diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index f13f9ec..dbd1b2a 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -11,12 +11,13 @@ jobs:
       - run: ls -alh /var/run/secrets/kubernetes.io/serviceaccount
       - run: "curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default.svc/api/v1/namespaces/default/pods"
 
-      # - run: nix run nixpkgs#kubectl -- config set-cluster my-cluster --server=https://kubernetes.default.svc --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      # - run: nix run nixpkgs#kubectl -- config set-credentials my-service-account --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
-      # - run: nix run nixpkgs#kubectl -- config set-context my-context --cluster=my-cluster --user=my-service-account
-      # - run: nix run nixpkgs#kubectl -- config use-context my-context
+      - run: nix run nixpkgs#kubectl -- config set-cluster my-cluster --server=https://kubernetes.default.svc --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      - run: nix run nixpkgs#kubectl -- config set-credentials my-service-account --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+      - run: nix run nixpkgs#kubectl -- config set-context my-context --cluster=my-cluster --user=my-service-account
+      - run: nix run nixpkgs#kubectl -- config use-context my-context
       # - run: nix run nixpkgs#kubectl -- get pods
       - run: |
           mkdir -p ~/.config/sops/age
           echo -n "${{ secrets.AGE_SECRET_KEY }}" > ~/.config/sops/age/keys.txt
-      - run: nix run nixpkgs#sops -- --decrypt src/secrets/sops.yaml | grep "paperless-ngx:"
+      # - run: nix run nixpkgs#sops -- --decrypt src/secrets/sops.yaml | grep "paperless-ngx:"
+      - run: cd src && nix run .#kubenix.x86_64-linux