diff --git a/deploy/system-physical/default.nix b/deploy/system-physical/default.nix
new file mode 100644
index 0000000..0b344a7
--- /dev/null
+++ b/deploy/system-physical/default.nix
@@ -0,0 +1,27 @@
+{
+  deployPkgs,
+  pkgs,
+  self,
+  ...
+}:
+let
+  inherit (pkgs.lib) pipe filterAttrs mapAttrs;
+in
+{
+  nodes = pipe self.nixosConfigurations [
+    (filterAttrs (_n: v: v.config.services.qemuGuest.enable == false))
+    (mapAttrs (
+      host: config: {
+        hostname = "${host}.backplane.net.qo.is";
+        profiles.system-physical = {
+          sshUser = "root";
+          user = "root";
+          activationTimeout = 600;
+          confirmTimeout = 120;
+          remoteBuild = true;
+          path = deployPkgs.deploy-rs.lib.activate.nixos config;
+        };
+      }
+    ))
+  ];
+}
diff --git a/deploy/system-vm/default.nix b/deploy/system-vm/default.nix
new file mode 100644
index 0000000..019da31
--- /dev/null
+++ b/deploy/system-vm/default.nix
@@ -0,0 +1,27 @@
+{
+  deployPkgs,
+  pkgs,
+  self,
+  ...
+}:
+let
+  inherit (pkgs.lib) pipe filterAttrs mapAttrs;
+in
+{
+  nodes = pipe self.nixosConfigurations [
+    (filterAttrs (_n: v: v.config.services.qemuGuest.enable))
+    (mapAttrs (
+      host: config: {
+        hostname = "${host}.backplane.net.qo.is";
+        profiles.system-vm = {
+          sshUser = "root";
+          user = "root";
+          activationTimeout = 300;
+          confirmTimeout = 60;
+          remoteBuild = true;
+          path = deployPkgs.deploy-rs.lib.activate.nixos config;
+        };
+      }
+    ))
+  ];
+}
diff --git a/deploy/system/default.nix b/deploy/system/default.nix
deleted file mode 100644
index cdaf846..0000000
--- a/deploy/system/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  deployPkgs,
-  pkgs,
-  self,
-  system,
-  ...
-}:
-{
-  nodes = pkgs.lib.mapAttrs (host: config: {
-    hostname = "${host}.backplane.net.qo.is";
-    profiles.system = {
-      sshUser = "root";
-      user = "root";
-      activationTimeout = 420;
-      confirmTimeout = 120;
-
-      path = deployPkgs.deploy-rs.lib.activate.nixos config;
-    };
-  }) self.nixosConfigurations;
-}
diff --git a/dev-shells/default.nix b/dev-shells/default.nix
index 2023f3e..b5bb720 100644
--- a/dev-shells/default.nix
+++ b/dev-shells/default.nix
@@ -32,6 +32,7 @@ in
         deploy-qois
         sops
         sops-rekey
+        auto-deploy-vms
       ])
       ++ (with pkgs; [
         attic-client
diff --git a/packages/auto-deploy-vms/default.nix b/packages/auto-deploy-vms/default.nix
new file mode 100644
index 0000000..d09694b
--- /dev/null
+++ b/packages/auto-deploy-vms/default.nix
@@ -0,0 +1,46 @@
+{
+  deploy-rs,
+  gitMinimal,
+  writeShellApplication,
+  ...
+}:
+writeShellApplication {
+  name = "qois-auto-deploy-vms";
+  meta.description = "Deploy VMs automatically as part of CI process.";
+  runtimeInputs = [
+    deploy-rs
+    gitMinimal
+  ];
+  text = ''
+    set -x
+    FLAKE_ROOT="$(git rev-parse --show-toplevel)"
+    export PROFILE="system-vm"
+    # shellcheck disable=SC2016
+    HOSTS=$(nix eval --raw .#deploy.nodes --apply 'nodes: let
+        names = builtins.attrNames nodes;
+        profile = "$PROFILE";
+        filteredNames = builtins.filter (name: nodes.''${name}.profiles ? ''${profile}) names;
+      in
+      builtins.concatStringsSep "\n" filteredNames')
+
+      retry() {
+          local -r -i max_attempts="$1"; shift
+          local -i attempt_num=1
+          until "$@"
+          do
+              if ((attempt_num==max_attempts))
+              then
+                  echo "Attempt $attempt_num failed and there are no more attempts left!"
+                  return 1
+              else
+                  echo "Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
+                  sleep $((attempt_num++))
+              fi
+          done
+      }
+
+    for HOST in $HOSTS; do
+      retry 3 deploy --skip-checks --targets "$FLAKE_ROOT#''${HOST}.system-vm"
+    done
+  '';
+}