diff --git a/.gitignore b/.gitignore
index b6e4761..718d806 100644
--- a/.gitignore
+++ b/.gitignore
@@ -127,3 +127,5 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+
+_whaler*
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 33f9e27..1045d9a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,18 +4,61 @@ FROM mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}
 WORKDIR /home/vscode
 USER vscode
 ENV CI true
-ENV PATH "/home/vscode/bin:${PATH}"
+# ENV PATH "/home/vscode/bin:${PATH}"
 
 RUN mkdir install
 COPY install/apts.sh install
 RUN ./install/apts.sh
 
+ENV PATH="/home/vscode/.nix-profile/bin/:${PATH}"
+ENV USER=vscode
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/bf972dc380f36a3bf83db052380e55f0eaa7dcb6.tar.gz \
+  -iA \
+  python310 \
+  docker \
+  jq \
+  shellcheck
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/141439f6f11537ee349a58aaf97a5a5fc072365c.tar.gz \
+  -iA \
+  kubectl
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/c82b46413401efa740a0b994f52e9903a4f6dcd5.tar.gz \
+  -iA \
+  helmfile \
+  kubernetes-helm-wrapped
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/6d02a514db95d3179f001a5a204595f17b89cb32.tar.gz \
+  -iA \
+  eksctl
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/22.05.tar.gz \
+  -iA \
+  yq-go
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/85bd5aa3e7fc0603b4fa848ae951ffddd0dfbbae.tar.gz \
+  -iA \
+  gatekeeper
+
+RUN nix-env \
+  -f https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz \
+  -iA \
+  awscli2
+
 COPY install/binaries.sh install
 RUN ./install/binaries.sh
 
 COPY install/pips.sh install
 RUN ./install/pips.sh
 
+RUN chmod +w /nix/store/*-helm-plugins/
 RUN helm plugin install https://github.com/databus23/helm-diff --version v3.4.0
 
 COPY .zshrc .
diff --git a/install/apts.sh b/install/apts.sh
index 8f5a3d8..2fbadd5 100755
--- a/install/apts.sh
+++ b/install/apts.sh
@@ -5,9 +5,7 @@ sudo apt-get update
 sudo apt-get install \
   --yes \
   'xz-utils'
-sudo apt-get install \
-  --no-install-recommends \
-  --yes \
-  'python3-pip'
-sudo apt-get clean
+  
+sh <(curl -L https://nixos.org/nix/install) --no-daemon
+
 sudo rm -rf /var/lib/apt/lists/*
diff --git a/install/binaries.sh b/install/binaries.sh
index 615e92d..9ffbd33 100755
--- a/install/binaries.sh
+++ b/install/binaries.sh
@@ -13,94 +13,11 @@ curl_args=(
 mkdir 'bin'
 tmpd="$(mktemp -d)"
 
-curl \
-  "${curl_args[@]}" \
-  'https://github.com/open-policy-agent/gatekeeper/releases/download/v3.7.1/gator-v3.7.1-linux-amd64.tar.gz' \
-  | \
-    tar \
-      --extract \
-      --gzip \
-      --directory "${tmpd}"
-cp "${tmpd}"/gator 'bin'
-
-curl \
-  "${curl_args[@]}" \
-  'https://download.docker.com/linux/static/stable/x86_64/docker-20.10.12.tgz' \
-  | \
-    tar \
-      --extract \
-      --gzip \
-      --directory "${tmpd}"
-cp "${tmpd}"/docker/docker 'bin'
-
-curl \
-  "${curl_args[@]}" \
-  --output 'bin/kubectl' \
-  'https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl'
-
-curl \
-  "${curl_args[@]}" \
-  --output 'bin/helmfile' \
-  'https://github.com/roboll/helmfile/releases/download/v0.142.0/helmfile_linux_amd64'
-
-curl \
-  "${curl_args[@]}" \
-  --output 'bin/jq' \
-  'https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64'
-
-curl \
-  "${curl_args[@]}" \
-  --output 'bin/yq' \
-  'https://github.com/mikefarah/yq/releases/download/v4.16.1/yq_linux_amd64'
-
 # devcontainer only
 curl \
   "${curl_args[@]}" \
   --output 'bin/aws-iam-authenticator' \
   'https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator'
 
-curl \
-  "${curl_args[@]}" \
-  'https://github.com/weaveworks/eksctl/releases/download/v0.82.0/eksctl_Linux_amd64.tar.gz' \
-  | \
-    tar \
-      --extract \
-      --gzip \
-      --directory "${tmpd}"
-
-mv "${tmpd}"/eksctl 'bin'
-
-curl \
-  "${curl_args[@]}" \
-  'https://github.com/koalaman/shellcheck/releases/download/v0.8.0/shellcheck-v0.8.0.linux.x86_64.tar.xz' \
-  | \
-    tar \
-      --extract \
-      --xz \
-      --directory "${tmpd}"
-
-mv "${tmpd}"/shellcheck-v0.8.0/shellcheck 'bin'
-
-curl \
-  "${curl_args[@]}" \
-  'https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz' \
-  | \
-    tar \
-      --gzip \
-      --verbose \
-      --extract \
-      --directory "${tmpd}"
-
-mv "${tmpd}"/linux-amd64/helm 'bin'
-
-curl \
-  "${curl_args[@]}" \
-  --output "${tmpd}/awscliv2.zip" \
-  "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.4.17.zip"
-
-unzip -q "${tmpd}"/awscliv2.zip -d "${tmpd}"
-"${tmpd}"/aws/install --install-dir '/home/vscode/aws-cli' --bin-dir '/home/vscode/bin'
-
 chmod +x bin/* || true
-
 rm -rf "${tmpd}"
\ No newline at end of file
diff --git a/install/pips.sh b/install/pips.sh
index 8230e6e..1860547 100755
--- a/install/pips.sh
+++ b/install/pips.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC3030,3028,3054,3020,3010,3024,3040
 
-python3.9 -m pip install 'cfn-lint==0.58.0'
+python -m pip install 'cfn-lint==0.58.0'
 
 rm -rf ~/.cache/pip
\ No newline at end of file