diff --git a/arion.nix b/arion.nix
index 7c079a663cc41b010fcfbd569de238ee57ac3d5b..44ada78e6686fa549bd099124b394ec809e435d3 100644
--- a/arion.nix
+++ b/arion.nix
@@ -1,20 +1,23 @@
-{ pkgs ? import ./nixpkgs-2105.nix {}
-, configuration ? ./morph/grid/local/configuration.nix
+{ self ? ./.
+, pkgs ? import ./nixpkgs-2105.nix {}
+, lib ? pkgs.lib
 , includeStorePaths ? false
-}:
-let
-  inherit (pkgs) lib;
-  nixpkgs = import <nixpkgs> {};
-  local-grid = "${./.}/morph/grid/local";
-  arion-src = nixpkgs.fetchFromGitHub {
+, ourpkgs ? import ./nixpkgs-ps.nix {}
+, arion-src ? pkgs.fetchFromGitHub {
     owner = "tp-la";
     repo = "arion";
     rev = "hack";
     sha256 = "0wv4wbzzd926qm81h78v10wyhiaayx2jggpb1ijzk118a543sz84";
-  };
+  }
+}: rec {
+  inherit pkgs lib ourpkgs arion-src; 
+  local-grid = "${self}/morph/grid/local";
   arion-eval = args@{...}: import "${arion-src}/src/nix/eval-composition.nix" ({ inherit pkgs; } // args);
   arion = arion-eval {
-    modules = [ "${local-grid}/arion-compose.nix" ];
+    modules = [
+      "${local-grid}/arion-compose.nix"
+      { config._module.args = { inherit ourpkgs; } ; }
+    ];
   };
   systems = pkgs.runCommand "systems" 
     { preferLocalBuild = true; allowSubstitutes = false; }
@@ -53,5 +56,4 @@ let
    morph-output = morph.machines {
       argsFile = pkgs.writeText "" (builtins.toJSON { Names = lib.attrNames morph.nodes; });
    };
-in
-  {inherit pkgs arion local-grid bundle arion-eval arion-src docker-yaml package pause systems morph morph-output;}
+}
diff --git a/morph/grid/local/arion-compose.nix b/morph/grid/local/arion-compose.nix
index 9d56530b440f9628c7802472219518654af3ac65..3b17e403265110a14761a2b27f0cfd6fe4702f1b 100644
--- a/morph/grid/local/arion-compose.nix
+++ b/morph/grid/local/arion-compose.nix
@@ -1,4 +1,4 @@
-{lib, ...}:
+{lib, ourpkgs, ...}:
 let
   gridlib = import ../../lib;
 
@@ -14,12 +14,14 @@ let
 
   # Configure deployment management authorization for all systems in the grid.
   grid-config = {
+    _module.args = { inherit ourpkgs; };
+    imports = [ gridlib.base ];
     services.private-storage.deployment = {
       authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
       gridName = "local";
     };
     services.private-storage.sshUsers = config.sshUsers;
-    deployment = {
+    grid = {
       inherit (config) publicKeyPath privateKeyPath; 
     };
   };
@@ -78,7 +80,7 @@ in
         environment.etc = {
           "secrets/payments-localdev-ssl" = {
             mode = "direct-symlink";
-            source = "${config.deployment.privateKeyPath}/payments-localdev-ssl";
+            source = "${config.grid.privateKeyPath}/payments-localdev-ssl";
           };
           "stripe/config.toml" = let
             toml = pkgs.formats.toml {};
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 0bb378d454871f3f5d14fce9abd75852e4716815..a91d63bfd27de548f96aba31fd8f1184a8028312 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -87,6 +87,7 @@ let
 in {
   network = {
     description = "PrivateStorage.io LocalDev Grid";
+    inherit pkgs;
   };
   inherit payments monitoring storage1 storage2;
 }
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 7d43a0ce2c59bbb6ddee005aba9393836d2329c1..7da2ea4ea72d7b5525a7ce2c4ed46dfb97b72c35 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -105,6 +105,7 @@ let
 in {
   network = {
     description = "PrivateStorage.io Production Grid";
+    inherit pkgs;
   };
   inherit payments;
   inherit monitoring;
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 5eeb43938c5c2df5a30df3d605fec26090dc4e0c..7a810435c71d499eb433de69de3cf819a074d4cb 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -72,6 +72,7 @@ let
 in {
   network = {
     description = "PrivateStorage.io Testing Grid";
+    inherit pkgs;
   };
   inherit payments monitoring storage001;
 }
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 3a8d05bfb8afbaad63fac0ee52f0bdf3d3cbb956..344249a43a11668c4c49d04dba5f7512db8526a9 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -1,9 +1,9 @@
 # A NixOS module which can run a Ristretto-based issuer for PrivateStorage
 # ZKAPs.
-{ lib, pkgs, config, ... }: let
+{ lib, pkgs, config, ... }@args: let
   cfg = config.services.private-storage-issuer;
   # Our own nixpkgs fork:
-  ourpkgs = import ../../nixpkgs-ps.nix {};
+  ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {};
 in {
   options = {
     services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index d3bc9e61bb8a805d4432edf7d37d51a9501ecc1e..a483edb77a3a3c9a7916c0cba8731bc4fef20f9a 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -1,6 +1,6 @@
 # A NixOS module which can instantiate a Tahoe-LAFS storage server in the
 # preferred configuration for the Private Storage grid.
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, ... }@args:
 let
   # Grab the configuration for this module for convenient access below.
   cfg = config.services.private-storage;
@@ -9,7 +9,7 @@ let
   tahoe-base = "/var/db/tahoe-lafs";
 
   # Our own nixpkgs fork:
-  ourpkgs = import ../../nixpkgs-ps.nix {};
+  ourpkgs = args.ourpkgs or import ../../nixpkgs-ps.nix {};
 
   # The full path to the directory where the storage server will write
   # incident reports.