diff --git a/flake.nix b/flake.nix
index 4cf79ac..ad09476 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,7 +61,7 @@
       };
 
       xlab-gateway = {
-        hostname = "10.253.254.1";
+        hostname = "166.111.98.29";
         sshUser = "ldx";
         profiles.system = {
           user = "root";
diff --git a/modules/users.nix b/modules/users.nix
index 8113d40..4bde34f 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -10,4 +10,16 @@
   };
 
   security.sudo.wheelNeedsPassword = true;
+
+  # deploy-rs needs passwordless sudo for system activation
+  security.sudo.extraRules = [
+    {
+      users = [ "ldx" ];
+      commands = [
+        { command = "/nix/store/*/activate"; options = [ "NOPASSWD" ]; }
+        { command = "/run/current-system/sw/bin/nix-env"; options = [ "NOPASSWD" ]; }
+        { command = "/nix/store/*/bin/nix-env"; options = [ "NOPASSWD" ]; }
+      ];
+    }
+  ];
 }