit (pkgs.lib) fold composeExtensions concatMap attrValues;
+        inherit (pkgs.haskell.lib) justStaticExecutables;
+
+        combineOverrides = old:
+          fold composeExtensions (old.overrides or (_: _: { }));
+
+        haskellPackages = pkgs.haskellPackages.override {
+          overrides = new: old: {
+            chris-martin-org = new.callPackage ./chris-martin-org.nix {};
+          };
+        };
+
+        htmlPages = ./out;
+
+        container = pkgs.dockerTools.buildLayeredImage {
+          name = "chris-martin-org";
+          contents = [ pkgs.busybox htmlPages ];
+          config = {
+            Cmd = [ "${pkgs.busybox}/bin/busybox" "httpd" "-f" "-h" "${htmlPages}" ];
+            ExposedPorts."80/tcp" = { };
+          };
+        };
+
+        deploy = pkgs.writeShellApplication {
+          name = "deploy-chris-martin";
+          runtimeInputs = [ crane ];
+          text = ''
+            cleanup() {
+              rm -rf "$tmp"
+            }
+            trap cleanup EXIT
+            tmp="$(mktemp -d)"
+            nix build .#container --out-link "$tmp/container.tar.gz"
+            gunzip --force "$tmp/container.tar.gz" > "$tmp/container.tar"
+            crane push "$tmp/container.tar" registry.digitalocean.com/iowa/chris-martin:latest
+          '';
+        };
+
+      in {
+        packages = { inherit container htmlPages crane; };
+        devShells.deploy = pkgs.mkShell { packages = [ deploy ]; };
+      }
+    );
+}
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 0655a31..0000000
--- a/shell.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-let
-sources = import ./nix/sources.nix;
-pkgs = import sources."nixpkgs" { overlays = []; config = {}; };
-inherit ((pkgs.callPackage ./. {}).haskellPackages) chris-martin-org;
-
-in pkgs.mkShell {
-    name = "chris-martin-org-shell";
-    inputsFrom = [ chris-martin-org.env ];
-    packages = [ pkgs.sassc pkgs.cabal-install pkgs.zlib pkgs.rsync pkgs.openssh ];
-    LC_ALL = "en_US.UTF-8";
-    LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
-}