diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2493d51..50acc35 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,30 +13,53 @@ concurrency:
 jobs:
   build:
     runs-on: ubuntu-22.04
+    container: nixpkgs/nix-flakes:nixos-24.05
     steps:
-      - uses: actions/checkout@v3
-        with:
-          lfs: true
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
-      - name: Run `nix build`
+      - name: Setup NIX CI Environment
+        run: |
+          nix profile install nixpkgs#git-lfs nixpkgs#gnused
+          echo "substituters = https://nixpkgs-cache.qo.is?priority=39" >> /etc/nix/nix.conf
+          echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf
+          mkdir -p ~/.config/nix && cp /etc/nix/nix.conf ~/.config/nix/
+      - name: Checkout Repository
+        shell: "nix shell nixpkgs#git-lfs nixpkgs#gnused --command {0}"
+        run: |
+          git config --global credential.helper store
+          git config --global advice.detachedHead false
+          git lfs install
+          AUTH_URL=`echo -n "$GITHUB_SERVER_URL" | sed "s%https://%https://oauth2:$GITHUB_TOKEN@%"`
+          # Disable clone protection to pull LFS as well
+          GIT_CLONE_PROTECTION_ACTIVE=false git clone --branch $GITHUB_REF_NAME --recurse-submodules $AUTH_URL/$GITHUB_REPOSITORY .
+      - name: Run Nix Build
+        shell: "nix shell nixpkgs#git-lfs --command {0}"
         run: nix build .
-      - uses: actions/upload-pages-artifact@v3
-        with:
-          path: result/
+      - name: Run Nix Checks
+        shell: "nix shell nixpkgs#git-lfs --command {0}"
+        run: nix flake check
+      - name: Deploy page
+        if: success() && github.ref == 'refs/heads/main'
+        shell: "nix shell nixpkgs#git-lfs --command {0}"
+        run: |
+          mkdir ~/.ssh/
+          (umask 0077 && printf "%s" "${{ secrets.SSH_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 && echo >> ~/.ssh/id_ed25519)
+          echo -e "Host lindberg-webapps.backplane.net.qo.is\n    StrictHostKeyChecking no" >> ~/.ssh/config
+          nix run .#deploy
+#      - uses: actions/upload-pages-artifact@v3
+#        with:
+#          path: result/
 
-  deploy:
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
-    needs: build
-    permissions:
-      pages: write      # to deploy to Pages
-      id-token: write   # to verify the deployment originates from an appropriate source
-    steps:
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@v4
-        with:
-          preview: true
+#  deploy:
+#    environment:
+#      name: github-pages
+#      url: ${{ steps.deployment.outputs.page_url }}
+#    runs-on: ubuntu-latest
+#    needs: build
+#    permissions:
+#      pages: write      # to deploy to Pages
+#      id-token: write   # to verify the deployment originates from an appropriate source
+#    steps:
+#      - name: Deploy to GitHub Pages
+#        id: deployment
+#        uses: actions/deploy-pages@v4
+#        with:
+#          preview: true