diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 05dbc31..2089fa4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,3 +16,17 @@ build:
   artifacts:
     paths:
       - /build/caddy
+
+deploy:
+  stage: deploy
+  image: alpine/ansible:latest
+  before_script:
+    - "command -v ssh-agent >/dev/null || ( apk update && apk add --no-cache openssh-client )"
+    - eval $(ssh-agent -s)
+    - chmod 400 "$SSH_PRIVATE_KEY"
+    - ssh-add "$SSH_PRIVATE_KEY"
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan -H valhalla.vxm.cz >> ~/.ssh/known_hosts
+  script:
+    - ansible-playbook -i inventory.ini playbook.yml
diff --git a/inventory.ini b/inventory.ini
new file mode 100644
index 0000000..f381c88
--- /dev/null
+++ b/inventory.ini
@@ -0,0 +1 @@
+valhalla.vxm.cz
diff --git a/playbook.yml b/playbook.yml
new file mode 100644
index 0000000..55906a8
--- /dev/null
+++ b/playbook.yml
@@ -0,0 +1,46 @@
+---
+- name: Deploy Caddy
+  hosts: all
+  become: yes
+  tasks:
+    - name: Create caddy user
+      user:
+        name: caddy
+        system: yes
+        shell: /usr/sbin/nologin
+
+    - name: Copy Caddy binary
+      copy:
+        src: /build/caddy
+        dest: /usr/local/bin/caddy
+        mode: "0755"
+
+    - name: Create systemd unit file for Caddy
+      copy:
+        dest: /etc/systemd/system/caddy.service
+        content: |
+          [Unit]
+          Description=Caddy web server
+          After=network.target
+
+          [Service]
+          ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile
+          Restart=always
+          User=caddy
+          Group=caddy
+          EnvironmentFile=/etc/caddy/.env
+
+          [Install]
+          WantedBy=multi-user.target
+      when: not ansible_facts['systemd']['units']['caddy.service']
+
+    - name: Enable and start Caddy service
+      systemd:
+        name: caddy
+        enabled: yes
+        state: started
+
+    - name: Restart Caddy service
+      systemd:
+        name: caddy
+        state: restarted