diff --git a/patches/hooks-correct-nixfmt.patch b/patches/hooks-correct-nixfmt.patch
new file mode 100644
index 0000000..c72a8ef
--- /dev/null
+++ b/patches/hooks-correct-nixfmt.patch
@@ -0,0 +1,257 @@
+diff --git a/nix/tools.nix b/nix/tools.nix
+index 9bcc89d..c3e78af 100644
+--- a/nix/tools.nix
++++ b/nix/tools.nix
+@@ -1,95 +1,93 @@
+-{ stdenv
+-, lib
++{
++  stdenv,
++  lib,
+ 
+-, actionlint
+-, alejandra
+-, ansible-lint
+-, biome
+-, cabal-fmt
+-, cabal-gild
+-, cabal2nix
+-, callPackage
+-, cargo
+-, checkmake
+-, clang-tools
+-, clippy
+-, cljfmt
+-, cmake-format
+-, commitizen
+-, conform
+-, convco
+-, crystal
+-, deadnix
+-, deno
+-, dhall
+-, dune_3
+-, eclint
+-, editorconfig-checker
+-, elixir
+-, elmPackages
+-, flake-checker ? null
+-, fprettify
+-, git-annex
+-, gptcommit ? null
+-, hadolint
+-, haskellPackages
+-, hindent
+-, hlint
+-, hpack
+-, html-tidy
+-, luaPackages
+-, lua-language-server
+-, lychee
+-, julia-bin
+-, mdl
+-, mdsh
+-, nil
+-, nixfmt
+-, nixpkgs-fmt
+-, nodePackages
+-, ocamlPackages
+-, opam
+-, ormolu
+-, pkgsBuildBuild
+-, poetry
+-, pre-commit-hook-ensure-sops ? null
+-, python3Packages
+-, pyright ? nodePackages.pyright
+-, php82Packages
+-, ripsecrets ? null
+-, reuse
+-, ruff ? null
+-, rustfmt
+-, shellcheck
+-, bats
+-, shfmt
+-, beautysh
+-, statix
+-, stylish-haskell
+-, stylua
+-, tagref
+-, taplo
+-, texlive
+-, topiary ? null ## Added in nixpkgs on Dec 2, 2022
+-, treefmt
+-, typos
+-, typstfmt
+-, typstyle ? null ## Add in nixpkgs added on commit 800ca60
+-, zprint
+-, yamlfmt
+-, yamllint
+-, go
+-, go-tools
+-, golangci-lint
+-, revive ? null
+-, vale
++  actionlint,
++  alejandra,
++  ansible-lint,
++  biome,
++  cabal-fmt,
++  cabal-gild,
++  cabal2nix,
++  callPackage,
++  cargo,
++  checkmake,
++  clang-tools,
++  clippy,
++  cljfmt,
++  cmake-format,
++  commitizen,
++  conform,
++  convco,
++  crystal,
++  deadnix,
++  deno,
++  dhall,
++  dune_3,
++  eclint,
++  editorconfig-checker,
++  elixir,
++  elmPackages,
++  flake-checker ? null,
++  fprettify,
++  git-annex,
++  gptcommit ? null,
++  hadolint,
++  haskellPackages,
++  hindent,
++  hlint,
++  hpack,
++  html-tidy,
++  luaPackages,
++  lua-language-server,
++  lychee,
++  julia-bin,
++  mdl,
++  mdsh,
++  nil,
++  nixfmt-rfc-style,
++  nixpkgs-fmt,
++  nodePackages,
++  ocamlPackages,
++  opam,
++  ormolu,
++  pkgsBuildBuild,
++  poetry,
++  pre-commit-hook-ensure-sops ? null,
++  python3Packages,
++  pyright ? nodePackages.pyright,
++  php82Packages,
++  ripsecrets ? null,
++  reuse,
++  ruff ? null,
++  rustfmt,
++  shellcheck,
++  bats,
++  shfmt,
++  beautysh,
++  statix,
++  stylish-haskell,
++  stylua,
++  tagref,
++  taplo,
++  texlive,
++  topiary ? null, # # Added in nixpkgs on Dec 2, 2022
++  treefmt,
++  typos,
++  typstfmt,
++  typstyle ? null, # # Add in nixpkgs added on commit 800ca60
++  zprint,
++  yamlfmt,
++  yamllint,
++  go,
++  go-tools,
++  golangci-lint,
++  revive ? null,
++  vale,
+ }:
+ 
+-
+ let
+-  tex = texlive.combine {
+-    inherit (texlive) latexindent chktex scheme-basic;
+-  };
++  tex = texlive.combine { inherit (texlive) latexindent chktex scheme-basic; };
+ in
+ {
+   inherit
+@@ -131,7 +129,7 @@ in
+     mdl
+     mdsh
+     nil
+-    nixfmt
++    nixfmt-rfc-style
+     nixpkgs-fmt
+     ormolu
+     pre-commit-hook-ensure-sops
+@@ -163,9 +161,25 @@ in
+   # TODO: these two should be statically compiled
+   inherit (haskellPackages) fourmolu;
+   inherit (luaPackages) luacheck;
+-  inherit (nodePackages) eslint markdownlint-cli prettier cspell;
++  inherit (nodePackages)
++    eslint
++    markdownlint-cli
++    prettier
++    cspell
++    ;
+   inherit (ocamlPackages) ocp-indent;
+-  inherit (python3Packages) autoflake black flake8 flynt isort mkdocs-linkcheck mypy pre-commit-hooks pylint pyupgrade;
++  inherit (python3Packages)
++    autoflake
++    black
++    flake8
++    flynt
++    isort
++    mkdocs-linkcheck
++    mypy
++    pre-commit-hooks
++    pylint
++    pyupgrade
++    ;
+   inherit (php82Packages) php-cs-fixer psalm;
+   # FIXME: workaround build failure
+   phpstan = php82Packages.phpstan.overrideAttrs (old: {
+@@ -182,15 +196,27 @@ in
+   purty = callPackage ./purty { purty = nodePackages.purty; };
+   terraform-fmt = callPackage ./terraform-fmt { };
+   tflint = callPackage ./tflint { };
+-  dune-build-opam-files = callPackage ./dune-build-opam-files { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };
+-  dune-fmt = callPackage ./dune-fmt { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };
+-  latexindent = tex;
+-  lacheck = texlive.combine {
+-    inherit (texlive) lacheck scheme-basic;
++  dune-build-opam-files = callPackage ./dune-build-opam-files {
++    dune = dune_3;
++    inherit (pkgsBuildBuild) ocaml;
+   };
++  dune-fmt = callPackage ./dune-fmt {
++    dune = dune_3;
++    inherit (pkgsBuildBuild) ocaml;
++  };
++  latexindent = tex;
++  lacheck = texlive.combine { inherit (texlive) lacheck scheme-basic; };
+   chktex = tex;
+   commitizen = commitizen.overrideAttrs (_: _: { doCheck = false; });
+-  bats = if bats ? withLibraries then (bats.withLibraries (p: [ p.bats-support p.bats-assert p.bats-file ])) else bats;
++  bats =
++    if bats ? withLibraries then
++      (bats.withLibraries (p: [
++        p.bats-support
++        p.bats-assert
++        p.bats-file
++      ]))
++    else
++      bats;
+   git-annex = if stdenv.isDarwin then null else git-annex;
+   # Note: Only broken in stable nixpkgs, works fine on latest master.
+   opam = if stdenv.isDarwin then null else opam;
diff --git a/shell.nix b/shell.nix
index 6e4324e..1a5b295 100644
--- a/shell.nix
+++ b/shell.nix
@@ -4,21 +4,29 @@ let
   nixos-anywhere = pkgs.callPackage "${inputs.nixos-anywhere}/src/default.nix" { };
   agenix = pkgs.callPackage "${inputs.agenix}/pkgs/agenix.nix" { };
   bootstrap = import scripts/bootstrap-machine.nix;
-  pre-commit-hook = (import inputs.git-hooks).run {
-    src = ./.;
+  pre-commit-hook =
+    (import (
+      pkgs.applyPatches {
+        name = "patched-git-hooks";
+        src = inputs.git-hooks;
+        patches = [ ./patches/hooks-correct-nixfmt.patch ];
+      }
+    )).run
+      {
+        src = ./.;
 
-    hooks = {
-      statix.enable = true;
-      deadnix.enable = true;
-      rfc101 = {
-        enable = true;
-        name = "RFC-101 formatting";
-        entry = "${pkgs.lib.getExe pkgs.nixfmt-rfc-style}";
-        files = "\\.nix$";
+        hooks = {
+          statix.enable = true;
+          deadnix.enable = true;
+          rfc101 = {
+            enable = true;
+            name = "RFC-101 formatting";
+            entry = "${pkgs.lib.getExe pkgs.nixfmt-rfc-style}";
+            files = "\\.nix$";
+          };
+          commitizen.enable = true;
+        };
       };
-      commitizen.enable = true;
-    };
-  };
 in
 pkgs.mkShell {
   nativeBuildInputs = with pkgs; [