diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
new file mode 100644
index 0000000..a019fad
--- /dev/null
+++ b/.forgejo/workflows/deploy.yml
@@ -0,0 +1,12 @@
+name: 'Deploy website to nest'
+author: '9pfs@amcforum.wiki (h @ nest)'
+jobs:
+  deploy:
+    runs-on: docker
+    container:
+      image: code.forgejo.org/oci/alpine:3.19
+    steps:
+      - uses: actions/checkout@v3
+      - id: deploy
+        run: |
+          bash website-deploy-action.sh
diff --git a/deploy_authorized_keys_line.txt b/deploy_authorized_keys_line.txt
new file mode 100644
index 0000000..22cc838
--- /dev/null
+++ b/deploy_authorized_keys_line.txt
@@ -0,0 +1 @@
+command="/home/h/website-deploy.sh --useless-parameter-here-to-be-safe",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoPP7PHUk6Qc/SC+4nB4cdEc9OHN3gTwXLVQ38LJftf h-forgejo-actions-auto-deploy-h.hackclub.app@nest
diff --git a/website-deploy-action.sh b/website-deploy-action.sh
new file mode 100755
index 0000000..305b785
--- /dev/null
+++ b/website-deploy-action.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# Assuming that this is an Alpine container.
+apk update
+apk upgrade
+apk add openssh
+mkdir .ssh
+echo $DEPLOY_SSH_KEY > .ssh/id_ed25519
+chmod -R go-rwx .ssh
+exec ssh h@hackclub.app
diff --git a/website-deploy.sh b/website-deploy.sh
new file mode 100755
index 0000000..0928e1e
--- /dev/null
+++ b/website-deploy.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /home/h/pub
+git pull