diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 1df905600e25c75423070c7aede376d95ba9e4e2..ec60acc70dcdc90409b84e0b19ce9c2cb3d27cfa 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -1,6 +1,7 @@
 { "publicStoragePort": 8898
 , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key"
 , "stripeSecretKeyPath": "../../PrivateStorageSecrets/stripe.secret"
+, "passValue": 1000000
 , "issuerDomain": "payments.privatestorage.io"
 , "letsEncryptAdminEmail": "jean-paul@privatestorage.io"
 , "allowedChargeOrigins": [
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index eca13fe1dd76fb37ea0a7b900b725217d33b970e..e9b3b96940ab6cc73ef6b6f8dc2ec89a83a463d9 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -1,6 +1,7 @@
 { "publicStoragePort": 8898
 , "ristrettoSigningKeyPath": "../../PrivateStorageSecrets/ristretto.signing-key"
 , "stripeSecretKeyPath": "../../PrivateStorageSecrets/privatestorageio-testing-stripe.secret"
+, "passValue": 1000000
 , "issuerDomain": "payments.privatestorage-staging.com"
 , "letsEncryptAdminEmail": "jean-paul@privatestorage.io"
 , "allowedChargeOrigins": [
diff --git a/morph/lib/make-storage.nix b/morph/lib/make-storage.nix
index 0c556befc096f0fb8fa4476e6bad234e3e9231a2..a9c968c285cf7c252a72b9fb90608a1138c85c66 100644
--- a/morph/lib/make-storage.nix
+++ b/morph/lib/make-storage.nix
@@ -3,6 +3,7 @@
 , hardware                   # The path to the hardware configuration for this node.
 , publicStoragePort          # The storage port number on which to accept connections.
 , ristrettoSigningKeyPath    # The *local* path to the Ristretto signing key file.
+, passValue                  # Bytes component of size×time value of passes.
 , sshUsers                   # Users for which to configure SSH access to this node.
 , stateVersion               # The value for system.stateVersion on this node.
                              # This value determines the NixOS release with
@@ -57,6 +58,8 @@
     inherit publicStoragePort;
     # Give it the Ristretto signing key, too, to support authorization.
     ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    # Assign the configured pass value.
+    inherit passValue;
     # It gets the users, too.
     inherit sshUsers;
   };
diff --git a/morph/lib/make-testing.nix b/morph/lib/make-testing.nix
index df8eb006b3234d5e127a334a401c9079d5adc2fb..bb254d1aa3ef9dd3edaf93693b2bd52f1e42a74c 100644
--- a/morph/lib/make-testing.nix
+++ b/morph/lib/make-testing.nix
@@ -1,4 +1,4 @@
-{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, sshUsers, stateVersion, ... }: rec {
+{ publicIPv4, hardware, publicStoragePort, ristrettoSigningKeyPath, passValue, sshUsers, stateVersion, ... }: rec {
 
   deployment = {
     secrets = {
@@ -26,6 +26,7 @@
     inherit publicIPv4;
     inherit publicStoragePort;
     ristrettoSigningKeyPath = deployment.secrets.ristretto-signing-key.destination;
+    inherit passValue;
     inherit sshUsers;
   };
 
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index c454dd2cef024a1e487a1935bc729fc0482371cd..0490af1ee4ebfea20ebcc3acc2e3c59e0a0963d1 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -78,13 +78,22 @@ in
         The path to the Ristretto signing key for the service.
       '';
     };
+    services.private-storage.passValue = lib.mkOption
+    { default = null;
+      type = lib.types.nullOr lib.types.int;
+      example = lib.literalExample (1000 * 1000);
+      description = ''
+        The bytes component of the bytes×time value of a single pass which
+        storage servers will use when making pricing decisions.
+      '';
+    };
   };
 
   # Define configuration based on values given for our options - starting with
   # the option that says whether this is even turned on.
   config = lib.mkIf cfg.enable
   { services.tahoe.nodes."${storage-node-name}" =
-    { package = config.services.private-storage.tahoe.package;
+    { package = cfg.tahoe.package;
       # Each attribute in this set corresponds to a section in the tahoe.cfg
       # file.  Attributes on those sets correspond to individual assignments
       # in those sections.
@@ -126,7 +135,11 @@ in
         "storageserver.plugins.privatestorageio-zkapauthz-v1" =
         { "ristretto-issuer-root-url" = cfg.issuerRootURL;
           "ristretto-signing-key-path" = cfg.ristrettoSigningKeyPath;
-        };
+        } // (
+          if cfg.passValue == null
+          then {}
+          else { "pass-value" = (toString cfg.passValue); }
+        );
       };
     };
 
diff --git a/nixos/pkgs/zkapauthorizer-repo.nix b/nixos/pkgs/zkapauthorizer-repo.nix
index 7a39567cd7400a89579808853b41e107a68f6786..f3dae108f15d109b97e0f384a41bce84a9becb59 100644
--- a/nixos/pkgs/zkapauthorizer-repo.nix
+++ b/nixos/pkgs/zkapauthorizer-repo.nix
@@ -4,6 +4,6 @@ in
   pkgs.fetchFromGitHub {
     owner = "PrivateStorageio";
     repo = "ZKAPAuthorizer";
-    rev = "27a2f31e5483fa732785cf550e3beef09d67c398";
-    sha256 = "10x28f1iplhskbaqxqcd68kz0llssvn261b87x1aaay3959s8ama";
+    rev = "7b4796470764f47f6b2f57d7678cc2311e5bd18e";
+    sha256 = "1b5z7mha8sak46b2sxdd44hqc0a1wx7frcydzgzs25ncq4a516aa";
   }
\ No newline at end of file