diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f1f481ba8549a9a0365105ba07eba3e9ab05fd3d
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,37 @@
+
+stages:
+  - build_src
+  - build_pkg
+  - upload
+
+build:src:
+  stage: build_src
+  image: "ai/build:stretch"
+  script: "build-dsc"
+  artifacts:
+    paths:
+      - build-deb/
+  only:
+    - master
+
+build:pkg:
+  stage: build_pkg
+  image: "ai/build:stretch"
+  script: "build-deb"
+  dependencies:
+    - build:src
+  artifacts:
+    paths:
+      - output-deb/
+  only:
+    - master
+
+upload:pkg:
+  stage: upload
+  image: "ai/pkg:base"
+  script: "upload-packages -r ai3"
+  dependencies:
+    - build:pkg
+  only:
+    - master
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000000000000000000000000000000000000..53c7d41a3696e2736a745b5e211d610704d0e5a0
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+keystore (0.1) unstable; urgency=medium
+
+  * Initial Release.
+
+ -- Autistici/Inventati <debian@autistici.org>  Mon, 11 Dec 2017 09:41:38 +0000
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000000000000000000000000000000000000..f599e28b8ab0d8c9c57a486c89c4a5132dcbd3b2
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000000000000000000000000000000000000..5bf4f3e47051b77d022e38221f32de2c1bcf844e
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,13 @@
+Source: keystore
+Section: admin
+Priority: optional
+Maintainer: Autistici/Inventati <debian@autistici.org>
+Build-Depends: debhelper (>=9), golang-go, dh-systemd, dh-golang
+Standards-Version: 3.9.6
+
+Package: keystored
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: User private key server.
+ Stores user encryption keys in-memory for the session duration.
+
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000000000000000000000000000000000000..9050fd196a1219cead8a29103dd867d3519bce30
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,25 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: keystore
+Source: <https://git.autistici.org/id/keystore>
+
+Files: *
+Copyright: 2017 Autistici/Inventati <info@autistici.org>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
diff --git a/debian/keystored.default b/debian/keystored.default
new file mode 100644
index 0000000000000000000000000000000000000000..54d99b80cd2e458d6af7ffef115eec0210286335
--- /dev/null
+++ b/debian/keystored.default
@@ -0,0 +1 @@
+ADDR=:5006
diff --git a/debian/keystored.service b/debian/keystored.service
new file mode 100644
index 0000000000000000000000000000000000000000..16dbdf68ab67682762eb4585449b8b58ce744ee4
--- /dev/null
+++ b/debian/keystored.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=User Private Key Store
+After=network.target
+
+[Service]
+User=keystored
+Group=keystored
+EnvironmentFile=-/etc/default/keystored
+ExecStart=/usr/bin/keystored --addr $ADDR
+Restart=always
+
+# Hardening
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000000000000000000000000000000000000..7ef13d5a15a37de89abb8afae65be86a22d1cc26
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+configure)
+    addgroup --system --quiet keystored
+    adduser --system --no-create-home --home /run/keystored \
+      --disabled-password --disabled-login \
+      --quiet --ingroup keystored keystored
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000000000000000000000000000000000000..b706a60521ffc9f880c4f4216c8bbb1783ea484d
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+
+export DH_GOPKG = git.autistici.org/id/keystore
+export DH_GOLANG_EXCLUDES = vendor
+
+
+%:
+	dh $@ --with systemd --with golang --buildsystem golang
+
+override_dh_install:
+	rm -fr $(CURDIR)/debian/keystored/usr/share/gocode
+	dh_install
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000000000000000000000000000000000000..89ae9db8f88b823b6a7eabf55e203658739da122
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)