diff --git a/.gitea/workflows/cd.yml b/.gitea/workflows/cd.yml
new file mode 100644
index 0000000..0adf334
--- /dev/null
+++ b/.gitea/workflows/cd.yml
@@ -0,0 +1,22 @@
+name: Deploy
+
+on:
+  push:
+    branches: master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install Ansible
+        run: |
+          pip install -r infra/ansible/requirements.txt
+          ansible-galaxy install -r infra/ansible/requirements.yml
+
+      - name: Run playbook
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
+          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml --vault-password-file .vault_pass
+          rm .vault_pass
diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
new file mode 100644
index 0000000..f8d589e
--- /dev/null
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,27 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - dev
+  pull_request:
+    branches:
+      - master
+
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Node setup
+        uses: actions/setup-node@v6
+        with:
+          node-version: "24.12"
+
+      - name: Install deps
+        run: npm install
+      - name: Lint
+        run: npm run build
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..b0d08d3
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,36 @@
+name: Deploy
+
+on:
+  push:
+    branches: [dev]
+
+env:
+  REGISTRY: gitea.d3m0k1d.ru
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Ansible
+        run: apt update && apt install -y ansible
+
+      - name: Login to registry
+        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login $REGISTRY -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
+      - name: Build and push image
+        run: |
+          IMAGE=$REGISTRY/hellreign/frontend
+          docker build -f dockerfile -t $IMAGE:dev -t $IMAGE:${{ gitea.sha }} .
+          docker push $IMAGE:dev
+          docker push $IMAGE:${{ gitea.sha }}
+
+      - name: Deploy via Ansible
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
+          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml \
+            --vault-password-file .vault_pass \
+            -e registry=$REGISTRY \
+            -e tag=${{ gitea.sha }}
+          rm .vault_pass
diff --git a/infra/ansible/ansible.cfg b/infra/ansible/ansible.cfg
new file mode 100644
index 0000000..20f1d45
--- /dev/null
+++ b/infra/ansible/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+inventory = inventory/hosts.yml
+host_key_checking = False
+remote_user = root
+private_key_file = ~/.ssh/id_rsa
+interpreter_python = /usr/bin/python3
+stdout_callback = yaml
diff --git a/infra/ansible/inventory/hosts.yml b/infra/ansible/inventory/hosts.yml
new file mode 100644
index 0000000..9b91618
--- /dev/null
+++ b/infra/ansible/inventory/hosts.yml
@@ -0,0 +1,10 @@
+all:
+  hosts:
+    prod:
+      ansible_host: <SERVER_IP>
+      ansible_user: root
+      ansible_port: 22
+  vars:
+    registry: gitea.d3m0k1d.ru
+    registry_user: <REGISTRY_USER>
+    registry_password: <REGISTRY_PASSWORD>
diff --git a/infra/ansible/playbook.yml b/infra/ansible/playbook.yml
new file mode 100644
index 0000000..283f132
--- /dev/null
+++ b/infra/ansible/playbook.yml
@@ -0,0 +1,36 @@
+---
+- name: Deploy Frontend
+  hosts: prod
+  vars:
+    deploy_path: /opt/app
+
+  tasks:
+    - name: Ensure deployment directory
+      ansible.builtin.file:
+        path: "{{ deploy_path }}"
+        state: directory
+
+    - name: Copy docker-compose
+      ansible.builtin.copy:
+        src: "{{ playbook_dir }}/../docker-compose.yml"
+        dest: "{{ deploy_path }}/docker-compose.yml"
+
+    - name: Login to registry
+      ansible.builtin.shell:
+        cmd: echo "{{ registry_password }}" | docker login "{{ registry }}" -u "{{ registry_user }}" --password-stdin
+
+    - name: Pull images
+      ansible.builtin.shell:
+        cmd: docker compose pull
+        chdir: "{{ deploy_path }}"
+      environment:
+        REGISTRY: "{{ registry }}"
+        TAG: "{{ tag }}"
+
+    - name: Restart services
+      ansible.builtin.shell:
+        cmd: docker compose up -d --remove-orphans
+        chdir: "{{ deploy_path }}"
+      environment:
+        REGISTRY: "{{ registry }}"
+        TAG: "{{ tag }}"
diff --git a/infra/ansible/playbooks/deploy.yml b/infra/ansible/playbooks/deploy.yml
new file mode 100644
index 0000000..e69de29
diff --git a/infra/ansible/requirements.yml b/infra/ansible/requirements.yml
new file mode 100644
index 0000000..9bb092f
--- /dev/null
+++ b/infra/ansible/requirements.yml
@@ -0,0 +1,4 @@
+---
+roles: []
+
+collections: []
diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml
index 331a32d..5530f18 100644
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@@ -1,7 +1,5 @@
 services:
   app:
-    build:
-      context: ..
-      dockerfile: dockerfile
+    image: ${REGISTRY}/hellreign/frontend:${TAG}
     ports:
       - "80:80"