diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 29be3c5..b53a3f2 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -9,9 +9,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: cachix/install-nix-action@v22
       with:
-        extra_nix_config: |
-          system-features = nixos-test recursive-nix benchmark big-parallel kvm
-          extra-experimental-features = recursive-nix nix-command flakes
+        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
     - run: nix build
     - run: nix build .#doc
     - run: nix fmt . -- --check
@@ -22,9 +20,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: cachix/install-nix-action@v22
       with:
-        extra_nix_config: |
-          system-features = nixos-test recursive-nix benchmark big-parallel kvm
-          extra-experimental-features = recursive-nix nix-command flakes
+        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
     - run: nix build
     - run: nix build .#doc
     - run: nix fmt . -- --check
diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix
index d2fcbce..0d35bf4 100644
--- a/pkgs/agenix.nix
+++ b/pkgs/agenix.nix
@@ -9,49 +9,29 @@
   substituteAll,
   ageBin ? "${rage}/bin/rage",
   shellcheck,
-}: let
-  bin = "${placeholder "out"}/bin/agenix";
-in
-  stdenv.mkDerivation rec {
-    pname = "agenix";
-    version = "0.15.0";
-    src = substituteAll {
-      inherit ageBin version;
-      jqBin = "${jq}/bin/jq";
-      nixInstantiate = "${nix}/bin/nix-instantiate";
-      mktempBin = "${mktemp}/bin/mktemp";
-      diffBin = "${diffutils}/bin/diff";
-      src = ./agenix.sh;
-    };
-    dontUnpack = true;
-    doInstallCheck = true;
-    installCheckInputs = [shellcheck];
-    postInstallCheck = ''
-      shellcheck ${bin}
-      ${bin} -h | grep ${version}
+}:
+stdenv.mkDerivation rec {
+  pname = "agenix";
+  version = "0.15.0";
+  src = substituteAll {
+    inherit ageBin version;
+    jqBin = "${jq}/bin/jq";
+    nixInstantiate = "${nix}/bin/nix-instantiate";
+    mktempBin = "${mktemp}/bin/mktemp";
+    diffBin = "${diffutils}/bin/diff";
+    src = ./agenix.sh;
+  };
+  dontUnpack = true;
 
-      mkdir -p /tmp/home/.ssh
-      cp -r "${../example}" /tmp/home/secrets
-      chmod -R u+rw /tmp/home/secrets
-      export HOME=/tmp/home
-      (
-      umask u=rw,g=r,o=r
-      cp ${../example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
-      chown $UID $HOME/.ssh/id_ed25519.pub
-      )
-      (
-      umask u=rw,g=,o=
-      cp ${../example_keys/user1} $HOME/.ssh/id_ed25519
-      chown $UID $HOME/.ssh/id_ed25519
-      )
+  doCheck = true;
+  checkInputs = [shellcheck];
+  postCheck = ''
+    shellcheck $src
+  '';
 
-      cd /tmp/home/secrets
-      test $(${bin} -d secret1.age) = "hello"
-    '';
+  installPhase = ''
+    install -D $src ${placeholder "out"}/bin/agenix
+  '';
 
-    installPhase = ''
-      install -D $src ${bin}
-    '';
-
-    meta.description = "age-encrypted secrets for NixOS";
-  }
+  meta.description = "age-encrypted secrets for NixOS";
+}