diff --git a/deployment/proxmox/README.org b/deployment/README.org
similarity index 82%
rename from deployment/proxmox/README.org
rename to deployment/README.org
index 4163a72..1b9252b 100644
--- a/deployment/proxmox/README.org
+++ b/deployment/README.org
@@ -4,8 +4,25 @@
 - Proxmox API doc :: https://pve.proxmox.com/pve-docs/api-viewer
 - Fediversity Proxmox ::
   - http://192.168.51.81:8006/.
-  - It is only accessible via Procolix's VPN; see with Kevin.
-  - You will need identifiers. Also see with Kevin. Select “Promox VE authentication server”.
+  - It is only accessible via Procolix's VPN:
+      - Get credentials for the VPN portal and Proxmox from [Kevin](https://git.fediversity.eu/kevin).
+      - Log in to the [VPN portal](https://vpn.fediversity.eu/vpn-user-portal/home)
+      - Create a **New Configuration**:
+        - Select **WireGuard (UDP)**
+        - Enter some name, e.g. `fediversity`
+        - Click Download
+      - Write the WireGuard configuration to a file `fediversity-vpn.config` next to your NixOS configuration
+        - Add that file's path to `.git/info/exclude` and make sure it doesn't otherwise leak (for example, use [`agenix`](https://github.com/ryantm/agenix) to manage secrets)
+      - To your NixOS configuration, add
+        ```nix
+        { ... }:
+        {
+          networking.wg-quick.interfaces = {
+            fediversity.configFile = toString ./fediversity-vpn.config;
+          };
+        }
+        ```
+  - Select “Promox VE authentication server”.
   - Ignore “You do not have a valid subscription” message.
 * Basic terminology
 - Node :: physical host