feat: add NixOS deployment infrastructure

- Nix installation guide for container (docs/nix-container-install.md)
- Deployment helper script (scripts/deploy.sh)
- SSH configuration template (scripts/deploy-ssh-config)
- Deployment skill for Hermes (skills/nixos-deploy/)

Enables remote NixOS deployment from Hermes container to target hosts
via SSH with nixos-rebuild --target-host.

Usage:
  ./scripts/deploy.sh <hostname> [branch] [action]

Supported hosts:
  - lazyworkhorse (x86_64)
  - cyt-pi (aarch64)
  - uConsole (aarch64) - config pending

scripts/deploy-ssh-config

@@ -0,0 +1,30 @@
+# Hermes Container SSH Configuration
+# For NixOS deployment to remote hosts
+
+Host lazyworkhorse
+    HostName localhost
+    User gortium
+    IdentityFile /opt/data/home/.ssh/id_hermes_gitea
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+
+Host cyt-pi
+    HostName cyt-pi.local
+    User thierry
+    IdentityFile /opt/data/home/.ssh/id_hermes_gitea
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+
+Host uconsole
+    HostName uconsole.local
+    User thierry
+    IdentityFile /opt/data/home/.ssh/id_hermes_gitea
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+
+# Generic pattern for .local hosts
+Host *.local
+    User thierry
+    IdentityFile /opt/data/home/.ssh/id_hermes_gitea
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null

scripts/deploy.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# NixOS Deployment Helper Script
+# Usage: ./deploy.sh <hostname> [branch] [action]
+# Example: ./deploy.sh uConsole feat/test switch
+
+set -e
+
+HOSTNAME="${1:-}"
+BRANCH="${2:-main}"
+ACTION="${3:-switch}"
+
+if [ -z "$HOSTNAME" ]; then
+    echo "Usage: $0 <hostname> [branch] [action]"
+    echo "  hostname: lazyworkhorse, cyt-pi, uConsole"
+    echo "  branch:   git branch to deploy (default: main)"
+    echo "  action:   switch, test, boot (default: switch)"
+    exit 1
+fi
+
+# Environment setup
+export GIT_SSH_COMMAND="ssh -i /opt/data/home/.ssh/id_hermes_gitea -o StrictHostKeyChecking=no"
+export PATH="/nix/var/nix/profiles/default/bin:$PATH"
+
+cd /opt/data/infra
+
+echo "=== NixOS Deployment ==="
+echo "Host:   $HOSTNAME"
+echo "Branch: $BRANCH"
+echo "Action: $ACTION"
+echo ""
+
+# Checkout branch
+echo "[1/4] Checking out branch..."
+git fetch origin "$BRANCH" 2>/dev/null || true
+git checkout "$BRANCH" 2>/dev/null || git checkout -b "$BRANCH"
+
+# Update submodules
+echo "[2/4] Updating submodules..."
+git submodule update --init --recursive
+
+# Build configuration
+echo "[3/4] Building configuration..."
+if [ "$ACTION" = "switch" ]; then
+    nixos-rebuild switch --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
+elif [ "$ACTION" = "test" ]; then
+    nixos-rebuild test --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
+elif [ "$ACTION" = "boot" ]; then
+    nixos-rebuild boot --flake ".#$HOSTNAME" --target-host "thierry@$HOSTNAME" --use-remote-sudo
+else
+    echo "Unknown action: $ACTION"
+    exit 1
+fi
+
+echo ""
+echo "[4/4] Deployment complete!"
+echo "Host: $HOSTNAME"
+echo "Branch: $BRANCH"
+echo "Time: $(date -Iseconds)"