diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..19a064f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
\ No newline at end of file
diff --git a/.github/workflows/flake-checker.yml b/.github/workflows/flake-checker.yml
new file mode 100644
index 0000000..bde05e0
--- /dev/null
+++ b/.github/workflows/flake-checker.yml
@@ -0,0 +1,21 @@
+name: Flake ❄️ Checker ✅
+
+on:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: '42 0 * * 6'
+  workflow_dispatch:
+
+jobs:
+  flake-checker:
+    name: Flake Checker
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: DeterminateSystems/nix-installer-action@v12
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
+      - uses: DeterminateSystems/flake-checker-action@v8
diff --git a/.github/workflows/flake-updater.yml b/.github/workflows/flake-updater.yml
new file mode 100644
index 0000000..9e1f790
--- /dev/null
+++ b/.github/workflows/flake-updater.yml
@@ -0,0 +1,20 @@
+name: Flake ❄️ Lock 🔒️ Updater ✨
+
+on:
+  schedule:
+    - cron: '37 13 14,28 * *'
+  workflow_dispatch:
+
+jobs:
+  lock-updater:
+    name: Flake Lock Updater
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: DeterminateSystems/nix-installer-action@v12
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
+      - uses: DeterminateSystems/update-flake-lock@v23
+        with:
+          pr-title: "chore: update flake.lock"
diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml
new file mode 100644
index 0000000..c70997b
--- /dev/null
+++ b/.github/workflows/lint-pr.yml
@@ -0,0 +1,27 @@
+name: "Lint Pull Request 🐙"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+permissions:
+  pull-requests: read
+
+jobs:
+  main:
+    name: Validate pull request title
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          # If the PR only contains a single commit, the action will validate that
+          # it matches the configured pattern.
+          validateSingleCommit: true
+          # Related to `validateSingleCommit` you can opt-in to validate that the PR
+          # title matches a single commit to avoid confusion.
+          validateSingleCommitMatchesPrTitle: true
diff --git a/.github/workflows/lint-shellcheck.yml b/.github/workflows/lint-shellcheck.yml
new file mode 100644
index 0000000..bd125ea
--- /dev/null
+++ b/.github/workflows/lint-shellcheck.yml
@@ -0,0 +1,18 @@
+name: "Lint Shellcheck 🐚"
+
+on:
+  pull_request:
+    branches: '**'
+  workflow_dispatch:
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        with:
+          format: gcc
+          severity: warning