diff --git a/.gitea/workflows/builder.yaml b/.gitea/workflows/builder.yaml
new file mode 100644
index 0000000..187eb4f
--- /dev/null
+++ b/.gitea/workflows/builder.yaml
@@ -0,0 +1,64 @@
+name: Build & Push Builder Image
+
+on:
+  workflow_call:
+    inputs:
+      registry:
+        required: true
+        type: string
+
+      username:
+        required: true
+        type: string
+
+    secrets:
+      password:
+        required: true
+
+    outputs:
+      tag:
+        description: "The built image reference"
+        value: ${{ jobs.builder.outputs.tag }}
+
+jobs:
+  builder:
+    runs-on: nix
+
+    outputs:
+      tag: ${{ steps.build.outputs.tag }}
+
+    env:
+      IMAGE_BASE: ${{ secrets.REGISTRY }}/${{ gitea.repo_owner }}/${{ gitea.repo_name }}
+      TAG_HASH: builder-${{ gitea.sha:0:7 }}
+      TAG_LATEST: builder
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Log In to Registry
+        run: buildah login --username "${{ inputs.username }}" --password "${{ secrets.password }}" "${{ inputs.registry }}"
+
+      - name: Pull Builder Cache
+        run: buildah pull ${{ env.IMAGE_BASE }}:${{ env.TAG_LATEST }} || true
+
+      - name: Build Builder Image
+        id: build
+        run: |
+          TAG_ARGS="--tag ${{ env.IMAGE_BASE }}:${{ env.TAG_HASH }}"
+
+          if [[ "${{ gitea.ref_name }}" == "main" ]]; then
+            TAG_ARGS="$TAG_ARGS --tag ${{ env.IMAGE_BASE }}:${{ env.TAG_LATEST }}"
+          fi
+
+          buildah build --layers -f .gitea/Containerfile $TAG_ARGS .
+
+          echo "tag=$TAG_HASH" >> $GITEA_OUTPUT
+
+      - name: Push Builder Image
+        run: |
+          buildah push ${{ env.IMAGE_BASE }}:${{ env.TAG_HASH }}
+
+          if [[ "${{ gitea.ref_name }}" == "main" ]]; then
+            buildah push ${{ env.IMAGE_BASE }}:${{ env.TAG_LATEST }}
+          fi