diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index b5cf47a..a3c3ffc 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -47,6 +47,8 @@ global_dns_ttl: "{{ 24 * 60 * 60 }}" # default if omitted in all cases
 global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
 global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
 
+global_validate_shell_script: "/usr/bin/shellcheck -format=quiet %s"
+
 global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguard"
 global_wireguard_public_directory: "{{ global_public_key_directory }}/wireguard/keys"
 global_wireguard_peers_directory: "{{ global_public_key_directory }}/wireguard/peers"
diff --git a/roles/common/tasks/helpers.yml b/roles/common/tasks/helpers.yml
index a4ffb73..dd81a82 100644
--- a/roles/common/tasks/helpers.yml
+++ b/roles/common/tasks/helpers.yml
@@ -15,6 +15,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=rx,o=rx"
+    validate: "{{ global_validate_shell_script }}"
   loop:
     - backup_rename.sh
     - gpg_import_url_key.sh
@@ -26,6 +27,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=rx,o=rx"
+    validate: "{{ global_validate_shell_script }}"
   loop:
     - backup_autoremove.sh
     - backup_files.sh
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
index cd2f0ec..904c057 100644
--- a/roles/common/tasks/packages.yml
+++ b/roles/common/tasks/packages.yml
@@ -24,6 +24,7 @@
       - pv # Required for scripting
       - python3
       - python3-pip
+      - shellcheck
       - software-properties-common
       - ufw
       - wget
diff --git a/roles/git_auto_update/tasks/main.yml b/roles/git_auto_update/tasks/main.yml
index 1b2184b..c5b95bc 100644
--- a/roles/git_auto_update/tasks/main.yml
+++ b/roles/git_auto_update/tasks/main.yml
@@ -7,6 +7,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=rx,o=r"
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Create repository directory for {{ repo_name }}
   file:
diff --git a/roles/misc/backup_files/tasks/main.yml b/roles/misc/backup_files/tasks/main.yml
index cedfea9..de60ca0 100644
--- a/roles/misc/backup_files/tasks/main.yml
+++ b/roles/misc/backup_files/tasks/main.yml
@@ -15,6 +15,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=rx,o=r"
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Configure auto backup files of {{ backup_name }}
   cron:
diff --git a/roles/misc/ip_discover/tasks/main.yml b/roles/misc/ip_discover/tasks/main.yml
index 315ee1d..040186e 100644
--- a/roles/misc/ip_discover/tasks/main.yml
+++ b/roles/misc/ip_discover/tasks/main.yml
@@ -17,6 +17,7 @@
     owner: "{{ system_user }}"
     group: "{{ system_user }}"
     mode: "u=rwx,g=rx,o="
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Configure crontab for discover script
   cron:
diff --git a/roles/misc/ssh_tg_notify/tasks/main.yml b/roles/misc/ssh_tg_notify/tasks/main.yml
index 4be05ab..15c68f7 100644
--- a/roles/misc/ssh_tg_notify/tasks/main.yml
+++ b/roles/misc/ssh_tg_notify/tasks/main.yml
@@ -22,6 +22,7 @@
     owner: root
     group: root
     mode: u=rwx,g=rx,o=
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Configure pam for ssh notify
   lineinfile:
diff --git a/roles/mysql/backup_database/tasks/main.yml b/roles/mysql/backup_database/tasks/main.yml
index 43eaa41..347a956 100644
--- a/roles/mysql/backup_database/tasks/main.yml
+++ b/roles/mysql/backup_database/tasks/main.yml
@@ -15,6 +15,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=rx,o=r"
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Configure auto backup mysql database of {{ database_name }}
   cron:
diff --git a/roles/server/linx/tasks/main.yml b/roles/server/linx/tasks/main.yml
index 5f0fbb7..8b9a405 100644
--- a/roles/server/linx/tasks/main.yml
+++ b/roles/server/linx/tasks/main.yml
@@ -80,6 +80,7 @@
     owner: root
     group: "{{ system_user }}"
     mode: "u=rwx,g=rx,o="
+    validate: "{{ global_validate_shell_script }}"
 
 - name: Register service for linx
   template:
diff --git a/roles/server/minecraft/tasks/main.yml b/roles/server/minecraft/tasks/main.yml
index aced74d..f35f11f 100644
--- a/roles/server/minecraft/tasks/main.yml
+++ b/roles/server/minecraft/tasks/main.yml
@@ -76,6 +76,7 @@
     owner: "{{ system_user }}"
     group: "{{ system_user }}"
     mode: "u=rx,g=r,o="
+    validate: "{{ global_validate_shell_script }}"
   notify:
     - restart minecraft server
   loop:
@@ -91,6 +92,7 @@
     owner: "{{ system_user }}"
     group: "{{ system_user }}"
     mode: "u=rx,g=r,o="
+    validate: "{{ global_validate_shell_script }}"
   loop:
     - name: "control.sh"
       path: "{{ remote_control_script }}"
diff --git a/roles/wireguard/application/tasks/main.yml b/roles/wireguard/application/tasks/main.yml
index c24424e..1b93923 100644
--- a/roles/wireguard/application/tasks/main.yml
+++ b/roles/wireguard/application/tasks/main.yml
@@ -82,6 +82,7 @@
     owner: root
     group: root
     mode: "u=rwx,g=r,o=r"
+    validate: "{{ global_validate_shell_script }}"
   notify:
     - reload wireguard interface
   loop: