diff --git a/Makefile b/Makefile
index 2770c03..ef0472d 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ image:
 	@: $${I}
 ifeq ($(I),composite)
 	node tools/build-composite-image.js
-else ifeq ($(I),admin)
+else ifneq (,$(filter $(I),admin ci))
 	docker build . -f docker/$(I)/Dockerfile -t riju:$(I)
 else
 	docker build . -f docker/$(I)/Dockerfile -t riju:$(I) --label riju.image-hash=$(shell node tools/hash-dockerfile.js $(I))
@@ -69,7 +69,7 @@ endif
 .PHONY: shell
 shell:
 	@: $${I}
-ifeq ($(I),admin)
+ifneq (,$(filter $(I),admin ci))
 	docker run -it --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/riju/.aws -v $(HOME)/.docker:/var/riju/.docker -v $(HOME)/.ssh:/var/riju/.ssh -v $(HOME)/.terraform.d:/var/riju/.terraform.d -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e DOCKER_USERNAME -e DOCKER_PASSWORD -e DEPLOY_SSH_PRIVATE_KEY -e DOCKER_REPO -e S3_BUCKET -e DOMAIN -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) --network host riju:$(I) $(CMD)
 else ifneq (,$(filter $(I),compile app))
 	docker run -it --rm --hostname $(I) $(SHELL_PORTS) riju:$(I) $(CMD)
diff --git a/docker/admin/Dockerfile b/docker/admin/Dockerfile
index 9495ba8..75d58e6 100644
--- a/docker/admin/Dockerfile
+++ b/docker/admin/Dockerfile
@@ -4,6 +4,7 @@ COPY docker/admin/install.bash /tmp/
 RUN /tmp/install.bash
 
 WORKDIR /src
-COPY docker/shared/my_init docker/admin/pid1.bash /usr/local/sbin/
+COPY docker/shared/my_init /usr/local/sbin/
+COPY docker/shared/admin-pid1.bash /usr/local/sbin/pid1.bash
 ENTRYPOINT ["/usr/local/sbin/my_init", "/usr/local/sbin/pid1.bash"]
 CMD ["bash"]
diff --git a/docker/admin/install.bash b/docker/admin/install.bash
index 6c9df3c..f807dff 100755
--- a/docker/admin/install.bash
+++ b/docker/admin/install.bash
@@ -55,7 +55,7 @@ apt-get update
 apt-get install -y $(sed 's/#.*//' <<< "${packages}")
 
 wget https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -O awscli.zip
-unzip awscli.zip
+unzip -q awscli.zip
 ./aws/install
 rm -rf aws awscli.zip
 
diff --git a/docker/ci/Dockerfile b/docker/ci/Dockerfile
new file mode 100644
index 0000000..ee0fa01
--- /dev/null
+++ b/docker/ci/Dockerfile
@@ -0,0 +1,10 @@
+FROM ubuntu:rolling
+
+COPY docker/ci/install.bash /tmp/
+RUN /tmp/install.bash
+
+WORKDIR /src
+COPY docker/shared/my_init /usr/local/sbin/
+COPY docker/shared/admin-pid1.bash /usr/local/sbin/pid1.bash
+ENTRYPOINT ["/usr/local/sbin/my_init", "/usr/local/sbin/pid1.bash"]
+CMD ["bash"]
diff --git a/docker/ci/install.bash b/docker/ci/install.bash
new file mode 100755
index 0000000..7886337
--- /dev/null
+++ b/docker/ci/install.bash
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+pushd /tmp
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+apt-get install -y curl gnupg lsb-release
+
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
+curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+
+ubuntu_ver="$(lsb_release -rs)"
+ubuntu_name="$(lsb_release -cs)"
+
+node_repo="$(curl -sS https://deb.nodesource.com/setup_current.x | grep NODEREPO= | grep -Eo 'node_[0-9]+\.x' | head -n1)"
+
+tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
+deb [arch=amd64] https://deb.nodesource.com/${node_repo} ${ubuntu_name} main
+deb [arch=amd64] https://dl.yarnpkg.com/debian/ stable main
+deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
+EOF
+
+packages="
+
+docker-ce-cli
+g++
+git
+jq
+make
+nodejs
+skopeo
+ssh
+sudo
+unzip
+wget
+yarn
+
+"
+
+apt-get update
+apt-get install -y $(sed 's/#.*//' <<< "${packages}")
+
+wget https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -O awscli.zip
+unzip -q awscli.zip
+./aws/install
+rm -rf aws awscli.zip
+
+rm -rf /var/lib/apt/lists/*
+
+tee /etc/sudoers.d/90-riju >/dev/null <<"EOF"
+%sudo ALL=(ALL:ALL) NOPASSWD: ALL
+EOF
+
+popd
+
+rm "$0"
diff --git a/docker/admin/pid1.bash b/docker/shared/admin-pid1.bash
similarity index 92%
rename from docker/admin/pid1.bash
rename to docker/shared/admin-pid1.bash
index 4da3e84..e100217 100755
--- a/docker/admin/pid1.bash
+++ b/docker/shared/admin-pid1.bash
@@ -2,7 +2,7 @@
 
 set -euo pipefail
 
-tee -a /etc/hosts >/dev/null <<< "127.0.0.1 admin"
+tee -a /etc/hosts >/dev/null <<< "127.0.0.1 $(hostname)"
 
 groupadd -g "$(stat -c %g "$PWD")" -o -p '!' -r riju
 useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -s /usr/bin/bash -G sudo riju
diff --git a/tools/ci-bootstrap.bash b/tools/ci-bootstrap.bash
index 44aeaed..5128d41 100755
--- a/tools/ci-bootstrap.bash
+++ b/tools/ci-bootstrap.bash
@@ -11,4 +11,4 @@ set -euo pipefail
 : ${DOMAIN}
 : ${S3_BUCKET}
 
-make image shell I=admin CMD="tools/ci-run.bash"
+make image shell I=ci CMD="tools/ci-run.bash"