diff --git a/.circleci/config.yml b/.circleci/config.yml
index af42058a79300d3f562be9ebd42e012f4ed2b857..14fde59987757ba88639fe78fc5b9852b750b52f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -140,13 +140,14 @@ jobs:
       - image: "nixorg/nix:circleci"
 
     environment:
-      # Specify a revision of NixOS/nixpkgs to run against.  This essentially
-      # pins the majority of the software involved in the build.  This
-      # revision is selected arbitrarily.  It's somewhat current as of the
-      # time of this comment.  We can bump it to a newer version when that
-      # makes sense.  Meanwhile, the platform won't shift around beneath us
-      # unexpectedly.
-      NIXPKGS_REV: "8bf142e001b6876b021c8ee90c2c7cec385fe8e9"
+      # Specify a revision of PrivateStorageio/nixpkgs to run against.  This
+      # essentially pins the majority of the software involved in the build.
+      # This revision is selected arbitrarily (it's just new enough to define
+      # all of the PrivateStorage stuff that ZKAPAuthorizer depends on).  It's
+      # somewhat current as of the time of this comment.  We can bump it to a
+      # newer version when that makes sense.  Meanwhile, the platform won't
+      # shift around beneath us unexpectedly.
+      NIXPKGS_REV: "730129887a84a8f84f3b78ffac7add72aeb551b6"
 
     steps:
       - run:
@@ -157,7 +158,7 @@ jobs:
           # the `BASE_ENV` feature as we do here.
           name: "Setup NIX_PATH Environment Variable"
           command: |
-            echo "export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
+            echo "export NIX_PATH=nixpkgs=https://github.com/PrivateStorageio/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
 
       - "checkout"
 
@@ -193,7 +194,8 @@ jobs:
             # If nixpkgs changes then potentially a lot of cached packages for
             # the base system will be invalidated so we may as well drop them
             # and make a new cache with the new packages.
-            - zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}
+            - zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps
+            - zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-
             - zkapauthorizer-nix-store-v4-
 
       - run:
@@ -207,6 +209,13 @@ jobs:
               --arg callPackage '(import <nixpkgs> { }).callPackage' \
               ./python-challenge-bypass-ristretto.nix
 
+      - save_cache:
+          name: "Cache Nix Store Paths"
+          when: "always"
+          key: zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}
+          paths:
+            - "/nix"
+
       - run:
           name: "Run Test Suite"
           command: |
@@ -220,11 +229,15 @@ jobs:
             #
             # Further, we want the "doc" output built as well because that's
             # where the coverage data ends up.
-            nix-build --argstr hypothesisProfile ci --arg collectCoverage true --attr doc
+            nix-build \
+              --argstr hypothesisProfile ci \
+              --arg collectCoverage true \
+              --attr doc
 
       - save_cache:
           name: "Cache Nix Store Paths"
-          key: zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}
+          when: "always"
+          key: zkapauthorizer-nix-store-v4-{{ checksum "nixpkgs.rev" }}-ourdeps
           paths:
             - "/nix"
 
diff --git a/default.nix b/default.nix
index cc526bf34eaac576f52525637c2a524fc97f21f3..9910ed370f3e0a4562f94beddde68cb87e240120 100644
--- a/default.nix
+++ b/default.nix
@@ -8,11 +8,7 @@
 let
   pkgs' = pkgs.extend (import ./overlays.nix);
   callPackage = pkgs'.python27Packages.callPackage;
-  tahoe-lafs' = (
-    if tahoe-lafs != null
-    then tahoe-lafs
-    else callPackage ./tahoe-lafs.nix { }
-  );
+  tahoe-lafs' = if tahoe-lafs == null then pkgs.python2Packages.tahoe-lafs-1_14 else tahoe-lafs;
 in
 callPackage ./zkapauthorizer.nix {
   challenge-bypass-ristretto = callPackage ./python-challenge-bypass-ristretto.nix { };
diff --git a/nixpkgs.nix b/nixpkgs.nix
deleted file mode 100644
index 28889093ccc5ba3ac9feb2a099181fdea64b4dda..0000000000000000000000000000000000000000
--- a/nixpkgs.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-let
-  nixpkgs = pkgs.path;
-  args =
-  { overlays = [ (import ./overlays.nix) ];
-  };
-in
-pkgs.callPackage nixpkgs args
diff --git a/tahoe-lafs-repo.nix b/tahoe-lafs-repo.nix
deleted file mode 100644
index fc944e5739e7246a922761b2c7abaf05b62b8327..0000000000000000000000000000000000000000
--- a/tahoe-lafs-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
-  pkgs = import <nixpkgs> {};
-in
-  pkgs.fetchFromGitHub {
-    owner = "tahoe-lafs";
-    repo = "tahoe-lafs";
-    rev = "tahoe-lafs-1.14.0";
-    sha256 = "1ahdiapg57g6icv7p2wbzgkwl9lzdlgrsvbm5485414m7z2d6las";
-  }
diff --git a/tahoe-lafs.nix b/tahoe-lafs.nix
deleted file mode 100644
index 212439638fb54e1dfb57d5ae91784759e234d02e..0000000000000000000000000000000000000000
--- a/tahoe-lafs.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ python2Packages }:
-let
-  # Manually assemble the tahoe-lafs build inputs because tahoe-lafs 1.14.0
-  # eliot package runs the eliot test suite which is flaky.  Doing this gives
-  # us a place to insert a `doCheck = false` (at the cost of essentially
-  # duplicating tahoe-lafs' default.nix).  Not ideal but at least we can throw
-  # it away when we upgrade to the next tahoe-lafs version.
-  repo = ((import ./tahoe-lafs-repo.nix) + "/nix");
-  nevow-drv = repo + "/nevow.nix";
-  nevow = python2Packages.callPackage nevow-drv { };
-  eliot-drv = repo + "/eliot.nix";
-  eliot = (python2Packages.callPackage eliot-drv { }).overrideAttrs (old: {
-    doInstallCheck = false;
-  });
-  tahoe-lafs-drv = repo + "/tahoe-lafs.nix";
-  tahoe-lafs = python2Packages.callPackage tahoe-lafs-drv {
-    inherit nevow eliot;
-  };
-in
-  tahoe-lafs