diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..43a2987
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,75 @@
+name: Deploy
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install SSH client
+        run: |
+          set -e
+          if command -v apk >/dev/null 2>&1; then
+            apk add --no-cache openssh-client git bash
+          elif command -v apt-get >/dev/null 2>&1; then
+            apt-get update
+            apt-get install -y openssh-client git bash
+          elif command -v dnf >/dev/null 2>&1; then
+            dnf install -y openssh-clients git bash
+          elif command -v yum >/dev/null 2>&1; then
+            yum install -y openssh-clients git bash
+          else
+            echo "No supported package manager found"
+            exit 1
+          fi
+      - name: Run deploy
+        env:
+          SSH_KEY: ${{ secrets.SSH_KEY }}
+          SSH_USER: ${{ vars.SSH_USER }}
+          SSH_IP: ${{ vars.SSH_IP }}
+          GIT_USER: ${{ vars.GIT_USER }}
+          GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
+          APP_DIR: /home/deploy/my-app
+          GIT_REPO: Jakach/my-app.git
+          GIT_BRANCH: main
+        run: |
+          cat > deploy.sh <<'EOF'
+          #!/usr/bin/env bash
+          set -Eeuo pipefail
+          : "${SSH_KEY:?SSH_KEY is required}"
+          : "${SSH_USER:?SSH_USER is required}"
+          : "${SSH_IP:?SSH_IP is required}"
+          : "${GIT_USER:?GIT_USER is required}"
+          : "${GIT_TOKEN:?GIT_TOKEN is required}"
+
+          APP_DIR="/srv/systems/jakach-logging"
+          GIT_HOST="${GIT_HOST:-git.jakach.ch}"
+          GIT_REPO="jakach/jakach-logging.git"
+          GIT_BRANCH="${GIT_BRANCH:-main}"
+
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+          printf '%s\n' "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts 2>/dev/null || true
+
+          ssh -i ~/.ssh/deploy_key \
+            -o StrictHostKeyChecking=yes \
+            -o IdentitiesOnly=yes \
+            "$SSH_USER@$SSH_IP" \
+            "export APP_DIR='$APP_DIR' GIT_HOST='$GIT_HOST' GIT_REPO='$GIT_REPO' GIT_BRANCH='$GIT_BRANCH' GIT_USER='$GIT_USER' GIT_TOKEN='$GIT_TOKEN'; bash -s" <<'REMOTE'
+          set -Eeuo pipefail
+          cd "$APP_DIR"
+          git remote set-url origin "https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}"
+          git fetch origin "$GIT_BRANCH"
+          git checkout "$GIT_BRANCH"
+          git pull origin "$GIT_BRANCH"
+          docker compose down
+          docker compose up -d --build
+          REMOTE
+          EOF
+
+          chmod +x deploy.sh
+          ./deploy.sh
\ No newline at end of file