diff --git a/config/common/default.nix b/config/common/default.nix
index d5ad162..0efd2f8 100644
--- a/config/common/default.nix
+++ b/config/common/default.nix
@@ -28,13 +28,7 @@ with lib; {
     fish.enable = true;
   };
 
-  kyouma.tags = [ "all" ];
-#  deployment = { 
-#    tags = [ "all" ];
-#    targetHost = mkDefault config.networking.fqdn;
-#    targetPort = mkDefault 22;
-#    targetUser = mkDefault null;
-#  };
+  kyouma.deployment.tags = [ "all" ];
 
   security.dhparams.defaultBitSize = 4096;
 
diff --git a/config/hosts/crime/nginx.nix b/config/hosts/crime/nginx.nix
index 51783e3..2a1a585 100644
--- a/config/hosts/crime/nginx.nix
+++ b/config/hosts/crime/nginx.nix
@@ -81,32 +81,32 @@ in {
         useACMEHost = "fentanyl.trade";
       };
     };
-    createHost = {
-      "watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
-      "redirect" = {
-        default = true;
-        reuseport = true;
-        useACMEHost = "fentanyl.trade";
-        extraConfig = ''
-          return 403;
-        '';
-      };
-      "crime.kyouma.net" = {
-        listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
-        locations = {
-          "/".root = landingPage;
-          "/sonarr/" = {
-            proxyPass = "http://127.0.0.1:8989";
-            recommendedProxySettings = true;
-          };
-          "/radarr/" = {
-            proxyPass = "http://127.0.0.1:7878";
-            recommendedProxySettings = true;
-          };
-          "/prowlarr/" = {
-            proxyPass = "http://127.0.0.1:9696";
-            recommendedProxySettings = true;
-          };
+  };
+  kyouma.nginx.virtualHosts = {
+    "watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
+    "redirect" = {
+      default = true;
+      reuseport = true;
+      useACMEHost = "fentanyl.trade";
+      extraConfig = ''
+        return 403;
+      '';
+    };
+    "crime.kyouma.net" = {
+      listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
+      locations = {
+        "/".root = landingPage;
+        "/sonarr/" = {
+          proxyPass = "http://127.0.0.1:8989";
+          recommendedProxySettings = true;
+        };
+        "/radarr/" = {
+          proxyPass = "http://127.0.0.1:7878";
+          recommendedProxySettings = true;
+        };
+        "/prowlarr/" = {
+          proxyPass = "http://127.0.0.1:9696";
+          recommendedProxySettings = true;
         };
       };
     };
diff --git a/config/hosts/girldick/configuration.nix b/config/hosts/girldick/configuration.nix
index 346003a..e718540 100644
--- a/config/hosts/girldick/configuration.nix
+++ b/config/hosts/girldick/configuration.nix
@@ -7,9 +7,6 @@
     ../../services/nginx.nix
     ../../services/nyastodon.nix
   ];
-  deployment = {
-    targetUser = lib.mkForce "emily";
-  };
   networking = {
     domain = lib.mkForce "girldick.gay";
     hostName = "staging";
diff --git a/config/hosts/lain/configuration.nix b/config/hosts/lain/configuration.nix
index 8ac3419..2c4bc0d 100644
--- a/config/hosts/lain/configuration.nix
+++ b/config/hosts/lain/configuration.nix
@@ -6,9 +6,7 @@
     ../../profiles/headless.nix
   ];
 
-  deployment = {
-    targetHost = "192.168.178.171";
-  };
+  kyouma.deployment.targetHost = "192.168.178.171";
 
   networking = {
     hostName = "lain";
diff --git a/config/hosts/ryuuko/configuration.nix b/config/hosts/ryuuko/configuration.nix
index cf3e802..7367520 100644
--- a/config/hosts/ryuuko/configuration.nix
+++ b/config/hosts/ryuuko/configuration.nix
@@ -27,11 +27,6 @@
     efi.canTouchEfiVariables = true;
   };
 
-  deployment = {
-    targetHost = null;
-    targetUser = "emily";
-  };
-
   hardware.bluetooth.enable = true;
   hardware.cpu.intel.updateMicrocode = true;
   hardware.gpgSmartcards.enable = true;
diff --git a/config/hosts/seras/configuration.nix b/config/hosts/seras/configuration.nix
index 74cf223..9da6d2c 100644
--- a/config/hosts/seras/configuration.nix
+++ b/config/hosts/seras/configuration.nix
@@ -7,8 +7,6 @@
   ];
   boot.binfmt.emulatedSystems = ["aarch64-linux"];
 
-  deployment.targetUser = lib.mkForce "emily";
-
   networking = {
     hostName = "seras";
     nftables.enable = lib.mkForce false;
diff --git a/config/hosts/web-dus/configuration.nix b/config/hosts/web-dus/configuration.nix
index 56fa8a9..dbdbedc 100644
--- a/config/hosts/web-dus/configuration.nix
+++ b/config/hosts/web-dus/configuration.nix
@@ -1,4 +1,4 @@
-{ config, inputs, pkgs, ... }: { 
+{ config, inputs, lib, pkgs, ... }: { 
   imports = [
     inputs.fernglas.nixosModules.default
     inputs.kyouma-www.nixosModules.default
@@ -10,7 +10,7 @@
   ];
   networking = {
     hostName = "web-dus";
-    nftables.enable = mkForce false;
+    nftables.enable = lib.mkForce false;
     firewall.allowedTCPPorts = [ 80 443 11019 ];
     firewall.allowedUDPPorts = [ 443 ];
   };
diff --git a/config/profiles/graphical/default.nix b/config/profiles/graphical/default.nix
index 0acb8b9..0ef51ec 100644
--- a/config/profiles/graphical/default.nix
+++ b/config/profiles/graphical/default.nix
@@ -7,7 +7,6 @@
   ];
 
   kyouma.machine-type.graphical = true;
-  deployment.allowLocalDeployment = true;
 
   hardware.opengl.enable = true;
   
diff --git a/config/profiles/lxc.nix b/config/profiles/lxc.nix
index bb9183f..3cbac97 100644
--- a/config/profiles/lxc.nix
+++ b/config/profiles/lxc.nix
@@ -9,7 +9,8 @@ with lib; {
     manageHostName = true;
   };
   kyouma.machine-type.virtual = true;
-  deployment.tags = [ "pve-lxc" ];
+  kyouma.deployment.tags = [ "pve-lxc" ];
+
   networking.useDHCP = false;
   networking.useHostResolvConf = false;
 }
diff --git a/config/services/nginx.nix b/config/services/nginx.nix
index f1679dd..1f3a3e4 100644
--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@@ -1,5 +1,5 @@
 { config, pkgs, lib, ... }: with lib; {
-  deployment.tags = [ "web" ];
+  kyouma.deployment.tags = [ "web" ];
   security.dhparams.enable = true;
   security.dhparams.params.nginx = {};
   security.acme = {