diff --git a/new.nix b/new.nix
index cc42aca847581639c68a588491dc9d9f3109d990..d36bfd0fca0337a913aadae11c1a6f3bfc97e8d9 100644
--- a/new.nix
+++ b/new.nix
@@ -23,6 +23,8 @@ in
       chardet = "wheel";
       urllib3 = "wheel";
       zipp = "wheel";
+      # marked broken
+      magic-wormhole = "wheel";
     };
     tahoe-lafs = mach-nix.buildPythonPackage {
       python = "python27";
@@ -61,6 +63,12 @@ in
           }
         )
       ];
+      requirementsExtra = ''
+        pyrsistent
+        foolscap == 0.13.1
+        configparser
+        eliot
+      '';
       format = "setuptools";
       # Record some settings here, so downstream nix files can consume them.
       meta.mach-nix = { inherit python providers; };
diff --git a/nix/sources.json b/nix/sources.json
index 28cff84a20b700ce12703537813055655552cb0b..9d2dfc57eb2169a4a7c55fca14d2b2cab8cb1126 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -29,10 +29,10 @@
         "homepage": "",
         "owner": "DavHau",
         "repo": "pypi-deps-db",
-        "rev": "1f60509dcf1877b3bdee057412cbc938ccdb5d77",
-        "sha256": "1f6n1jcpi8pphyp5l76mcimywzw0if6h36glwjd62ki82d2jxq6b",
+        "rev": "4ac3cefbc167b71361d8e732c9c5febdd0b8df72",
+        "sha256": "0ck79imx7sw0ka12rs2x03ignss1gdxfvi439ya847ic7j5mqpkj",
         "type": "tarball",
-        "url": "https://github.com/DavHau/pypi-deps-db/archive/1f60509dcf1877b3bdee057412cbc938ccdb5d77.tar.gz",
+        "url": "https://github.com/DavHau/pypi-deps-db/archive/4ac3cefbc167b71361d8e732c9c5febdd0b8df72.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "release2015": {
diff --git a/requirements/base.txt b/requirements/base.txt
index f85ab0f462132ed2f6d4908b002cc2050d13de7c..be815dcb3209143824fef4b6fbc1ef801bb076b8 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -117,7 +117,6 @@ pyopenssl==21.0.0
     # via
     #   foolscap
     #   twisted
-tahoe-lafs
 pyrsistent==0.16.1
     # via
     #   eliot
@@ -150,6 +149,8 @@ six==1.16.0
     #   txaio
 spake2==0.8
     # via magic-wormhole
+https://github.com/tahoe-lafs/tahoe-lafs/archive/be5f5839b3484c278a051f375d18952e23940677.tar.gz
+    # via -r requirements/base.in
 tqdm==4.62.3
     # via magic-wormhole
 treq==21.1.0
@@ -180,3 +181,10 @@ zope.interface==5.4.0
     #   tahoe-lafs
     #   twisted
     #   txtorcon
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==44.1.1
+    # via
+    #   collections-extended
+    #   tahoe-lafs
+    #   zope.interface
diff --git a/scripts/pin-requirements b/scripts/pin-requirements
index a06cfbaa300478cab048ace31325121e2fa09aae..cf895428e5be6bbea6941c5ee02329b3199c87d8 100755
--- a/scripts/pin-requirements
+++ b/scripts/pin-requirements
@@ -3,3 +3,5 @@
 export PYTHONPATH=.
 pip-compile -q --allow-unsafe requirements/base.in -o requirements/base.txt
 pip-compile -q --allow-unsafe requirements/test.in -o requirements/test.txt --pip-args "-c requirements/base.txt"
+
+sed -i '\,http://github.com/tahoe-lafs/tahoe-lafs,s,.*,tahoe-lafs,' requirements/base.txt
diff --git a/setup.cfg b/setup.cfg
index 6b99b460b88f7e7f96e14f84f65be7da50a5bee9..7e9b98e6cf8d39d1e553f3fcd240b3e188c507ba 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -41,6 +41,9 @@ install_requires =
     tahoe-lafs >=1.14, <1.17, !=1.15.*
     treq
     pyutil
+    # py2 stuff
+    autobahn < 20
+    bcrypt < 3.2
 
 [options.extras_require]
 test = coverage; fixtures; testtools; hypothesis