diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b91f7d5f175a32a49a5ed0788a87146d9b86c3f3..17ee05953bcaa70cfb69c036d3710944b3a0ed3e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,7 +8,7 @@ default:
 docs:
   stage: "build"
   script:
-    - "nix-shell --run 'nix-build docs.nix'"
+    - "nix-build docs.nix"
     - "cp --recursive --no-preserve=mode result/docs/. docs/build/"
   artifacts:
     paths:
diff --git a/ci-tools/count-vulnerabilities b/ci-tools/count-vulnerabilities
index 9db1c5e7e3aa756dc5b151fbcc30bc4572dd1eba..b1d2b804d81c9c53c0f9a9b41e4e554978c0032d 100755
--- a/ci-tools/count-vulnerabilities
+++ b/ci-tools/count-vulnerabilities
@@ -1,4 +1,5 @@
-#!/usr/bin/env python3
+#! /usr/bin/env nix-shell
+#! nix-shell -i python3 -p python3
 
 from sys import stdin
 from json import load
diff --git a/docs.nix b/docs.nix
index 813a6cb432942fccd96b96ee07313ff84cf885c6..9bb64627870dfee01c6858d5699001cae96045c4 100644
--- a/docs.nix
+++ b/docs.nix
@@ -1,14 +1,2 @@
-{ pkgs ? import <nixpkgs> { } }:
-let
-  # NixOS 19.03 packaged graphviz has trouble rendering our architecture
-  # overview.  Latest from upstream does alright, though.  Use that.
-  make-graphviz = (import (pkgs.path + /pkgs/tools/graphics/graphviz/base.nix) {
-    rev = "b29d8e369011b832f72e0d250a05a0a15dcb5daa";
-    sha256 = "1w61filywn9cif2nryf6vd34mxxbvv25q34fd34am1rx70bk08ps";
-    version = "b29d8e369011b832f72e0d250a05a0a15dcb5daa";
-  });
-  graphviz = (pkgs.callPackage make-graphviz { }).overrideAttrs (old: {
-    patches = [];
-  });
-in
-  pkgs.callPackage ./privatestorageio.nix { inherit graphviz; }
+{ pkgs ? import ./stable2105.nix { } }:
+pkgs.callPackage ./privatestorageio.nix { }
diff --git a/nixpkgs.json b/nixpkgs.json
index 33b343ef3498ae226218f59be257e808e9a88c7e..6b98d3d39cffa2eb1a6dfa7fb5f8c3bea50dfb60 100644
--- a/nixpkgs.json
+++ b/nixpkgs.json
@@ -1,4 +1,4 @@
 { "name": "nixpkgs"
-, "url": "https://github.com/PrivateStorageio/nixpkgs/archive/8c7a61c658e32eaccf666e5fe818a996c36a988f.tar.gz"
-, "sha256": "1ln0a8c20qykm57wl901lixny1fcfmzgbavd7pbjk6jbnfij59bl"
+, "url": "https://github.com/PrivateStorageio/nixpkgs/archive/7e71ee63a67bd3e2c190abd982b541603f4f86b0.tar.gz"
+, "sha256": "1yy89lc0p7hx7x4r2y5ll851mfn4a2lacj5c9v5w139zz17ky743"
 }
diff --git a/shell.nix b/shell.nix
index 2c1c5123da656d34fafe0883b50ef49c578c6c8b..0f163ff67645190787e64fa196663256be36d74c 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,6 +1,6 @@
 let
   nixpkgs = import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs.json))) { };
-  stable2105 = import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs-2105.json))) { };
+  stable2105 = import ./stable2105.nix { };
 in
 { pkgs ? nixpkgs }:
 pkgs.mkShell {
diff --git a/stable2105.nix b/stable2105.nix
new file mode 100644
index 0000000000000000000000000000000000000000..536d913b89ba6a57d8d683381ea1c8f40e026b4f
--- /dev/null
+++ b/stable2105.nix
@@ -0,0 +1 @@
+import (builtins.fetchTarball (builtins.fromJSON (builtins.readFile ./nixpkgs-2105.json)))