diff --git a/pkgs/tools/security/yubikey-agent/default.nix b/pkgs/tools/security/yubikey-agent/default.nix
index d4f3e1567caa..305f5a4fe799 100644
--- a/pkgs/tools/security/yubikey-agent/default.nix
+++ b/pkgs/tools/security/yubikey-agent/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "yubikey-agent";
-  version = "0.1.3";
+  version = "unstable-2021-02-18";
 
   src = fetchFromGitHub {
     owner = "FiloSottile";
     repo = pname;
-    rev = "v${version}";
-    sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr";
+    rev = "8cadc13d107757f8084d9d2b93ea64ff0c1748e8";
+    sha256 = "1lklgq9qkqil5s0g56wbhs0vpr9c1bd4ir7bkrjwqj75ygxim8ml";
   };
 
   buildInputs =
@@ -25,7 +25,7 @@ buildGoModule rec {
     substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send
   '';
 
-  vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h";
+  vendorSha256 = "1zx1w2is61471v4dlmr4wf714zqsc8sppik671p7s4fis5vccsca";
 
   doCheck = false;
 
@@ -42,7 +42,7 @@ buildGoModule rec {
   # See https://github.com/FiloSottile/yubikey-agent/pull/43
   + lib.optionalString stdenv.isLinux ''
     mkdir -p $out/lib/systemd/user
-    substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \
+    substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \
       --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent"
   '';
 
diff --git a/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/pkgs/tools/security/yubikey-agent/yubikey-agent.service
deleted file mode 100644
index 7a91f902544e..000000000000
--- a/pkgs/tools/security/yubikey-agent/yubikey-agent.service
+++ /dev/null
@@ -1,35 +0,0 @@
-[Unit]
-Description=Seamless ssh-agent for YubiKeys
-Documentation=https://filippo.io/yubikey-agent
-
-[Service]
-ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock
-ExecReload=/bin/kill -HUP $MAINPID
-ProtectSystem=strict
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectControlGroups=yes
-ProtectClock=yes
-ProtectHostname=yes
-PrivateTmp=yes
-PrivateDevices=yes
-PrivateUsers=yes
-IPAddressDeny=any
-RestrictAddressFamilies=AF_UNIX
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-LockPersonality=yes
-CapabilityBoundingSet=
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
-SystemCallErrorNumber=EPERM
-SystemCallArchitectures=native
-NoNewPrivileges=yes
-KeyringMode=private
-UMask=0177
-RuntimeDirectory=yubikey-agent
-
-[Install]
-WantedBy=default.target