diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..4ad7911
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,40 @@
+image: ubuntu:focal
+stages:
+  - test
+  - play
+before_script:
+  # Get the packages we need
+  - apt-get update
+  - apt-get install openssh-client python3-docker python3-pip -y
+  - pip install ansible ansible-lint
+  # Dump our key
+  - eval $(ssh-agent -s)
+  - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
+  - mkdir -p ~/.ssh
+  - chmod -R 0700 ~/.ssh
+  # Dump the vault password
+  - touch /vaultpw
+  - chmod 0600 /vaultpw
+  - echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
+  # Fix perms on the playbook root
+  - chmod -R 0750 .
+  # Get ready for execution
+  - ansible-galaxy install -r roles/requirements.yml -p roles
+
+Lint:
+  allow_failure: yes
+  stage: test
+  script:
+    - ansible-lint --version
+    - ansible-lint site.yml
+
+Test:
+  allow_failure: yes
+  stage: test
+  script:
+    - ansible-playbook --skip-tags no-test -C site.yml --vault-password-file /vaultpw
+
+Play:
+  stage: play
+  script:
+    - ansible-playbook site.yml --vault-password-file /vaultpw