diff --git a/flake.lock b/flake.lock
index d27b289..e7496d5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -225,7 +225,7 @@
         "crane": "crane_2",
         "devshell": "devshell_5",
         "drv-parts": "drv-parts_2",
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
         "flake-parts": "flake-parts_4",
         "flake-utils-pre-commit": "flake-utils-pre-commit_2",
         "ghc-utils": "ghc-utils_2",
@@ -868,9 +868,7 @@
     },
     "hydra": {
       "inputs": {
-        "nix": [
-          "nix"
-        ],
+        "nix": "nix",
         "nixpkgs": "nixpkgs_6"
       },
       "locked": {
@@ -1092,22 +1090,25 @@
     },
     "nix": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
+        "flake-compat": "flake-compat_3",
         "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_11",
+        "nixpkgs": [
+          "hydra",
+          "nixpkgs"
+        ],
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1701122567,
-        "narHash": "sha256-iA8DqS+W2fWTfR+nNJSvMHqQ+4NpYMRT3b+2zS6JTvE=",
+        "lastModified": 1706208340,
+        "narHash": "sha256-wNyHUEIiKKVs6UXrUzhP7RSJQv0A8jckgcuylzftl8k=",
         "owner": "NixOS",
         "repo": "nix",
-        "rev": "50f8f1c8bc019a4c0fd098b9ac674b94cfc6af0d",
+        "rev": "2c4bb93ba5a97e7078896ebc36385ce172960e4e",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "2.19.2",
+        "ref": "2.19-maintenance",
         "repo": "nix",
         "type": "github"
       }
@@ -1135,7 +1136,7 @@
       "inputs": {
         "flake-parts": "flake-parts_6",
         "nix-github-actions": "nix-github-actions_2",
-        "nixpkgs": "nixpkgs_13",
+        "nixpkgs": "nixpkgs_12",
         "treefmt-nix": "treefmt-nix_3"
       },
       "locked": {
@@ -1428,7 +1429,7 @@
         "flake-compat": "flake-compat_6",
         "lib-aggregate": "lib-aggregate",
         "nix-eval-jobs": "nix-eval-jobs",
-        "nixpkgs": "nixpkgs_14"
+        "nixpkgs": "nixpkgs_13"
       },
       "locked": {
         "lastModified": 1705323114,
@@ -1492,27 +1493,11 @@
     },
     "nixpkgs_11": {
       "locked": {
-        "lastModified": 1705033721,
-        "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
+        "lastModified": 1706550542,
+        "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-23.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_12": {
-      "locked": {
-        "lastModified": 1705133751,
-        "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
+        "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
         "type": "github"
       },
       "original": {
@@ -1521,7 +1506,7 @@
         "type": "indirect"
       }
     },
-    "nixpkgs_13": {
+    "nixpkgs_12": {
       "locked": {
         "lastModified": 1703134684,
         "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
@@ -1537,7 +1522,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_14": {
+    "nixpkgs_13": {
       "locked": {
         "lastModified": 1705133751,
         "narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
@@ -1553,7 +1538,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_15": {
+    "nixpkgs_14": {
       "locked": {
         "lastModified": 1704842529,
         "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=",
@@ -1569,7 +1554,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_16": {
+    "nixpkgs_15": {
       "locked": {
         "lastModified": 1695644571,
         "narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
@@ -1796,7 +1781,7 @@
     },
     "pre-commit-hooks-nix_2": {
       "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
         "flake-utils": "flake-utils_5",
         "gitignore": "gitignore_2",
         "nixpkgs": "nixpkgs_9",
@@ -1821,7 +1806,7 @@
         "flake-compat": "flake-compat_7",
         "flake-utils": "flake-utils_7",
         "gitignore": "gitignore_3",
-        "nixpkgs": "nixpkgs_15",
+        "nixpkgs": "nixpkgs_14",
         "nixpkgs-stable": "nixpkgs-stable_3"
       },
       "locked": {
@@ -1927,10 +1912,9 @@
         "hyprland-contrib": "hyprland-contrib",
         "jovian-nixos": "jovian-nixos",
         "mensa": "mensa",
-        "nix": "nix",
         "nix-colors": "nix-colors",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_12",
+        "nixpkgs": "nixpkgs_11",
         "nixpkgs-wayland": "nixpkgs-wayland",
         "pre-commit-hooks-nix": "pre-commit-hooks-nix_3",
         "qmk-udev-rules": "qmk-udev-rules",
@@ -2079,7 +2063,7 @@
     },
     "treefmt-nix_4": {
       "inputs": {
-        "nixpkgs": "nixpkgs_16"
+        "nixpkgs": "nixpkgs_15"
       },
       "locked": {
         "lastModified": 1704649711,
diff --git a/flake.nix b/flake.nix
index 16539dc..91bbdf0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,7 +8,6 @@
     pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix";
 
     nixpkgs.url = "nixpkgs/nixos-unstable";
-    nix.url = "github:NixOS/nix/2.19.2";
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     custom-udev-rules.url = "github:MalteT/custom-udev-rules";
     nix-colors.url = "github:Misterio77/nix-colors";
@@ -38,7 +37,6 @@
     };
     hydra = {
       url = "github:NixOS/hydra";
-      inputs.nix.follows = "nix";
     };
     hyprland = {
       url = "github:hyprwm/Hyprland";
diff --git a/hosts/faunus-ater/modules/hydra.nix b/hosts/faunus-ater/modules/hydra.nix
index 218db10..58c7c3e 100644
--- a/hosts/faunus-ater/modules/hydra.nix
+++ b/hosts/faunus-ater/modules/hydra.nix
@@ -6,23 +6,9 @@
 }: {
   services.hydra = {
     enable = true;
-    package = pkgs.hydra.overrideAttrs (old: {
-      patches =
-        (
-          if old ? patches
-          then old.patches
-          else []
-        )
-        ++ [
-          ../../../patches/hydra-replace-restrict-with-pure-eval.patch
-        ];
-    });
     notificationSender = "hydra@hydra.tammena.me";
     hydraURL = "https://hydra.tammena.me";
     minimumDiskFree = 10;
-    extraConfig = ''
-      evaluator_restrict_eval = false
-    '';
     useSubstitutes = true;
   };
 
@@ -61,6 +47,10 @@
       StrictHostKeyChecking accept-new
   '';
 
+  nix.extraOptions = ''
+    allowed-uris = https: github: gitlab:
+  '';
+
   systemd.services."hydra-initial-setup" = {
     description = "Setup hydra admin password once";
     serviceConfig = {
diff --git a/patches/hydra-replace-restrict-with-pure-eval.patch b/patches/hydra-replace-restrict-with-pure-eval.patch
deleted file mode 100644
index 2c086e4..0000000
--- a/patches/hydra-replace-restrict-with-pure-eval.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
-index 2794cc62..bd6416e9 100644
---- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
-+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
-@@ -327,7 +327,7 @@ int main(int argc, char * * argv)
- 
-         /* Prevent access to paths outside of the Nix search path and
-            to the environment. */
--        evalSettings.restrictEval = true;
-+        evalSettings.restrictEval = config->getBoolOption("evaluator_restrict_eval", true);
- 
-         /* When building a flake, use pure evaluation (no access to
-            'getEnv', 'currentSystem' etc. */