diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..6460112
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,50 @@
+---
+kind: pipeline
+type: kubernetes
+name: Terraform root module
+
+trigger:
+  event:
+  - cron
+  - push
+  branch:
+  - main
+
+steps:
+- name: pipeline init
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - mkdir -p ~/.ssh
+    - chmod 755 ~/.ssh
+    - echo "$${CI_SSH_KEY}" | base64 -d > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - echo -e "Host *\n  StrictHostKeyChecking no\n" >> ~/.ssh/config
+    - ssh-keyscan -t rsa git.thomasklein.me >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+    - rm -f /dev/tty
+    - mknod -m 666 /dev/tty c 5 0
+  environment:
+    CI_SSH_KEY:
+      from_secret: ci-ssh-key
+
+- name: terraform init
+  image: hashicorp/terraform:1.1.8
+  commands:
+  - terraform init
+
+- name: terraform plan
+  image: hashicorp/terraform:1.1.8
+  commands:
+  - terraform plan -out .tfplan
+
+- name: terraform apply
+  when:
+    when:
+      branch:
+      - main
+      event:
+      - push
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - terraform show -plan .tfplan
+    # - terraform apply -plan .tfplan -auto-approve