diff --git a/.travis.yml b/.travis.yml
index 8b79d45..201079f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,8 +7,18 @@ language: minimal
 git:
   depth: 5
 
-script:
-  - docker build -t dnscrypt-server-docker-ci-test .
+jobs:
+  include:
+    - stage: Test
+      name: Docker build
+      script:
+        - docker build -t dnscrypt-server-docker-ci-test .
+    - stage: Test
+      name: Check shell script format
+      script:
+        - docker run -it --rm -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.4 shfmt -sr -i 4 -l -w -ci .
+        - git diff --color
+        - git diff --stat=220 --color --exit-code
 
 services:
   - docker
diff --git a/dnscrypt-wrapper.sh b/dnscrypt-wrapper.sh
index 64a8f40..6cbb167 100755
--- a/dnscrypt-wrapper.sh
+++ b/dnscrypt-wrapper.sh
@@ -21,13 +21,13 @@ new_key() {
     ts=$(date '+%s')
     /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-crypt-keypair \
         --crypt-secretkey-file="${STKEYS_DIR}/${ts}.key" &&
-    /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-cert-file \
-        --xchacha20 \
-        --provider-publickey-file="${KEYS_DIR}/public.key" \
-        --provider-secretkey-file="${KEYS_DIR}/secret.key" \
-        --crypt-secretkey-file="${STKEYS_DIR}/${ts}.key" \
-        --provider-cert-file="${STKEYS_DIR}/${ts}.cert" \
-        --cert-file-expire-days=1
+        /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper --gen-cert-file \
+            --xchacha20 \
+            --provider-publickey-file="${KEYS_DIR}/public.key" \
+            --provider-secretkey-file="${KEYS_DIR}/secret.key" \
+            --crypt-secretkey-file="${STKEYS_DIR}/${ts}.key" \
+            --provider-cert-file="${STKEYS_DIR}/${ts}.cert" \
+            --cert-file-expire-days=1
     [ $? -ne 0 ] && rm -f "${STKEYS_DIR}/${ts}.key" "${STKEYS_DIR}/${ts}.cert"
 }
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 85f0862..560fc21 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -15,7 +15,7 @@ init() {
     fi
     while getopts "h?N:E:" opt; do
         case "$opt" in
-            h|\?) usage ;;
+            h | \?) usage ;;
             N) provider_name=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
             E) ext_address=$(echo "$OPTARG" | sed -e 's/^[ \t]*//' | tr A-Z a-z) ;;
         esac
@@ -24,20 +24,23 @@ init() {
     case "$provider_name" in
         .*) usage ;;
         2.dnscrypt-cert.*) ;;
-        *) provider_name="2.dnscrypt-cert.${provider_name}"
+        *) provider_name="2.dnscrypt-cert.${provider_name}" ;;
     esac
 
     [ -z "$ext_address" ] && usage
     case "$ext_address" in
         .*) usage ;;
-        0.*) echo "Do not use 0.0.0.0, use an actual external IP address" >&2 ; exit 1 ;;
+        0.*)
+            echo "Do not use 0.0.0.0, use an actual external IP address" >&2
+            exit 1
+            ;;
     esac
 
     echo "Provider name: [$provider_name]"
     cd "$KEYS_DIR"
     /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \
         --gen-provider-keypair --nolog --dnssec --nofilter \
-        --provider-name="$provider_name" --ext-address="$ext_address" | \
+        --provider-name="$provider_name" --ext-address="$ext_address" |
         tee "${KEYS_DIR}/provider-info.txt"
     chmod 640 "${KEYS_DIR}/secret.key"
     chmod 644 "${KEYS_DIR}/public.key"
@@ -108,7 +111,10 @@ EOT
 
 case "$action" in
     start) start ;;
-    init) shift ; init $* ;;
+    init)
+        shift
+        init $*
+        ;;
     provider-info) provider_info ;;
     *) usage ;;
 esac
diff --git a/unbound-check.sh b/unbound-check.sh
index 2273dae..40fa79c 100755
--- a/unbound-check.sh
+++ b/unbound-check.sh
@@ -1,4 +1,4 @@
 #! /usr/bin/env bash
 
-drill  -DQ -p 553 NS . @127.0.0.1 && \
-drill -tDQ -p 553 NS . @127.0.0.1
+drill -DQ -p 553 NS . @127.0.0.1 &&
+    drill -tDQ -p 553 NS . @127.0.0.1
diff --git a/unbound.sh b/unbound.sh
index f838cd0..430de29 100755
--- a/unbound.sh
+++ b/unbound.sh
@@ -4,7 +4,7 @@ KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
 ZONES_DIR="/opt/unbound/etc/unbound/zones"
 
 reserved=134217728
-availableMemory=$((1024 * $( (grep -F MemAvailable /proc/meminfo || grep -F MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) ))
+availableMemory=$((1024 * $( (grep -F MemAvailable /proc/meminfo || grep -F MemTotal /proc/meminfo) | sed 's/[^0-9]//g')))
 if [ $availableMemory -le $((reserved * 2)) ]; then
     echo "Not enough memory" >&2
     exit 1
@@ -86,15 +86,15 @@ remote-control:
   control-interface: 127.0.0.1
 EOT
 
-mkdir -p /opt/unbound/etc/unbound/dev && \
-cp -a /dev/random /dev/urandom /opt/unbound/etc/unbound/dev/
+mkdir -p /opt/unbound/etc/unbound/dev &&
+    cp -a /dev/random /dev/urandom /opt/unbound/etc/unbound/dev/
 
-mkdir -p -m 700 /opt/unbound/etc/unbound/var && \
-chown _unbound:_unbound /opt/unbound/etc/unbound/var && \
-/opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
+mkdir -p -m 700 /opt/unbound/etc/unbound/var &&
+    chown _unbound:_unbound /opt/unbound/etc/unbound/var &&
+    /opt/unbound/sbin/unbound-anchor -a /opt/unbound/etc/unbound/var/root.key
 
 if [ ! -f /opt/unbound/etc/unbound/unbound_control.pem ]; then
-  /opt/unbound/sbin/unbound-control-setup
+    /opt/unbound/sbin/unbound-control-setup
 fi
 
 mkdir -p /opt/unbound/etc/unbound/zones
diff --git a/watchdog.sh b/watchdog.sh
index 8448912..a8634d1 100755
--- a/watchdog.sh
+++ b/watchdog.sh
@@ -12,5 +12,5 @@ GRACE_PERIOD=60
 provider_key=$(cat "${KEYS_DIR}/public.key.txt")
 provider_name=$(cat "${KEYS_DIR}/provider_name")
 
-drill -p 443 -Q TXT "$provider_name" @127.0.0.1 || \
-sv force-restart dnscrypt-wrapper
+drill -p 443 -Q TXT "$provider_name" @127.0.0.1 ||
+    sv force-restart dnscrypt-wrapper