diff --git a/README.md b/README.md
index bda7ca1..d5f2ed4 100644
--- a/README.md
+++ b/README.md
@@ -35,3 +35,22 @@ Whenever a new service is added, append an appropriate
 `flake.nix` to bind the service to a host port.
 
 There is no way to test this without binding to the host port, sadly.
+
+## Deploying
+
+Currently the deployment process is fully manual because there is no
+CI system.
+
+Nix makes this fairly painless, though, it's simply:
+
+```bash
+nixos-rebuild switch --use-remote-sudo --target-host tlater.net --build-host localhost --flake .#tlaternet
+```
+
+This has the added benefit of running the build on the dev machine,
+which is 99% of the time much faster at building than the target
+(though artifact upload may take some time on slow connections).
+
+Note that this also requires the current local user to also be present
+on the target host, as well as for this user to be in the target
+host's wheel group. See `nix.trustedUsers`.