diff --git a/nixos/modules/overlays.nix b/nixos/modules/overlays.nix
index 7e22c2f1d06f56e474e63492d3232ce9ef545cd7..ad41b406e3f7629f1e0765a9230a17c85fdba577 100644
--- a/nixos/modules/overlays.nix
+++ b/nixos/modules/overlays.nix
@@ -1,40 +1,8 @@
 self: super: {
-  python27 = super.python27.override {
-    packageOverrides = python-self: python-super: {
-      # Get the newest Tahoe-LAFS as a module instead of an application.
-      tahoe-lafs = python-super.toPythonModule (python-super.callPackage ../pkgs/tahoe-lafs.nix { });
-
-      # Get our ZKAP authorizer plugin package.
-      zkapauthorizer = python-self.callPackage ../pkgs/zkapauthorizer.nix { };
-
-      # new tahoe-lafs has a new dependency on eliot.
-      eliot = python-super.callPackage ../pkgs/eliot.nix { };
-
-      # new tahoe-lafs depends on a very recent autobahn for better websocket
-      # testing features.
-      autobahn = python-super.callPackage ../pkgs/autobahn.nix { };
-
-      # new autobahn requires a newer cryptography
-      cryptography = python-super.callPackage ../pkgs/cryptography.nix { };
-
-      # new cryptography requires a newer cryptography_vectors
-      cryptography_vectors = python-super.callPackage ../pkgs/cryptography_vectors.nix { };
-
-      # upstream twisted package is missing a recently added dependency.
-      twisted = python-super.twisted.overrideAttrs (old:
-      { propagatedBuildInputs = old.propagatedBuildInputs ++ [ python-super.appdirs ];
-        checkPhase = ''
-          ${self.python.interpreter} -m twisted.trial twisted
-        '';
-      });
-
-    };
-  };
-
-  privatestorage = self.python27.buildEnv.override
+  privatestorage = super.python27.buildEnv.override
   { extraLibs =
-    [ self.python27Packages.tahoe-lafs
-      self.python27Packages.zkapauthorizer
+    [ super.python27Packages.tahoe-lafs
+      super.python27Packages.zkapauthorizer
     ];
     # Twisted's dropin.cache always collides between different
     # plugin-providing packages.
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index 863426a5159d54ceb65a69bd04b04fb7941af570..ca44959ea25942bdadc6e014a2aa300b26b1f800 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -6,7 +6,11 @@ let
   # overlay defines a new version of Tahoe-LAFS and some of its dependencies
   # and maybe other useful Private Storage customizations.
   pspkgs = import pkgs.path
-  { overlays = [ (import ./overlays.nix) ];
+  { overlays = [
+      # needs fetchFromGitHub to check out zkapauthorizer
+      (pkgs.callPackage ./zkap-overlay.nix { })
+      (import ./overlays.nix)
+    ];
   };
   # Grab the configuration for this module for convenient access below.
   cfg = config.services.private-storage;
diff --git a/nixos/modules/zkap-overlay.nix b/nixos/modules/zkap-overlay.nix
new file mode 100644
index 0000000000000000000000000000000000000000..75433f0fc10663aecbd16593fea9ba40073281fa
--- /dev/null
+++ b/nixos/modules/zkap-overlay.nix
@@ -0,0 +1,5 @@
+{ fetchFromGitHub }:
+let
+  zkapauthorizer = import ../pkgs/zkapauthorizer-repo.nix { inherit fetchFromGitHub; };
+in
+  import "${zkapauthorizer}/overlays.nix"