diff --git a/seedbox/.gitea/workflows/deploy.yml b/seedbox/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..b74bd6b
--- /dev/null
+++ b/seedbox/.gitea/workflows/deploy.yml
@@ -0,0 +1,91 @@
+name: Deploy Seedbox
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'seedbox/**'
+  pull_request:
+    branches: [main]
+    paths:
+      - 'seedbox/**'
+
+jobs:
+  deploy:
+    name: Deploy Seedbox Stacks
+    runs-on: self-hosted
+    container:
+      image: alpine:latest
+
+    steps:
+      - name: Install dependencies
+        run: apk add --no-cache openssh-client git
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SEEDBOX_SSH_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          # Trust the seedbox host
+          ssh-keyscan -H seedbox.taila5ad8.ts.net >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Validate compose files (PR only)
+        if: github.event_name == 'pull_request'
+        run: |
+          echo "Validating docker-compose files..."
+          for stack in seedbox/stacks/*/; do
+            if [ -f "${stack}docker-compose.yml" ]; then
+              echo "✓ ${stack}docker-compose.yml exists"
+            fi
+          done
+          echo "Validation complete."
+
+      - name: Deploy to seedbox
+        if: github.event_name == 'push'
+        run: |
+          ssh -o StrictHostKeyChecking=accept-new debian@seedbox.taila5ad8.ts.net << 'ENDSSH'
+            set -e
+            cd /srv/seedbox
+            
+            echo "=== Pulling latest changes ==="
+            git fetch origin main
+            git reset --hard origin/main
+            
+            echo "=== Creating .env file ==="
+            cat > .env << 'ENVEOF'
+          TS_AUTHKEY=${{ secrets.TS_AUTHKEY }}
+          TRANSMISSION_USER=${{ secrets.TRANSMISSION_USER }}
+          TRANSMISSION_PASS=${{ secrets.TRANSMISSION_PASS }}
+          ENVEOF
+            chmod 600 .env
+            
+            echo "=== Deploying stacks ==="
+            for stack in stacks/*/; do
+              if [ -f "${stack}docker-compose.yml" ]; then
+                stack_name=$(basename "$stack")
+                echo "Deploying ${stack_name}..."
+                docker compose -f "${stack}docker-compose.yml" --env-file .env pull
+                docker compose -f "${stack}docker-compose.yml" --env-file .env up -d --remove-orphans
+              fi
+            done
+            
+            echo "=== Cleanup unused images ==="
+            docker image prune -f
+            
+            echo "=== Current status ==="
+            docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'
+          ENDSSH
+
+      - name: Deployment summary
+        if: github.event_name == 'push'
+        run: |
+          echo "✅ Deployment complete!"
+          echo ""
+          echo "Services should be available at:"
+          echo "  • transmission.taila5ad8.ts.net"
+          echo "  • portainer.taila5ad8.ts.net"
+          echo "  • prowlarr.taila5ad8.ts.net"
+          echo "  • sonarr.taila5ad8.ts.net"