diff --git a/.envrc b/.envrc
new file mode 100644
index 00000000..5817bffc
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,6 @@
+if ! has nix_direnv_version || ! nix_direnv_version 1.5.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.0/direnvrc" "sha256-carKk9aUFHMuHt+IWh74hFj58nY4K3uywpZbwXX0BTI="
+fi
+use flake
+
+dotenv_if_exists
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index a8ad736b..1abba5be 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -78,6 +78,9 @@ jobs:
           version: v0.11.1
           node_image: kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729
 
+      - name: Download tool dependencies
+        run: make deps
+
       - name: Test
         run: make testall
         env:
diff --git a/.gitignore b/.gitignore
index f6cd2e19..296adfb1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+/.direnv/
 /.idea/
 /bin/
 /docker-compose.override.yaml
diff --git a/Makefile b/Makefile
index 0de702e6..b92aee98 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,10 @@
 OS = $(shell uname | tr A-Z a-z)
 
+export PATH := $(abspath bin/protoc/bin/):$(abspath bin/):${PATH}
+
 PROJ=dex
 ORG_PATH=github.com/dexidp
 REPO_PATH=$(ORG_PATH)/$(PROJ)
-export PATH := $(PWD)/bin:$(PATH)
 
 VERSION ?= $(shell ./scripts/git-version)
 
@@ -20,11 +21,6 @@ export GOBIN=$(PWD)/bin
 LD_FLAGS="-w -X main.version=$(VERSION)"
 
 # Dependency versions
-GOLANGCI_VERSION = 1.42.0
-
-PROTOC_VERSION = 3.15.6
-PROTOC_GEN_GO_VERSION = 1.26.0
-PROTOC_GEN_GO_GRPC_VERSION = 1.1.0
 
 KIND_NODE_IMAGE = "kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729"
 KIND_TMP_DIR = "$(PWD)/bin/test/dex-kind-kubeconfig"
@@ -83,42 +79,22 @@ kind-down:
 kind-tests: export DEX_KUBERNETES_CONFIG_PATH=${KIND_TMP_DIR}
 kind-tests: testall
 
-bin/golangci-lint: bin/golangci-lint-${GOLANGCI_VERSION}
-	@ln -sf golangci-lint-${GOLANGCI_VERSION} bin/golangci-lint
-bin/golangci-lint-${GOLANGCI_VERSION}:
-	curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | BINARY=golangci-lint bash -s -- v${GOLANGCI_VERSION}
-	@mv bin/golangci-lint $@
-
 .PHONY: lint lint-fix
-lint: bin/golangci-lint ## Run linter
-	bin/golangci-lint run
+lint: ## Run linter
+	golangci-lint run
 
 .PHONY: fix
-fix: bin/golangci-lint ## Fix lint violations
-	bin/golangci-lint run --fix
+fix: ## Fix lint violations
+	golangci-lint run --fix
 
 .PHONY: docker-image
 docker-image:
 	@sudo docker build -t $(DOCKER_IMAGE) .
 
-.PHONY: proto-old
-proto-old: bin/protoc-old bin/protoc-gen-go-old
-	@./bin/protoc-old --go_out=plugins=grpc:. --plugin=protoc-gen-go=./bin/protoc-gen-go-old api/v2/*.proto
-	@cp api/v2/*.proto api/
-	@./bin/protoc-old --go_out=plugins=grpc:. --plugin=protoc-gen-go=./bin/protoc-gen-go-old api/*.proto
-
 .PHONY: verify-proto
 verify-proto: proto
 	@./scripts/git-diff
 
-bin/protoc-old: scripts/get-protoc
-	@./scripts/get-protoc bin/protoc-old
-
-bin/protoc-gen-go-old:
-	@mkdir -p tmp
-	@GOBIN=$$PWD/tmp go install -v github.com/golang/protobuf/protoc-gen-go@v1.3.2
-	@mv tmp/protoc-gen-go bin/protoc-gen-go-old
-
 clean:
 	@rm -rf bin/
 
@@ -129,36 +105,56 @@ FORCE:
 .PHONY: test testrace testall
 
 .PHONY: proto
-proto: bin/protoc bin/protoc-gen-go bin/protoc-gen-go-grpc
-	@./bin/protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. --plugin=protoc-gen-go=./bin/protoc-gen-go --plugin=protoc-gen-go-grpc=./bin/protoc-gen-go-grpc api/v2/*.proto
-	@./bin/protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. --plugin=protoc-gen-go=./bin/protoc-gen-go --plugin=protoc-gen-go-grpc=./bin/protoc-gen-go-grpc api/*.proto
+proto:
+	@protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. api/v2/*.proto
+	@protoc --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. api/*.proto
 	#@cp api/v2/*.proto api/
 
 .PHONY: proto-internal
-proto-internal: bin/protoc bin/protoc-gen-go
-	@./bin/protoc --go_out=paths=source_relative:. --plugin=protoc-gen-go=./bin/protoc-gen-go server/internal/*.proto
+proto-internal:
+	@protoc --go_out=paths=source_relative:. server/internal/*.proto
 
-bin/protoc: bin/protoc-${PROTOC_VERSION}
-	@ln -sf protoc-${PROTOC_VERSION}/bin/protoc bin/protoc
-bin/protoc-${PROTOC_VERSION}:
-	@mkdir -p bin/protoc-${PROTOC_VERSION}
-ifeq (${OS}, darwin)
+# Dependency versions
+GOLANGCI_VERSION = 1.42.0
+GOTESTSUM_VERSION ?= 1.7.0
+PROTOC_VERSION = 3.15.6
+PROTOC_GEN_GO_VERSION = 1.26.0
+PROTOC_GEN_GO_GRPC_VERSION = 1.1.0
+KIND_VERSION = 0.11.1
+
+deps: bin/gotestsum bin/golangci-lint bin/protoc bin/protoc-gen-go bin/protoc-gen-go-grpc bin/kind
+
+bin/gotestsum:
+	@mkdir -p bin
+	curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_$(shell uname | tr A-Z a-z)_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum
+	@chmod +x ./bin/gotestsum
+
+bin/golangci-lint:
+	@mkdir -p bin
+	curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | BINARY=golangci-lint bash -s -- v${GOLANGCI_VERSION}
+
+bin/protoc:
+	@mkdir -p bin/protoc
+ifeq ($(shell uname | tr A-Z a-z), darwin)
 	curl -L https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-osx-x86_64.zip > bin/protoc.zip
 endif
-ifeq (${OS}, linux)
+ifeq ($(shell uname | tr A-Z a-z), linux)
 	curl -L https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip > bin/protoc.zip
 endif
-	unzip bin/protoc.zip -d bin/protoc-${PROTOC_VERSION}
+	unzip bin/protoc.zip -d bin/protoc
 	rm bin/protoc.zip
 
-bin/protoc-gen-go: bin/protoc-gen-go-${PROTOC_GEN_GO_VERSION}
-	@ln -sf protoc-gen-go-${PROTOC_GEN_GO_VERSION} bin/protoc-gen-go
-bin/protoc-gen-go-${PROTOC_GEN_GO_VERSION}:
+bin/protoc-gen-go:
 	@mkdir -p bin
-	curl -L https://github.com/protocolbuffers/protobuf-go/releases/download/v${PROTOC_GEN_GO_VERSION}/protoc-gen-go.v${PROTOC_GEN_GO_VERSION}.${OS}.amd64.tar.gz | tar -zOxf - protoc-gen-go > ./bin/protoc-gen-go-${PROTOC_GEN_GO_VERSION} && chmod +x ./bin/protoc-gen-go-${PROTOC_GEN_GO_VERSION}
+	curl -L https://github.com/protocolbuffers/protobuf-go/releases/download/v${PROTOC_GEN_GO_VERSION}/protoc-gen-go.v${PROTOC_GEN_GO_VERSION}.$(shell uname | tr A-Z a-z).amd64.tar.gz | tar -zOxf - protoc-gen-go > ./bin/protoc-gen-go
+	@chmod +x ./bin/protoc-gen-go
 
-bin/protoc-gen-go-grpc: bin/protoc-gen-go-grpc-${PROTOC_GEN_GO_GRPC_VERSION}
-	@ln -sf protoc-gen-go-grpc-${PROTOC_GEN_GO_GRPC_VERSION} bin/protoc-gen-go-grpc
-bin/protoc-gen-go-grpc-${PROTOC_GEN_GO_GRPC_VERSION}:
+bin/protoc-gen-go-grpc:
 	@mkdir -p bin
-	curl -L https://github.com/grpc/grpc-go/releases/download/cmd%2Fprotoc-gen-go-grpc%2Fv${PROTOC_GEN_GO_GRPC_VERSION}/protoc-gen-go-grpc.v${PROTOC_GEN_GO_GRPC_VERSION}.${OS}.amd64.tar.gz | tar -zOxf - ./protoc-gen-go-grpc > ./bin/protoc-gen-go-grpc-${PROTOC_GEN_GO_GRPC_VERSION} && chmod +x ./bin/protoc-gen-go-grpc-${PROTOC_GEN_GO_GRPC_VERSION}
+	curl -L https://github.com/grpc/grpc-go/releases/download/cmd/protoc-gen-go-grpc/v${PROTOC_GEN_GO_GRPC_VERSION}/protoc-gen-go-grpc.v${PROTOC_GEN_GO_GRPC_VERSION}.$(shell uname | tr A-Z a-z).amd64.tar.gz | tar -zOxf - ./protoc-gen-go-grpc > ./bin/protoc-gen-go-grpc
+	@chmod +x ./bin/protoc-gen-go-grpc
+
+bin/kind:
+	@mkdir -p bin
+	curl -L https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-$(shell uname | tr A-Z a-z)-amd64 > ./bin/kind
+	@chmod +x ./bin/kind
diff --git a/README.md b/README.md
index b69bdc0a..1444c32d 100644
--- a/README.md
+++ b/README.md
@@ -125,3 +125,19 @@ Please see our [security policy](.github/SECURITY.md) for details about reportin
 [go-oidc]: https://github.com/coreos/go-oidc
 [issue-1065]: https://github.com/dexidp/dex/issues/1065
 [release-notes]: https://github.com/dexidp/dex/releases
+
+## Development
+
+When all coding and testing is done, please run the test suite:
+
+```shell
+make testall
+```
+
+For the best developer experience, install [Nix](https://builtwithnix.org/) and [direnv](https://direnv.net/).
+
+Alternatively, install Go and Docker manually or using a package manager. Install the rest of the dependencies by running `make deps`.
+
+## License
+
+The project is licensed under the [Apache License, Version 2.0](LICENSE).
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 00000000..715570a3
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,42 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1634851050,
+        "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1636800699,
+        "narHash": "sha256-SwbyVxXffu3G2ulJIbTf0iQfqhbGbdml4Dyv5j9BiAI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2fa862644fc15ecb525eb8cd0a60276f1c340c7c",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 00000000..8f444d5e
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,25 @@
+{
+  description = "OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        buildDeps = with pkgs; [ git go_1_17 gnumake ];
+        devDeps = with pkgs;
+          buildDeps ++ [
+            golangci-lint
+            gotestsum
+            protobuf
+            protoc-gen-go
+            protoc-gen-go-grpc
+            kind
+          ];
+      in
+      { devShell = pkgs.mkShell { buildInputs = devDeps; }; });
+}
diff --git a/scripts/get-protoc b/scripts/get-protoc
deleted file mode 100755
index 41b8f54a..00000000
--- a/scripts/get-protoc
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash -e
-
-# This is a script to download protoc. Rather than depending on the version on
-# a developer's machine, always download a specific version.
-
-VERSION="3.1.0"
-
-if [ $# -ne 1 ]; then
-  echo "Usage: ./get-protoc [dest]"
-  exit 2
-fi
-
-# Use the go tool to determine OS.
-OS=$( go env GOOS )
-
-if [ "$OS" = "darwin" ]; then
-  OS="osx"
-fi
-
-mkdir -p bin
-
-# TODO(ericchiang): Architectures other than amd64?
-ZIP="protoc-${VERSION}-${OS}-x86_64.zip"
-URL="https://github.com/google/protobuf/releases/download/v${VERSION}/${ZIP}"
-
-wget ${URL}
-# Unpack the protoc binary. Later we might want to grab additional data. 
-unzip -p ${ZIP} bin/protoc > $1
-chmod +x $1
-rm ${ZIP}