ci: Add pipeline for dch-vpn playbook

ci/dch-vpn.jenkinsfile

@@ -0,0 +1,73 @@
+// vim: set ft=groovy sw=4 ts=4 sts=4 et :
+
+pipeline {
+    agent {
+        label 'ansible'
+    }
+
+    triggers {
+        cron 'H H * * *'
+    }
+
+    stages {
+        stage('kinit') {
+            steps {
+                withCredentials([file(
+                        credentialsId: 'vault-jenkins@gw0',
+                        variable: 'SUDO_PASS_FILE'
+                )]) {
+                    sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass'
+                }
+            }
+        }
+
+        stage('Remount R/W') {
+            steps {
+                ansiblePlaybook \
+                    playbook: 'remount.yml',
+                    limit: 'dch-gw',
+                    become: true,
+                    credentialsId: 'jenkins-ssh',
+                    vaultCredentialsId: 'ansible-vault',
+                    extraVars: [
+                        remount_state: 'rw',
+                    ]
+            }
+        }
+
+        stage('VPN') {
+            steps {
+                ansiblePlaybook \
+                    playbook: 'dch-vpn.yml',
+                    become: true,
+                    credentialsId: 'jenkins-ssh',
+                    vaultCredentialsId: 'ansible-vault',
+                    extras: '--diff'
+            }
+        }
+
+        stage('Remount R/O') {
+            steps {
+                ansiblePlaybook \
+                    playbook: 'remount.yml',
+                    limit: 'dch-gw',
+                    become: true,
+                    credentialsId: 'jenkins-ssh',
+                    vaultCredentialsId: 'ansible-vault'
+            }
+        }
+
+    }
+
+    post {
+        always {
+            sh 'find . -name sudo-pass -delete'
+        }
+        failure {
+            emailext \
+                to: 'gyrfalcon@ebonfire.com',
+                subject: '$DEFAULT_SUBJECT',
+                body: '$DEFAULT_CONTENT'
+        }
+    }
+}