diff --git a/.gitattributes b/.gitattributes
index 9f1cb3c..1917907 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,3 @@
 *.yaml diff=sopsdiffer
+.pre-commit-config.yaml diff=default
 
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 137d72d..aca0e80 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -18,10 +18,10 @@ jobs:
         run: nix flake show
 
       - name: Check formatting
-        run: nix fmt --check .
+        run: nix fmt -- --ci .
 
       - name: Run deadnix
-        run: deadnix ./modules ./lib
+        run: nix run nixpkgs#deadnix ./modules ./lib
 
       - name: Run statix
-        run: statix check ./modules ./lib
+        run: nix run nixpkgs#statix check -- .
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a6b8116..acbde48 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,11 +3,11 @@ repos:
     hooks:
       - id: nixfmt
         name: nixfmt
-        entry: nixfmt
+        entry: nix
         language: system
         types: [nix]
         pass_filenames: false
-        args: ["."]
+        args: ["fmt"]
 
       - id: deadnix
         name: deadnix
@@ -16,3 +16,10 @@ repos:
         types: [nix]
         args: ["./modules", "./lib"]
 
+      - id: statix
+        name: statix
+        entry: statix
+        language: system
+        types: [nix]
+        args: ["check", "--", "."]
+
diff --git a/.sops.yaml b/.sops.yaml
index 09d78a0..bc2cfd3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -60,8 +60,6 @@ creation_rules:
     key_groups:
       - age:
           - *system_rainbow_planet
-  - path_regex: ^\.pre-commit-config\.yaml$
-    # Plain YAML file, not encrypted
   - path_regex: modules/shared/secrets.yaml$
     key_groups:
       - age:
diff --git a/flake.nix b/flake.nix
index f3b09bf..9320164 100644
--- a/flake.nix
+++ b/flake.nix
@@ -100,7 +100,7 @@
       ];
     in
     {
-      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt);
+      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-tree);
 
       # Darwin (macOS) hosts
       darwinConfigurations = {
diff --git a/modules/shared/home/general/default.nix b/modules/shared/home/general/default.nix
index dd045ca..5b3aeda 100644
--- a/modules/shared/home/general/default.nix
+++ b/modules/shared/home/general/default.nix
@@ -51,7 +51,7 @@ in
     nodejs
     nurl
     nvd
-    nixfmt
+    nixfmt-tree
     onefetch
     powershell
     pre-commit