diff --git a/new.nix b/new.nix
index c8db100db4fde872c1a057dd24899cc362ab3acb..ac67bd9095eb85d2ddafce0decd9528a3d507ea5 100644
--- a/new.nix
+++ b/new.nix
@@ -4,12 +4,11 @@ in
 { pkgs ? import sources.release2015 {}
 , pypiData ? sources.pypi-deps-db
 , mach-nix ? import sources.mach-nix { inherit pkgs pypiData; }
-, tahoe-lafs ? "1.14.0"
 }:
   let
     providers = {
       _default = "sdist,nixpkgs,wheel";
-      tahoe-lafs = "nixpkgs";
+      tahoe-lafs = "nixpkgs,sdist";
       # not packaged in nixpkgs at all, we can use the binary wheel from
       # pypi though.
       python-challenge-bypass-ristretto = "wheel";
@@ -24,69 +23,49 @@ in
       urllib3 = "wheel";
       zipp = "wheel";
     };
-    tahoe-versions = {
-      "1.14.0" = {
-        requirements = builtins.readFile ./requirements/base.txt;
-        overridesPre = [];
-        _.tahoe-lafs.patches = [
-          (
-            pkgs.fetchpatch {
-              url = "https://raw.githubusercontent.com/PrivateStorageio/nixpkgs/privatestorageio/pkgs/development/python-modules/tahoe-lafs/rsa-exponent.patch";
-              sha256 = "sha256-0vIMj5gZPbKLkow6wpA+Tz7bpyy+mZRSSFGmpg0VMyk=";
-            }
-          )
-        ];
-      };
-      "1.16.0rc1" = rec {
-        requirements = builtins.readFile ./requirements/base-1.16.txt;
-        _ = {};
-        overridesPre = [
-          (
-            self: super: {
-              tahoe-lafs = mach-nix.buildPythonPackage {
-                python = "python27";
-                pname = "tahoe-lafs";
-                version = "1.16.0rc1";
-                inherit providers;
-                #inherit requirements providers;
-                # See https://github.com/DavHau/mach-nix/issues/190
-                requirementsExtra = ''
-                  pyrsistent
-                  foolscap == 0.13.1
-                  configparser
-                  eliot
-                  '';
-                postPatch = ''
-                  cat > src/allmydata/_version.py <<EOF
-                  # This _version.py is generated by nix.
+    tahoe-lafs = mach-nix.buildPythonPackage {
+      python = "python27";
+      pname = "tahoe-lafs";
+      version = "1.16.0rc1";
+      inherit providers;
+      #inherit requirements providers;
+      # See https://github.com/DavHau/mach-nix/issues/190
+      requirementsExtra = ''
+        pyrsistent
+        foolscap == 0.13.1
+        configparser
+        eliot
+      '';
+      postPatch = ''
+        cat > src/allmydata/_version.py <<EOF
+        # This _version.py is generated by nix.
 
-                  verstr = "$version"
-                  __version__ = verstr
-                  EOF
-                '';
-                src = pkgs.fetchFromGitHub {
-                  owner = "fenn-cs";
-                  repo = "tahoe-lafs";
-                  rev = "f6a96ae3976ee21ad0376f7b6a22fc3d12110dce";
-                  sha256 = "ZN2V5vH+VqPaBmQXXqyH+vUiqW1YNhz+7LsiNNhA/4g=";
-                };
-              };
-            }
-          )
-        ];
+        verstr = "$version"
+        __version__ = verstr
+        EOF
+      '';
+      src = pkgs.fetchFromGitHub {
+        owner = "fenn-cs";
+        repo = "tahoe-lafs";
+        rev = "f6a96ae3976ee21ad0376f7b6a22fc3d12110dce";
+        sha256 = "ZN2V5vH+VqPaBmQXXqyH+vUiqW1YNhz+7LsiNNhA/4g=";
       };
     };
   in
-    #    (builtins.elemAt tahoe-versions."1.16.0rc1".propagatedBuildInputs 0)
-    #/*
     mach-nix.buildPythonApplication rec {
       python = "python27";
       name = "zero-knowledge-access-pass-authorizer";
       src = ./.;
       inherit providers;
-      inherit (tahoe-versions.${tahoe-lafs}) requirements overridesPre _;
+      requirements = builtins.readFile ./requirements/base.txt;
+      overridesPre = [
+        (
+          self: super: {
+            inherit tahoe-lafs;
+          }
+        )
+      ];
       format = "setuptools";
       # Record some settings here, so downstream nix files can consume them.
       meta.mach-nix = { inherit python providers; };
     }
-/**/
diff --git a/nix/sources.json b/nix/sources.json
index 84908fd8ec6f62ac795a18cd047d93bebc4d2cea..a4f98751c4f344a4495e4e8abd914c34a8d88ef9 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -36,9 +36,9 @@
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "release2015": {
-        "sha256": "12p7v805xj5as2fbdh30i0b9iwy8y24sk256rgqfqylxj1784mn8",
+        "sha256": "112drvixj81vscj8cncmks311rk2ik5gydpd03d3r0yc939zjskg",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3367.fd8a7fd07da/nixexprs.tar.xz",
-        "url_template": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3367.fd8a7fd07da/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3740.ce7a1190a0f/nixexprs.tar.xz",
+        "url_template": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3740.ce7a1190a0f/nixexprs.tar.xz"
     }
 }
diff --git a/requirements/base-1.16.in b/requirements/base-1.16.in
deleted file mode 100644
index 0c5e30c1d6c0f5de527dc552c550976d988aa9c6..0000000000000000000000000000000000000000
--- a/requirements/base-1.16.in
+++ /dev/null
@@ -1,7 +0,0 @@
-attrs
-zope.interface
-eliot
-aniso8601
-python-challenge-bypass-ristretto
-https://github.com/fenn-cs/tahoe-lafs/archive/f6a96ae3976ee21ad0376f7b6a22fc3d12110dce.tar.gz
-treq
diff --git a/requirements/base-1.16.txt b/requirements/base-1.16.txt
deleted file mode 100644
index bcece6ed42c7bc870af9ba277ba487f8322d6dab..0000000000000000000000000000000000000000
--- a/requirements/base-1.16.txt
+++ /dev/null
@@ -1,180 +0,0 @@
-#
-# This file is autogenerated by pip-compile
-# To update, run:
-#
-#    pip-compile --allow-unsafe --output-file=requirements/base-1.16.txt requirements/base-1.16.in
-#
-aniso8601==9.0.1
-    # via -r requirements/base-1.16.in
-appdirs==1.4.4
-    # via twisted
-argparse==1.4.0
-    # via zfec
-attrs==21.2.0
-    # via
-    #   -r requirements/base-1.16.in
-    #   automat
-    #   magic-wormhole
-    #   python-challenge-bypass-ristretto
-    #   service-identity
-    #   tahoe-lafs
-    #   treq
-    #   twisted
-autobahn[twisted]==19.11.2
-    # via
-    #   magic-wormhole
-    #   tahoe-lafs
-automat==20.2.0
-    # via
-    #   magic-wormhole
-    #   twisted
-    #   txtorcon
-bcrypt==3.1.7
-    # via twisted
-boltons==21.0.0
-    # via eliot
-certifi==2021.5.30
-    # via requests
-cffi==1.14.6
-    # via
-    #   bcrypt
-    #   cryptography
-    #   pynacl
-    #   python-challenge-bypass-ristretto
-chardet==4.0.0
-    # via requests
-click==7.1.2
-    # via magic-wormhole
-configparser==4.0.2
-    # via tahoe-lafs
-constantly==15.1.0
-    # via twisted
-cryptography==3.3.2
-    # via
-    #   autobahn
-    #   pyopenssl
-    #   service-identity
-    #   tahoe-lafs
-    #   twisted
-    #   txtorcon
-distro==1.6.0
-    # via tahoe-lafs
-eliot==1.7.0
-    # via
-    #   -r requirements/base-1.16.in
-    #   tahoe-lafs
-enum34==1.1.10
-    # via cryptography
-foolscap==0.13.1
-    # via tahoe-lafs
-future==0.18.2
-    # via tahoe-lafs
-hkdf==0.0.3
-    # via
-    #   magic-wormhole
-    #   spake2
-humanize==1.0.0
-    # via magic-wormhole
-hyperlink==21.0.0
-    # via
-    #   treq
-    #   twisted
-idna==2.10
-    # via
-    #   hyperlink
-    #   requests
-    #   twisted
-incremental==21.3.0
-    # via
-    #   treq
-    #   twisted
-    #   txtorcon
-ipaddress==1.0.23
-    # via
-    #   cryptography
-    #   service-identity
-    #   txtorcon
-magic-wormhole==0.12.0
-    # via tahoe-lafs
-netifaces==0.11.0
-    # via tahoe-lafs
-pyasn1-modules==0.2.8
-    # via service-identity
-pyasn1==0.4.8
-    # via
-    #   pyasn1-modules
-    #   service-identity
-    #   twisted
-pycparser==2.20
-    # via cffi
-pyhamcrest==1.10.1
-    # via twisted
-pynacl==1.4.0
-    # via magic-wormhole
-pyopenssl==21.0.0
-    # via
-    #   foolscap
-    #   twisted
-tahoe-lafs
-pyrsistent==0.16.1
-    # via
-    #   eliot
-    #   tahoe-lafs
-python-challenge-bypass-ristretto==2021.7.12
-    # via -r requirements/base-1.16.in
-pyutil==3.3.0
-    # via tahoe-lafs
-pyyaml==5.4.1
-    # via tahoe-lafs
-requests==2.26.0
-    # via treq
-service-identity==21.1.0
-    # via twisted
-six==1.16.0
-    # via
-    #   autobahn
-    #   automat
-    #   bcrypt
-    #   cryptography
-    #   eliot
-    #   magic-wormhole
-    #   pyhamcrest
-    #   pynacl
-    #   pyopenssl
-    #   pyrsistent
-    #   service-identity
-    #   tahoe-lafs
-    #   treq
-    #   txaio
-spake2==0.8
-    # via magic-wormhole
-tqdm==4.62.3
-    # via magic-wormhole
-treq==21.1.0
-    # via -r requirements/base-1.16.in
-twisted[conch,tls]==20.3.0
-    # via
-    #   autobahn
-    #   foolscap
-    #   magic-wormhole
-    #   tahoe-lafs
-    #   treq
-    #   txtorcon
-txaio==18.8.1
-    # via autobahn
-txtorcon==21.1.0
-    # via magic-wormhole
-typing==3.10.0.0
-    # via hyperlink
-urllib3==1.26.7
-    # via requests
-zfec==1.5.5
-    # via tahoe-lafs
-zope.interface==5.4.0
-    # via
-    #   -r requirements/base-1.16.in
-    #   autobahn
-    #   eliot
-    #   tahoe-lafs
-    #   twisted
-    #   txtorcon
diff --git a/requirements/base.in b/requirements/base.in
index 1793016025136d40827452225a6f91bf1c805b40..0c5e30c1d6c0f5de527dc552c550976d988aa9c6 100644
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -3,7 +3,5 @@ zope.interface
 eliot
 aniso8601
 python-challenge-bypass-ristretto
-tahoe-lafs >=1.14, <1.15
+https://github.com/fenn-cs/tahoe-lafs/archive/f6a96ae3976ee21ad0376f7b6a22fc3d12110dce.tar.gz
 treq
-pyutil
-
diff --git a/requirements/base.txt b/requirements/base.txt
index 928728b3d0ae03718d0c22073107fbef89d76ef9..798d5ede892d8de87c4bd14457c55259662aaf1b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --output-file=requirements/base.txt requirements/base.in
+#    pip-compile --allow-unsafe --output-file=requirements/base.txt requirements/base.in
 #
 aniso8601==9.0.1
     # via -r requirements/base.in
@@ -45,6 +45,8 @@ chardet==4.0.0
     # via requests
 click==7.1.2
     # via magic-wormhole
+configparser==4.0.2
+    # via tahoe-lafs
 constantly==15.1.0
     # via twisted
 cryptography==3.3.2
@@ -55,6 +57,8 @@ cryptography==3.3.2
     #   tahoe-lafs
     #   twisted
     #   txtorcon
+distro==1.6.0
+    # via tahoe-lafs
 eliot==1.7.0
     # via
     #   -r requirements/base.in
@@ -63,6 +67,8 @@ enum34==1.1.10
     # via cryptography
 foolscap==0.13.1
     # via tahoe-lafs
+future==0.18.2
+    # via tahoe-lafs
 hkdf==0.0.3
     # via
     #   magic-wormhole
@@ -90,7 +96,7 @@ ipaddress==1.0.23
     #   txtorcon
 magic-wormhole==0.12.0
     # via tahoe-lafs
-nevow==0.14.5
+netifaces==0.11.0
     # via tahoe-lafs
 pyasn1-modules==0.2.8
     # via service-identity
@@ -109,12 +115,15 @@ pyopenssl==21.0.0
     # via
     #   foolscap
     #   twisted
+tahoe-lafs
 pyrsistent==0.16.1
-    # via eliot
-python-challenge-bypass-ristretto
+    # via
+    #   eliot
+    #   tahoe-lafs
+python-challenge-bypass-ristretto==2021.7.12
     # via -r requirements/base.in
 pyutil==3.3.0
-    # via -r requirements/base.in
+    # via tahoe-lafs
 pyyaml==5.4.1
     # via tahoe-lafs
 requests==2.26.0
@@ -139,8 +148,6 @@ six==1.16.0
     #   txaio
 spake2==0.8
     # via magic-wormhole
-tahoe-lafs==1.14.0
-    # via -r requirements/base.in
 tqdm==4.62.3
     # via magic-wormhole
 treq==21.1.0
@@ -150,7 +157,6 @@ twisted[conch,tls]==20.3.0
     #   autobahn
     #   foolscap
     #   magic-wormhole
-    #   nevow
     #   tahoe-lafs
     #   treq
     #   txtorcon
@@ -172,6 +178,3 @@ zope.interface==5.4.0
     #   tahoe-lafs
     #   twisted
     #   txtorcon
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools
diff --git a/requirements/test.txt b/requirements/test.txt
index 7c0b5a087032a89289db4580cf9f96074f9a9ef8..2c22f4ac7f8be9f170f2ec6fe3ed93bc23bc0f82 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -2,7 +2,7 @@
 # This file is autogenerated by pip-compile
 # To update, run:
 #
-#    pip-compile --allow-unsafe --output-file=requirements/test.txt --pip-args='-c requirements/base-1.16.txt -c requirements/base.txt' requirements/test.in
+#    pip-compile --allow-unsafe --output-file=requirements/test.txt --pip-args='-c requirements/base.txt' requirements/test.in
 #
 argparse==1.4.0
     # via unittest2
diff --git a/scripts/pin-requirements b/scripts/pin-requirements
index c8db2cc331a1423be048705f4da6699f0867a12d..a06cfbaa300478cab048ace31325121e2fa09aae 100755
--- a/scripts/pin-requirements
+++ b/scripts/pin-requirements
@@ -2,5 +2,4 @@
 
 export PYTHONPATH=.
 pip-compile -q --allow-unsafe requirements/base.in -o requirements/base.txt
-pip-compile -q --allow-unsafe requirements/base-1.16.in -o requirements/base-1.16.txt
-pip-compile -q --allow-unsafe requirements/test.in -o requirements/test.txt --pip-args "-c requirements/base-1.16.txt -c requirements/base.txt"
+pip-compile -q --allow-unsafe requirements/test.in -o requirements/test.txt --pip-args "-c requirements/base.txt"
diff --git a/tests.nix b/tests.nix
index 0bf4a9bfaca36a563fdcc4a4d06a78ffed3fc715..6e5d3e9d62815a6d95dd2b1f15dd7805b9ac3b19 100644
--- a/tests.nix
+++ b/tests.nix
@@ -4,8 +4,7 @@ in
 { pkgs ? import sources.release2015 {}
 , pypiData ? sources.pypi-deps-db
 , mach-nix ? import sources.mach-nix { inherit pkgs pypiData; }
-, tahoe-lafs ? "1.14.0"
-, zkapauthorizer ? import ./new.nix { inherit pkgs pypiData mach-nix tahoe-lafs; }
+, zkapauthorizer ? import ./new.nix { inherit pkgs pypiData mach-nix; }
 , ci-reports ? false
 , hypothesisProfile ? null
 , collectCoverage ? false