ci: Begin continuous integration setup

ci/Dockerfile

@@ -0,0 +1,14 @@
+FROM fedora:27
+
+RUN dnf install -y \
+	ansible \
+	openssh-clients \
+	python2-netaddr
+
+# XXX These UID/GIDs must match the Jenkins UID/GID on the agent
+RUN groupadd -g 992 jenkins
+RUN useradd -u 995 -g jenkins -c Jenkins -d /var/lib/jenkins -m jenkins
+
+RUN install -m 700 -o jenkins -g jenkins -d /var/lib/jenkins/.ssh
+COPY known_hosts /var/lib/jenkins/.ssh/
+RUN chown jenkins:jenkins /var/lib/jenkins/.ssh/known_hosts

ci/dch-gw.jenkinsfile

@@ -0,0 +1,50 @@
+// vim: set ft=groovy sw=4 ts=4 sts=4 et :
+
+pipeline {
+    agent {
+        dockerfile {
+            dir 'ci'
+        }
+    }
+
+    triggers {
+        pollSCM ''
+    }
+
+    stages {
+        stage('Prepare') {
+            steps {
+                withCredentials([file(
+                        credentialsId: 'vault-jenkins@gw0',
+                        variable: 'SUDO_PASS_FILE')]) {
+                    sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass'
+                }
+            }
+        }
+
+        stage('Services') {
+            steps {
+                withCredentials([file(
+                        credentialsId: 'ansible-vault',
+                        variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) {
+                    sshagent(['jenkins-ssh']) {
+                        sh 'ansible-playbook --diff -b dhcpd.yml radvd.yml'
+                    }
+                }
+            }
+        }
+
+        stage('Firewall') {
+            steps {
+                withCredentials([file(
+                        credentialsId: 'ansible-vault',
+                        variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) {
+                    sshagent(['jenkins-ssh']) {
+                        sh 'ansible-playbook --diff -b dch-gw.yml'
+                    }
+                }
+            }
+
+        }
+    }
+}

ci/known_hosts

@@ -0,0 +1 @@
+172.31.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQJj11B1OqSfx/OHkJ5rzwk6ENLjMgfaVfkYC6xc7Ly