diff --git a/.github/workflows/nix-validate.yml b/.github/workflows/nix-validate.yml
new file mode 100644
index 0000000..7750d57
--- /dev/null
+++ b/.github/workflows/nix-validate.yml
@@ -0,0 +1,31 @@
+name: Validate Nix flake and configs
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31
+
+      - name: Validate flake checks
+        run: nix flake check --system x86_64-linux
+
+      - name: Validate NixOS configuration evaluation
+        run: nix eval .#nixosConfigurations.desktop.config.system.build.toplevel.drvPath
+
+      - name: Validate Home Manager evaluation
+        run: nix eval .#nixosConfigurations.desktop.config.home-manager.users.alice.home.activationPackage.drvPath