diff --git a/system/default.nix b/system/default.nix
index 16df6a5..fdfe9e1 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -13,6 +13,7 @@ in
     ./sessions
     ./testing
     ./cachix.nix
+    ./mitigations.nix
   ];
   config = {};
   options.nixfiles = {
diff --git a/system/mitigations.nix b/system/mitigations.nix
new file mode 100644
index 0000000..db44285
--- /dev/null
+++ b/system/mitigations.nix
@@ -0,0 +1,18 @@
+{ pkgs, config, lib, inputs, nixpkgs, ... }:
+let
+  p5 = config.services.xserver.desktopManager.plasma5.enable;
+  p6 = config.services.desktopManager.plasma6.enable;
+in
+{
+  config = lib.mkMerge [
+    (lib.mkIf (p5 || p6) {
+      assertions = [
+        {
+          assertion = ((nixpkgs == inputs.nixpkgs-unstable) && nixpkgs.lastModified < (1710889954 + (60*60*24*2)));
+          message = "workaround still configured in system/mitigations.nix";
+        }
+      ];
+      programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-qt;
+    })
+  ];
+}