diff --git a/exprs/go-no-vendor-1.22.patch b/exprs/go-no-vendor-1.22.patch
new file mode 100644
index 0000000..bd545d5
--- /dev/null
+++ b/exprs/go-no-vendor-1.22.patch
@@ -0,0 +1,23 @@
+Starting from go1.14, go verifes that vendor/modules.txt matches the requirements
+and replacements listed in the main module go.mod file, and it is a hard failure if
+vendor/modules.txt is missing.
+
+Relax module consistency checks and switch back to pre go1.14 behaviour if
+vendor/modules.txt is missing regardless of go version requirement in go.mod.
+
+This has been ported from FreeBSD: https://reviews.freebsd.org/D24122
+See https://github.com/golang/go/issues/37948 for discussion.
+
+diff --git a/src/cmd/go/internal/modload/vendor.go b/src/cmd/go/internal/modload/vendor.go
+index b2cb44100e..05bf3829d5 100644
+--- a/src/cmd/go/internal/modload/vendor.go
++++ b/src/cmd/go/internal/modload/vendor.go
+@@ -159,7 +159,7 @@ func checkVendorConsistency(indexes []*modFileIndex, modFiles []*modfile.File, m
+ 			panic(fmt.Errorf("not in workspace mode but number of indexes is %v, not 1", len(indexes)))
+ 		}
+ 		index := indexes[0]
+-		if gover.Compare(index.goVersion, "1.14") < 0 {
++		if gover.Compare(index.goVersion, "1.14") < 0 || (os.Getenv("GO_NO_VENDOR_CHECKS") == "1" && len(vendorMeta) == 0) {
+ 			// Go versions before 1.14 did not include enough information in
+ 			// vendor/modules.txt to check for consistency.
+ 			// If we know that we're on an earlier version, relax the consistency check.
diff --git a/flake.lock b/flake.lock
index 6bfebfe..37256c1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -35,11 +35,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750526864,
-        "narHash": "sha256-vRS2ADvAfjZe2e9jHHFByY7krcATUTfrBX0LWiGUcp0=",
+        "lastModified": 1750112237,
+        "narHash": "sha256-qKEsTaVv/BpLI9cCibI59vR05oExnjtqGnAIWZiFj18=",
         "owner": "uku3lig",
         "repo": "api-rs",
-        "rev": "6cd2645920a3c1f2261e810124be48ca2f6db18d",
+        "rev": "730ab7fab8fe2d0425e756373c9ea0abab3d02be",
         "type": "github"
       },
       "original": {
@@ -128,11 +128,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750469927,
-        "narHash": "sha256-mNSDBnBmhK2Q96qhwhTMm311HvMPqLmJmTcnJqpKYiE=",
+        "lastModified": 1749864910,
+        "narHash": "sha256-M7nrHENwWTZSVqaM0zQvlNVUJt/TOGVyZwU5wWvD2E4=",
         "owner": "getchoo",
         "repo": "getchvim",
-        "rev": "50ffc9f12028277b2b35e9b4c09de0c8e8bea568",
+        "rev": "b99dec55e8729f7090789d04f7b6e1f2dbcf0c2d",
         "type": "github"
       },
       "original": {
@@ -201,11 +201,11 @@
         "treefmt-nix": []
       },
       "locked": {
-        "lastModified": 1750482007,
-        "narHash": "sha256-vB7G6anfMk60VXmcpQ7bDu5BYzsijk7gh4flG+kf2RI=",
+        "lastModified": 1750233749,
+        "narHash": "sha256-BfIqCtU2HH0LSxz/3NmTAsVt5WlN6BSB1XLx2yYjgj8=",
         "owner": "soopyc",
         "repo": "mystia",
-        "rev": "bf38c5b319cf42311c7f11ee31ac9526485c8d12",
+        "rev": "aefb2e1bd2790d31e0f2cbf15b2e67e234a7c940",
         "type": "github"
       },
       "original": {
@@ -415,11 +415,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750526883,
-        "narHash": "sha256-/1TRBD7bTFpyewje9t3ZjeNWDcwOr/2plSpXwzBoBiA=",
+        "lastModified": 1750054451,
+        "narHash": "sha256-kxbEmzjD8GjpCE29k++9A8c+T1Yg6jGmyYd/5Gcqg8U=",
         "owner": "uku3lig",
         "repo": "ukubot-rs",
-        "rev": "32589e405c3370ead785ebc7c977ac67ab40c34e",
+        "rev": "27d98febaf50dda14b8efcfdc6bee8393576885b",
         "type": "github"
       },
       "original": {
@@ -431,11 +431,11 @@
     "vencord": {
       "flake": false,
       "locked": {
-        "lastModified": 1750437952,
-        "narHash": "sha256-qizTKlD53Im/UZJ1gI1jRPmRYoEwEIEUnWR6nLXIJlg=",
+        "lastModified": 1750192676,
+        "narHash": "sha256-UBhTMEBlRZnAGq9V7WrX/Vga1V5Sb9OcLA2j8L9b80o=",
         "owner": "Vendicated",
         "repo": "Vencord",
-        "rev": "658a62860e40f9411c26f30b8327f61431d3a92e",
+        "rev": "7779e5a1ecf24b74eb2171e2483f2d3826c18ea6",
         "type": "github"
       },
       "original": {
diff --git a/systems/etna/default.nix b/systems/etna/default.nix
index 385a216..9c580cc 100644
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@@ -1,5 +1,6 @@
 {
   lib,
+  pkgs,
   config,
   _utils,
   ...
@@ -7,6 +8,30 @@
 let
   tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
 
+  patchedCloudflared = pkgs.cloudflared.override {
+    buildGoModule = pkgs.buildGoModule.override {
+      go = pkgs.buildPackages.go_1_23.overrideAttrs (old: {
+        pname = "cloudflare-go";
+        version = "1.22.5-devel-cf";
+
+        src = pkgs.fetchFromGitHub {
+          owner = "cloudflare";
+          repo = "go";
+          rev = "af19da5605ca11f85776ef7af3384a02a315a52b";
+          hash = "sha256-6VT9CxlHkja+mdO1DeFoOTq7gjb3T5jcf2uf9TB/CkU=";
+        };
+
+        patches = map (
+          patch:
+          if (baseNameOf patch == "go_no_vendor_checks-1.23.patch") then
+            ../../exprs/go-no-vendor-1.22.patch
+          else
+            patch
+        ) old.patches;
+      });
+    };
+  };
+
   secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
   cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" { };
 in
@@ -76,6 +101,7 @@ in
 
     cloudflared = {
       enable = true;
+      package = patchedCloudflared.overrideAttrs { meta.broken = false; };
       tunnels.${tunnelId} = {
         credentialsFile = cfTunnelSecret.path;
         default = "http_status:404";