diff --git a/README.md b/README.md
index b661e4b..256a06c 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ You'd run:
 ./manage stage deploy --check   # Manage script usage.
 ```
 
-This assume there is a file `./stage.nixops` where this state is being stored.
+This assume there is a file `./stage/stage.nixops` where this state is being stored.
 
 Use `./manage --help` to see normal NixOps help.
 Use `./manage {deployment} .shell` to open a Nix shell where the environment is set up to use
diff --git a/manage b/manage
index f2bea89..d3c5f7d 100755
--- a/manage
+++ b/manage
@@ -1,79 +1,38 @@
-#!/usr/bin/env bash
+#! /usr/bin/env nix-shell
+#! nix-shell -I nixpkgs-overlays=./overlays
+#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/f7f1a2f54ef2b744a26e37418dd6354bc46aa20a.tar.gz
+#! nix-shell -i bash -p nixopsUnstable3 which jq nix openssl openssh
+
 
 # A NixOps Wrapper for Git Projects
 # ---------------------------------
-#
-# Repo: https://github.com/grafted-in/nixops-manager
-#
-# This tool is a simple wrapper around NixOps. The goal is to make it easier to use NixOps when you
-# want to share your deployment state between members of a team.
-#
-# To achieve this, this wrapper gives every deployment as a separate state file which is placed
-# in the same directory as this script. The files have the `.nixops` extension.
-#
-# You are expected to keep these files in version control. It's also *highly* recommended that you
-# use a tool like git-crypt to keep them encrypted with this entry in .gitattributes:
-#
-#    *.nixops   binary filter=git-crypt diff=git-crypt
-#
-# This tool also enforces a per-repository version of Nixpkgs via a `nixpkgs-version.sh` file in the
-# same directory as the script. This ensures that all users have a consistent version of NixOps and
-# deploy a consistent set of packages to servers.
-#
-# Most commands work identically to NixOps. However, instead of specifying deployments with
-# the `--deployment/-d` flag, you select a deployment in the first argument. In other words, instead
-# of the normal NixOps usage of
-#
-#   nixops deploy -d stage --check  # Normal nixops usage.
-#
-# You'd run:
-#
-#   ./manage stage deploy --check   # Manage script usage.
-#
-# This assume there is a file ./stage.nixops where this state is being stored.
+# Modified from repo: https://github.com/grafted-in/nixops-manager
+# This assumes there is a file ./stage/stage.nixops where this state is being stored.
 #
 # Use `./manage --help` to see normal NixOps help.
+# Use `./manage {deployment} command` to user normal NixOps commands.
 # Use `./manage {deployment} .shell` to open a Nix shell where the environment is set up to use
 # `nixops` directly with the same behavior as running `./manage` commands.
 
 set -e
 
-# Check for Nix tools.
-command -v nix-shell >/dev/null 2>&1 || {
-  nix_profile="$HOME/.nix-profile/etc/profile.d/nix.sh"
-  if [ -e "$nix_profile" ]; then
-    source "$nix_profile"
-  else
-    >&2 echo "Failed to find 'nix-shell' on PATH or a Nix profile to load. Have you installed Nix?"
-    exit 1
-  fi
-}
-
 here=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-repo_root=$(cd "$here" && git rev-parse --show-toplevel)  # Use Git to find repo root.
 
 deployment="$1"
 command="$2"
-state_file="$here/${deployment}.nixops"
+state_file="$here/${deployment}/${deployment}.nixops"
 
-source "$here/nixpkgs-version.sh"
+export NIX_PATH=nixpkgs-overlays=./overlays:nixpkgs=$(nix-instantiate --eval ./nixpkgs.nix | tr -d '"' ):./${deployment}
 
-export NIX_PATH=nixpkgs="$nixpkgs_snapshot":"$repo_root":.
 export NIXOPS_STATE="$state_file"
 export NIXOPS_DEPLOYMENT="$deployment"
-
-withNixops="nix-shell -p $nixops_version --run"
-
-# Arg list trick:
-# https://stackoverflow.com/questions/3104209
-# ARGS=$(printf "%q"" " "$@")
+export BOTO_USE_ENDPOINT_HEURISTICS=True
 
 if [[ $deployment == --* ]]; then
-  ARGS=$(printf "%q"" " "$@")
-  $withNixops "nixops $ARGS"
+  nixops "$@"
   exit $?
 elif [ "$command" == ".shell" ]; then
-  nix-shell -p "$nixops_version"
+    exec nix-shell -p nixopsUnstable3 --command "echo You may now run commands for deployment:$deploymnet with \\'nixops\\' ; return "
 elif [ ! -e "$state_file" ] && [ "$command" != "create" ]; then
   >&2 echo "You're trying to use a deployment that doesn't exist yet. Try running $0 $deployment create"
   exit 1
@@ -81,6 +40,5 @@ elif [ -e "$state_file" ] && [ "$command" == "create" ]; then
   >&2 echo "You're trying to create a deployment that already exists."
   exit 1
 else
-  ARGS=$(printf "%q"" " "${@:2}")
-  $withNixops "nixops $ARGS"
-fi
\ No newline at end of file
+  nixops "${@:2}"
+fi
diff --git a/nixpkgs-version.nix b/nixpkgs-version.nix
deleted file mode 100644
index c1a9785..0000000
--- a/nixpkgs-version.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-# Check out different Nixpkgs channels here:
-#   * http://howoldis.herokuapp.com/
-#   * https://nixos.org/channels/
-#
-# To upgrade:
-#   1. Choose a channel and click on it.
-#   2. Get the URL of the `nixexprs.tar.xz` file for the channel.
-#   4. Paste the URL below for `url`.
-#   5. Get SHA256 hash of URL contents with `nix-prefetch-url --unpack <url>`.
-
-{
-  url    = "https://d3g5gsiof5omrk.cloudfront.net/nixpkgs/nixpkgs-17.03pre101896.4a524cf/nixexprs.tar.xz";
-  sha256 = "1wrm9k0plpzz0wi94ry1xv1v3aq4vs20v5dzxv4azn4i8vhf7wmg";
-}
diff --git a/nixpkgs-version.sh b/nixpkgs-version.sh
deleted file mode 100644
index 3d06da6..0000000
--- a/nixpkgs-version.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-here=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-
-nixpkgs_snapshot=$(eval echo "$(nix-instantiate --eval -E "(import \"$here/nixpkgs-version.nix\").url")")
-export nixpkgs_snapshot
-export nixops_version="nixops"
-
-# Or you can use a more recent build of nixops:
-#if [ "$(uname)" == "Darwin" ]; then
-#  export nixops_version="/nix/store/1gy62jcxjc09n9gk0ns4qk3d9b9kcda7-nixops-1.5pre2121_fc43d9c"
-#else
-#  export nixops_version="/nix/store/d553achr2pvh6p8838a4shbhjpp5d6s6-nixops-1.5pre2121_fc43d9c"
-#fi
-#
-#if [ ! -d "$nixops_version" ]; then
-#  nix-store -r "$nixops_version"
-#fi
diff --git a/nixpkgs.nix b/nixpkgs.nix
index 4f78722..8597cf9 100644
--- a/nixpkgs.nix
+++ b/nixpkgs.nix
@@ -1,3 +1,10 @@
-# Import this instead of <nixpkgs> to get the repo-specific version of nixpkgs.
+builtins.fetchTarball {
+  name = "nixos-unstable-2019-03-08";
+  #url = https://github.com/johanot/nixpkgs/archive/b3905f0d224bc5c2da3572f7017f05a27df742cd.tar.gz;
+  #sha256 = "05jxiyagfgl7s061vz2xmalrrbaz95ymcxdv89j3s700hicyd8pf";
+  url = https://github.com/NixOS/nixpkgs/archive/f7f1a2f54ef2b744a26e37418dd6354bc46aa20a.tar.gz;
+  sha256 = "061sissl4kr4bzh7pl9a1vihmvf71k9iw0kblvhgvvp6pl10sv0r";
+}
 
-import ((import <nixpkgs> {}).fetchzip (import ./nixpkgs-version.nix))
+# How to push a cache to arm.nixos.org
+# ./manage c export | jq '.[].configsPath' -r | ( read conf ; nix-store -qR $conf | while read line; do echo `nix-store -q --size $line` $line ; done | sort -nr | head -n10 | cut -d' ' -f2 | grep -E 'linux|icu4c|glibc|systemd|glib|coreutils|initrd|util-linux' | cachix push arm )
diff --git a/top-level.nix b/top-level.nix
new file mode 100644
index 0000000..a402d32
--- /dev/null
+++ b/top-level.nix
@@ -0,0 +1,63 @@
+
+{ targetEnv ? "virtualbox" } :
+  let
+        region = "us-gov-west-1";
+        zone = "us-gov-west-1a";
+        accessKeyId = "default";
+  machine = 
+    { config, pkgs, resources, ... }:{
+      imports = 
+    (if targetEnv == "ec2" then 
+    [<nixpkgs/nixos/modules/virtualisation/amazon-image.nix>] else []) ++ 
+      [ <nixpkgs/nixos/modules/profiles/minimal.nix> ];
+    deployment.targetEnv = targetEnv;
+    deployment.ec2 = {
+        keyPair = resources.ec2KeyPairs.my-key-pair;
+        ebsInitialRootDiskSize = 30;
+        ebsOptimized = true;
+        associatePublicIpAddress = true;
+        ami = "ami-bb7618da";
+        inherit region zone accessKeyId; 
+        instanceType = "t3.large";
+    };
+    ec2.hvm = true;
+    boot.initrd.postDeviceCommands= ''
+    ${pkgs.e2fsprogs}/sbin/e2fsck -fp /dev/disk/by-label/nixos
+    ${pkgs.e2fsprogs}/sbin/resize2fs /dev/disk/by-label/nixos
+  '';
+
+    deployment.virtualbox.memorySize = 4096; # megabytes
+    deployment.virtualbox.vcpu = 2; # number of cpus
+    deployment.virtualbox.headless = true;
+
+    networking.extraHosts = "${config.networking.privateIPv4} api.kube";
+    services.kubernetes = {
+      easyCerts = true;
+      addons.dashboard.enable = true;
+      roles = ["master" "node"];
+      apiserver = {
+        securePort = 443;
+        advertiseAddress = config.networking.privateIPv4;
+      };
+      masterAddress = "api.kube";
+    };
+    services.dockerRegistry.enable = true;
+    environment.systemPackages = with pkgs; [
+      kompose kubectl
+      vim e2fsprogs
+    ];
+    networking.firewall.allowedTCPPorts = [22 443 ];
+    users.users.root.openssh.authorizedKeys = {
+      keyFiles = [  ];
+    };
+  };
+  in {
+  kubemaster = machine;
+
+  network.description = "kubenixops";
+  network.enableRollback = true;
+  resources = if targetEnv == "ec2" then {
+    ec2KeyPairs.my-key-pair = { inherit region accessKeyId; };
+  }else {};
+
+}