diff --git a/.gitea/workflows/deploy-services.yaml b/.gitea/workflows/deploy-services.yaml
new file mode 100644
index 0000000..16fe65d
--- /dev/null
+++ b/.gitea/workflows/deploy-services.yaml
@@ -0,0 +1,46 @@
+name: Deploy services CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - fix/*
+      - main
+      - master
+  pull_request:
+  schedule:
+    - cron: '0 15 * * 0' # every sunday 3 pm
+
+jobs:
+  deploy:
+    runs-on: casa-vlan-cicd
+    env:
+      GITHUB_TEMP: ${{ runner.temp }}
+      
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Fetch limbo public actions
+        env: 
+          RUNNER_TEMP: "${{ runner.temp }}"
+          WORKSPACE: "${{ gitea.workspace }}"
+        run: |
+          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
+
+      - name: Setup kubectl
+        uses: ./.gitea/limbo_actions/kubectl-setup
+        with:
+          kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
+          kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
+          kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }}
+         
+      - name: Deploy zigbee2mqtt
+        shell: bash
+        run: |
+          ./services/zigbee2mqtt/deploy/zigbee2mqtt-deploy.yaml
+            
+      - name: Deploy wyoming
+        shell: bash
+        run: |
+          kubectl apply -f ./services/wyoming/deploy/wyoming-deploy.yaml
\ No newline at end of file
diff --git a/services/wyoming/deploy/cicd-rbac.yaml b/services/wyoming/deploy/cicd-rbac.yaml
new file mode 100644
index 0000000..e156eb4
--- /dev/null
+++ b/services/wyoming/deploy/cicd-rbac.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: wyoming
+  name: ci-cd
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["traefik.io"]
+  resources: ["ingressroutes"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  ci-cd
+  namespace: wyoming
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: Role
+  name: ci-cd
+  apiGroup: rbac.authorization.k8s.io