diff --git a/.gitea/workflows/backup.yml b/.gitea/workflows/backup.yml
new file mode 100644
index 0000000..12ff4fc
--- /dev/null
+++ b/.gitea/workflows/backup.yml
@@ -0,0 +1,45 @@
+name: Backup
+
+on:
+  schedule:
+    - cron: '0 2 * * *'   # Täglich 02:00 UTC
+
+jobs:
+  backup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.SEBAS }}
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.PI_SSH_KEY }}" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          ssh-keyscan -p 10022 localhost >> ~/.ssh/known_hosts
+
+      - name: Pull backups from Pi
+        run: |
+          mkdir -p backup/data backup/config
+          scp -i ~/.ssh/deploy_key -P 10022 \
+            "deploy@localhost:/opt/nazarick/data/*.sqlite" \
+            backup/data/ || true
+          scp -i ~/.ssh/deploy_key -P 10022 \
+            deploy@localhost:/opt/nazarick/config/config.toml \
+            backup/config/config.toml || true
+          ssh -i ~/.ssh/deploy_key -p 10022 deploy@localhost \
+            'find /opt/nazarick/crates/*/config -type f -name "*.md"' | while read f; do
+            RELATIVE=${f#/opt/nazarick/}
+            mkdir -p "backup/$(dirname $RELATIVE)"
+            scp -i ~/.ssh/deploy_key -P 10022 \
+              "deploy@localhost:$f" "backup/$RELATIVE" || true
+          done
+
+      - name: Commit and push
+        run: |
+          git config user.name "Nazarick Backup Bot"
+          git config user.email "backup@nazarick"
+          git add backup/
+          git diff --staged --quiet || git commit -m "chore: daily backup $(date +%Y-%m-%d)"
+          git push origin master
diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 2ebb8d0..6518fa5 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
   pull_request:
     branches: [ master ]
   schedule:
-    - cron: '0 3 * * 1'   # Jeden Montag 03:00 UTC
+    - cron: '0 3 * * 1'   # Montags 03:00 UTC → deploy-infra (Ollama update)
 
 jobs:
   check:
@@ -71,12 +71,35 @@ jobs:
             target/aarch64-unknown-linux-gnu/release/nazarick \
             deploy@localhost:/opt/nazarick/nazarick.new
 
-      - name: Restart nazarick on Pi
+      - name: Copy Dockerfile to Pi
+        run: |
+          scp -i ~/.ssh/deploy_key -P 10022 \
+            Dockerfile \
+            deploy@localhost:/opt/nazarick/Dockerfile
+
+      - name: Copy config files dynamically to Pi
+        run: |
+          # shared config
+          scp -i ~/.ssh/deploy_key -P 10022 \
+            config/shared_core.md \
+            deploy@localhost:/opt/nazarick/config/shared_core.md
+
+          # Alle Agent-Config-Files dynamisch (soul_core.md, soul_personality.md etc.)
+          find crates/*/config -type f -name "*.md" | while read f; do
+            CRATE=$(echo "$f" | cut -d'/' -f1-3)
+            ssh -i ~/.ssh/deploy_key -p 10022 deploy@localhost "mkdir -p /opt/nazarick/$CRATE"
+            scp -i ~/.ssh/deploy_key -P 10022 "$f" "deploy@localhost:/opt/nazarick/$f"
+          done
+
+      - name: Build image and restart nazarick
         run: |
           ssh -i ~/.ssh/deploy_key -p 10022 deploy@localhost '
-            mv /opt/nazarick/nazarick.new /opt/nazarick/target/release/nazarick
             cd /opt/nazarick
-            docker compose restart nazarick
+            mkdir -p target/release
+            mv nazarick.new target/release/nazarick
+            docker build -t nazarick:latest .
+            docker compose down nazarick || true
+            docker compose up -d nazarick
           '
 
   deploy-infra:
@@ -99,4 +122,4 @@ jobs:
             sleep 5
             docker exec ollama ollama pull gemma3:2b
             docker compose restart nazarick
-          '
+          '
\ No newline at end of file