diff --git a/.drone.yml b/.drone.yml
index cb3ba12..aa7d3c6 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -204,3 +204,61 @@ trigger:
   - promote
   target:
   - production
+
+---
+
+kind: pipeline
+type: docker
+name: Production deploy (Debian 12)
+
+steps:
+- name: build
+  image: golang:1.20-bookworm # this one is used in production
+  commands:
+  - go mod tidy
+  - make build
+
+- name: deploy
+  image: debian:bookworm
+  environment:
+    PROXY: saturn.rosti.cz
+    NODES: node-22.rosti.cz node-23.rosti.cz node-24.rosti.cz
+    SSH_KEY:
+      from_secret: SSH_KEY
+    HOST_KEYS: |
+      saturn.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkkSH4ZExipcArbSR0TdtdW5JhHf+oeuPRJ3VkFKUIN
+      saturn.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9aRaEQTSKkKnJayODbwIg4BynK0WTvHWzp9UZzvmPxDjh1NpE/3G4Yi6tdZhJ7WjFotxxav7LBotIHu0s6jlVTDtnJ1lN4XBWFzympiZr1SJ12AdUuiC+f5drFTmywWL2YskFyVRYrfguXyGsavu63EokrezoTrCPASaOVmnhvrND9MJNcAgUm/kH+713XIQXWuK27zlrU6VTFSrr1nvDGn10ZaJULQ2XVhNfoysJSDU3nDyxM02qwDQp2cZ0J5fkgvvlvACHDnGgX1e+lHPhyZFhOmTiz7e4fXTuzkzUgjdih4NNDJdm1Em/25L9flnunzHtjvKNqtIL0nFxtJzN0TFRuO1BrykIMYBYBlofJYwc4ssgm8+eSxzjF8W/0rhsoq8JmFWVAvUYrMLCAejHvhG76/BNFEbGPfjt7SdwRVcr1BcgWlDDlNogPESIM1/9SzGi/IYEPKwIemrLRNw2X8QLJ5y2cr7PHTYSVp2NRlyrwvBD64rHIfKiRp/YPNc=
+      saturn.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLEY5PSiOR3pklXRm0sAKc2NP2I0LZggdiRTTqrNXwUarhd7n6tdXQNf/ALh+NJ0KhcgI87Igl/jLo8YoWfeqWM=
+      node-22.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6zxrqgmr6kjCShUYBMRSjjKPSZE3useQVMF1WrvMBhW/XIme1S4TXn7EtFmfg90g85AV17OSZfHH4CFjFvtxnp9rsBXUBp3Tzr8i57ZmvEf8CcwdFTtw0Qn49PVL05whUCLQGNq+EvdP4OnkZ4B3UfZ6D7N/Ho7zrsdzjjosoFwui16IeWVEYwF2Ci2RHMDyb8tLytHWJkortaAB1hFzKTDQcInTIFjQsltAsR3EH8R0Y8y8hOTUIm2HK+DGmAbGxNU2u+HPwLrsBx959P94WY5vGIWGzhTNq/W++OfkfoWavPikNxo3vhJ82XYvs1zgY4pBLOSAxPHV0QSoFRRIWr2Pt4gZY7O49scjAIWa+7ATHPrMLSKRhlFB3lwBajmvFwfPjxF6RNLeU0PC5Mg8i8Gmgl4bpopoAgTMIdlMmpzhdS+WTKtqMrmRo/oBX2OIcyp9aY8g9mFe6gROy/yrq+H3hxeZPSlbC64IV4rlPkKwnVc3m6f4J36cgegw0PYs=
+      node-22.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKAxx5CrdBNX3N07f4tvAbEXr2CZedOtERzo5DngdIj1PejgJco0jKjzf6kvhoHKK5TRDGazXuySr0jUFvedB6g=
+      node-22.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOjnVrKhgmdbKf3m49xPGPEC46DsdHITIrSKcReLxwDL
+      node-23.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZXbjDFPvp1BiPHk09/DQW4eF+RzakpM/94JuGq+cT1O876dRnkZ4ZjZRbuu5u3r1da2yRM6Sz/hSCPvjU9c6xg82QFjXSG6WFnp59/wSOK8iGQPk5rXiZWl17GAiPaCvtYixQ6RbDozljDTcg+c6SaDwgvnDxdy3s3KyEGcpvSTtJoNlIDV6LYb261sGIMAY2Gzcwn4gZSX6xEdvwsInsoLWO3JD8lDrSd1bS2HptwXDVkEe1uMS3SNZfi4OCme7MRTw+EV11wBFodq2TE+jg8RMPDRM165AQn7WDdI0q0OKIEZ0wydmnhVjL8lUdIBGD8rOCkUQr2lqW+TBxCh9m5WzV81PLfilHJy1MHZNffiSrkKktuFvIDr848goxnPdkBkt1J4SATSEAygqcX8a4f59R3YM5iO1OqEOoP4jbw6eO675h8ON2/wXAR14a1Pp5kVKXMALqi93HuWfnkk/5/p+Zew1Xlndarq3g8PudLzzmEOINPYKPsIhMTwKQSec=
+      node-23.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEP/VYaCRHFHNDDS870AUBTeI9rigLUB8wqoVCYtx6++bSztWqx8aHNjokVSXBwhBrWKK+UXiBMCxd/1hMnGgRw=
+      node-23.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRFZyIvMy1hJs7IL13VwNHoxKk35I7Y0enJ2TBAj/r2
+      node-24.rosti.cz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClN27YKYii8+Tp2Q4VO8mruA/ixeCZBZulxIZH+tT+G2MuvQrupS8gK/ieZWKUzqt70Fjwof787S7IIkokNHGdZi8ix/lhJYVS1k/bZ1kYrImUsphY7kSXEyI8M8OOANo0HnZ/yK047scEuH5yR/fPjrZffq/HzckCl6BUy8ggumb74dNMUaZw3QC3hc7YQbFdZP2dYtaDrSQrN70mfxl1pufTHHuhipxd4yO5qXh8eowwy7BpzGGFDox7u/EAXX0Owow5fo/EPcmhZnnPiY/juR5uyq6jHuxAkD9FLA7Ot55OyrtWHsH4ee8Ks+Jiu9wVZqpMDROcB/PJ1jOD/ust/Nd1A33FM4uOlePc1WUDpUvrwm+JC9OlD30YwxMbRmIfp57wSuU4bk+AFfrQZ/cwkEZmI/jYgiJwdcflNe7oFSOEn45fX/QNRK784+GHgdg+rY+Ce2YYKUCNpi9BITUnQGG61hhSrLJ8VVCEtJSaHb9r2VC/YNAxAsnd6fuW5Vk=
+      node-24.rosti.cz ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGZRGv88qAG0AGRf0d77ChSU2DbDN84LZMCOWPss3RUlRvO72DJSp2706pEpbznDFSoawZ00dY0nH0p09U5ddZY=
+      node-24.rosti.cz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFw8qvLWdwOan2PHVNl8a+az2mbrzRhtFReUu84Uy3o
+  commands:
+  - apt update && apt install -y ssh rsync
+  - |
+      for NODE in $NODES; do
+        echo "\033[0;32mDeploying $NODE\033[0m"
+        mkdir -p ~/.ssh && echo "$SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
+        echo "\033[1;33m.. setting up SSH host keys\033[0m"
+        echo "$HOST_KEYS" > ~/.ssh/known_hosts
+        echo "\033[1;33m.. copying the binary\033[0m"
+        rsync -ave "ssh -J root@$PROXY" node-api root@$NODE:/usr/local/bin/node-api_
+        echo "\033[1;33m.. replacing the binary\033[0m"
+        ssh -J root@$PROXY root@$NODE mv /usr/local/bin/node-api_ /usr/local/bin/node-api
+        echo "\033[1;33m.. restarting service\033[0m"
+        ssh -J root@$PROXY root@$NODE systemctl restart node-api
+      done
+
+depends_on:
+  - testing
+
+trigger:
+  event:
+  - promote
+  target:
+  - production