diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d01f598..f934e5d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,8 +4,6 @@ on:
   push:
     branches:
       - master
-      - staging
-      - release-*
   schedule:
     - cron:  '51 2 * * *'
 jobs:
diff --git a/.github/workflows/upgrade-flakes.yml b/.github/workflows/upgrade-flakes.yml
index 1f1f737..b7e91f9 100644
--- a/.github/workflows/upgrade-flakes.yml
+++ b/.github/workflows/upgrade-flakes.yml
@@ -18,9 +18,5 @@ jobs:
         uses: DeterminateSystems/update-flake-lock@v19
         with:
           token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
-          pr-body: |
-            Automated changes by the update-flake-lock
-            ```
-            {{ env.GIT_COMMIT_MESSAGE }}
-            ```
-            bors merge
+          pr-labels: |
+            merge-queue
diff --git a/.mergify.yml b/.mergify.yml
new file mode 100644
index 0000000..a52ac17
--- /dev/null
+++ b/.mergify.yml
@@ -0,0 +1,46 @@
+queue_rules:
+  - name: default
+    merge_conditions:
+      - check-success=Evaluate flake.nix
+      - check-success=check age-keys [x86_64-linux]
+      - check-success=check age-keys-23_05 [x86_64-linux]
+      - check-success=check age-ssh-keys [x86_64-linux]
+      - check-success=check age-ssh-keys-23_05 [x86_64-linux]
+      - check-success=check cross-build-23_05 [x86_64-linux]
+      - check-success=check default-23_05 [x86_64-linux]
+      - check-success=check lint-23_05 [x86_64-linux]
+      - check-success=check pgp-keys [x86_64-linux]
+      - check-success=check pgp-keys-23_05 [x86_64-linux]
+      - check-success=check pruning [x86_64-linux]
+      - check-success=check pruning-23_05 [x86_64-linux]
+      - check-success=check sops-init-gpg-key-23_05 [x86_64-linux]
+      - check-success=check sops-pgp-hook-23_05 [x86_64-linux]
+      - check-success=check sops-pgp-hook-test-23_05 [x86_64-linux]
+      - check-success=check ssh-keys-23_05 [x86_64-linux]
+      - check-success=check ssh-to-pgp-23_05 [x86_64-linux]
+      - check-success=check templates [x86_64-linux]
+      - check-success=check unit-tests-23_05 [x86_64-linux]
+      - check-success=check user-passwords [x86_64-linux]
+      - check-success=devShell default [x86_64-linux]
+      - check-success=package cross-build [x86_64-linux]
+      - check-success=package default [x86_64-linux]
+      - check-success=package lint [x86_64-linux]
+      - check-success=package sops-import-keys-hook [x86_64-linux]
+      - check-success=package sops-init-gpg-key [x86_64-linux]
+      - check-success=package sops-install-secrets [x86_64-linux]
+      - check-success=package sops-pgp-hook [x86_64-linux]
+      - check-success=package sops-pgp-hook-test [x86_64-linux]
+      - check-success=package unit-tests [x86_64-linux]
+      - check-success=tests
+defaults:
+  actions:
+    queue:
+      allow_merging_configuration_change: true
+      method: rebase
+pull_request_rules:
+  - name: merge using the merge queue
+    conditions:
+      - base=master
+      - label~=merge-queue|dependencies
+    actions:
+      queue: {}
diff --git a/README.md b/README.md
index 5c4484b..9672ffa 100644
--- a/README.md
+++ b/README.md
@@ -795,8 +795,7 @@ The secrets are decrypted in a systemd user service called `sops-nix`, so other
 If you prefer having a separate GPG key, sops-nix also comes with a helper tool, `sops-init-gpg-key`:
 
 ```console
-$ nix-shell -p sops-init-gpg-key
-$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey
+$ nix run github:Mic92/sops-nix#sops-init-gpg-key -- --hostname server01 --gpghome /tmp/newkey
 # You can use the following command to save it to a file:
 $ cat > server01.asc <<EOF
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -825,8 +824,7 @@ You can choose between a RSA GPG key (default, like in the example above) or a
 Curve25519 based one by adding `--keytype Curve25519` like so:
 
 ```console
-$ nix-shell -p sops-init-gpg-key
-$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey --keytype Curve25519
+$ nix run github:Mic92/sops-nix#sops-init-gpg-key -- --hostname server01 --gpghome /tmp/newkey --keytype Curve25519
 You can use the following command to save it to a file:
 cat > server01.asc <<EOF
 -----BEGIN PGP PUBLIC KEY BLOCK-----
diff --git a/bors.toml b/bors.toml
deleted file mode 100644
index 858af9d..0000000
--- a/bors.toml
+++ /dev/null
@@ -1,34 +0,0 @@
-cut_body_after = "" # don't include text from the PR body in the merge commit message
-status = [
-  "Evaluate flake.nix",
-  "check age-keys [x86_64-linux]",
-  "check age-keys-22_11 [x86_64-linux]",
-  "check age-ssh-keys-22_11 [x86_64-linux]",
-  "check default-22_11 [x86_64-linux]",
-  "check lint-22_11 [x86_64-linux]",
-  "check pgp-keys [x86_64-linux]",
-  "check pruning-22_11 [x86_64-linux]",
-  "check restart-and-reload-22_11 [x86_64-linux]",
-  "check sops-import-keys-hook-22_11 [x86_64-linux]",
-  "check sops-init-gpg-key-22_11 [x86_64-linux]",
-  "check sops-install-secrets-22_11 [x86_64-linux]",
-  "check sops-pgp-hook-22_11 [x86_64-linux]",
-  "check sops-pgp-hook-test-22_11 [x86_64-linux]",
-  "check ssh-keys-22_11 [x86_64-linux]",
-  "check unit-tests-22_11 [x86_64-linux]",
-  "check user-passwords [x86_64-linux]",
-  "check user-passwords-22_11 [x86_64-linux]",
-  "devShell default [x86_64-linux]",
-  "devShell unit-tests [x86_64-linux]",
-  "package cross-build [x86_64-linux]",
-  "package default [x86_64-linux]",
-  "package lint [x86_64-linux]",
-  "package sops-import-keys-hook [x86_64-linux]",
-  "package sops-init-gpg-key [x86_64-linux]",
-  "package sops-install-secrets [x86_64-linux]",
-  "package sops-pgp-hook [x86_64-linux]",
-  "package sops-pgp-hook-test [x86_64-linux]",
-  "package ssh-to-pgp [x86_64-linux]",
-  "package unit-tests [x86_64-linux]",
-  "tests"
-]
diff --git a/flake.lock b/flake.lock
index dc7f3dd..07de3f2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -18,16 +18,16 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1686392259,
-        "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
+        "lastModified": 1686885751,
+        "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88",
+        "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-22.11",
+        "ref": "release-23.05",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 1c02c4d..b038c2d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,7 +1,7 @@
 {
   description = "Integrates sops into nixos";
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-22.11";
+  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-23.05";
   nixConfig.extra-substituters = ["https://cache.garnix.io"];
   nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
   outputs = {
@@ -17,7 +17,7 @@
     ];
     forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
     suffix-version = version: attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
-    suffix-stable = suffix-version "-22_11";
+    suffix-stable = suffix-version "-23_05";
   in {
     overlays.default = final: prev: let
       localPkgs = import ./default.nix {pkgs = final;};