diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index 8e7dae7..e092b47 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -163,6 +163,25 @@ services:
     depends_on:
       - redis
 
+  deployer:
+    image: almir/webhook
+    container_name: nexxo_deployer
+    restart: unless-stopped
+    ports:
+      - "9001:9001"
+    environment:
+      DEPLOY_WEBHOOK_SECRET: ${DEPLOY_WEBHOOK_SECRET}
+    volumes:
+      - ./docker/webhook/hooks.json:/etc/webhook/hooks.json:ro
+      - ./docker/webhook/entrypoint.sh:/entrypoint.sh:ro
+      - ./docker/webhook/deploy.sh:/scripts/deploy.sh
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /usr/bin/docker:/usr/bin/docker:ro
+      - ./:/aziros
+    entrypoint: ["/bin/sh", "/entrypoint.sh"]
+    networks:
+      - nexxo
+
 networks:
   nexxo:
     driver: bridge
diff --git a/docker/webhook/deploy.sh b/docker/webhook/deploy.sh
new file mode 100755
index 0000000..f4ce436
--- /dev/null
+++ b/docker/webhook/deploy.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+COMPOSE_FILE="/aziros/docker-compose.staging.yml"
+
+echo "[deploy] $(date) – Deploy gestartet"
+cd /aziros
+
+git pull origin main
+
+docker compose -f "$COMPOSE_FILE" exec -T app npm ci --silent
+docker compose -f "$COMPOSE_FILE" exec -T app npm run build:staging
+
+docker compose -f "$COMPOSE_FILE" exec -T app composer install --no-dev --optimize-autoloader --quiet
+
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan migrate --force
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan db:seed --class=TranslationSeeder --force
+
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan config:clear
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan cache:clear
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan view:clear
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan route:clear
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan config:cache
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan route:cache
+docker compose -f "$COMPOSE_FILE" exec -T app php artisan view:cache
+
+docker compose -f "$COMPOSE_FILE" restart worker scheduler mail-worker reverb
+
+echo "[deploy] ✅ Deploy fertig"
diff --git a/docker/webhook/entrypoint.sh b/docker/webhook/entrypoint.sh
new file mode 100755
index 0000000..44b666e
--- /dev/null
+++ b/docker/webhook/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+# Substituiert ${DEPLOY_WEBHOOK_SECRET} im hooks.json-Template
+envsubst < /etc/webhook/hooks.json > /tmp/hooks.json
+exec webhook -hooks /tmp/hooks.json -verbose -port 9001
diff --git a/docker/webhook/hooks.json b/docker/webhook/hooks.json
new file mode 100644
index 0000000..c14b7f0
--- /dev/null
+++ b/docker/webhook/hooks.json
@@ -0,0 +1,18 @@
+[
+  {
+    "id": "deploy",
+    "execute-command": "/scripts/deploy.sh",
+    "command-working-directory": "/aziros",
+    "response-message": "Deploy gestartet",
+    "trigger-rule": {
+      "match": {
+        "type": "value",
+        "value": "${DEPLOY_WEBHOOK_SECRET}",
+        "parameter": {
+          "source": "header",
+          "name": "X-Webhook-Secret"
+        }
+      }
+    }
+  }
+]