diff --git a/nix/default.nix b/nix/default.nix
index d2a94515..eef23360 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -1,6 +1,11 @@
 { system ? builtins.currentSystem
 , crossSystem ? null
 , config ? {}
+, deploymentGlobalsFn ? ## :: Pkgs -> GlobalsOverlayOverDefaults
+    pkgs:
+    if builtins.pathExists ../globals.nix
+    then import ../globals.nix pkgs
+    else builtins.trace "globals.nix missing, please add symlink" {}
 }:
 let
   defaultSourcePaths = import ./sources.nix { inherit pkgs; };
@@ -89,20 +94,20 @@ let
     (import ./packages.nix)
   ];
 
-  globals =
-    if builtins.pathExists ../globals.nix
-    then [(pkgs: _: with pkgs.lib; let
+  buildGlobals =
+    specificGlobalsFn:
+
+    [(pkgs: _: with pkgs.lib; let
       globalsDefault = import ../globals-defaults.nix pkgs;
-      globalsSpecific = import ../globals.nix pkgs;
+      globalsSpecific = specificGlobalsFn pkgs;
     in {
       globals = globalsDefault // (recursiveUpdate {
         inherit (globalsDefault) ec2 libvirtd environmentVariables;
       } globalsSpecific);
-    })]
-    else builtins.trace "globals.nix missing, please add symlink" [(pkgs: _: {
-      globals = import ../globals-defaults.nix pkgs;
     })];
 
+  globals = buildGlobals deploymentGlobalsFn;
+
   # merge upstream sources with our own:
   upstream-overlay = self: super: {
       inherit iohkNix;
@@ -110,6 +115,7 @@ let
       inherit overlays;
       modules = self.importWithPkgs ../modules;
       roles = self.importWithPkgs ../roles;
+      deployment-shell = import ./deployment-shell.nix { pkgs = self; };
     };
     sourcePaths = (super.sourcePaths or {}) // sourcePaths;
   };
@@ -124,8 +130,8 @@ let
       varnish-overlay
     ];
 
-    pkgs = import nixpkgs {
-      inherit system crossSystem config overlays;
-    };
+  pkgs = import nixpkgs {
+    inherit system crossSystem config overlays;
+  };
 in
   pkgs
diff --git a/nix/deployment-shell.nix b/nix/deployment-shell.nix
new file mode 100644
index 00000000..be8d2472
--- /dev/null
+++ b/nix/deployment-shell.nix
@@ -0,0 +1,64 @@
+##
+## This allows us to build cardano-ops-like shells with deployment capability.
+##
+{ pkgs }:
+
+let
+  inherit (pkgs) globals lib;
+  nivOverrides = pkgs.writeShellScriptBin "niv-overrides" ''
+    niv --sources-file ${toString globals.sourcesJsonOverride} $@
+  '';
+in
+{
+  nativeBuildInputs =
+    with pkgs;
+    [
+    awscli2
+    bashInteractive
+    cardano-cli
+    dnsutils
+    niv
+    locli.components.exes.locli
+    nivOverrides
+    nix
+    nix-diff
+    nixops
+    pandoc
+    perl
+    pstree
+    telnet
+    cardano-ping
+    git
+    direnv
+    nix-direnv
+    lorri
+    relayUpdateTimer
+  ] ++ (lib.optionals stdenv.hostPlatform.isLinux ([
+    # Those fail to compile under macOS:
+    node-update
+    # script NOT for use on mainnet:
+  ] ++ lib.optional (globals.environmentName != "mainnet") kes-rotation));
+
+  passthru =
+    {
+      gen-graylog-creds = lib.iohk-ops-lib.scripts.gen-graylog-creds { staticPath = ./static; };
+    };
+
+  extraMkShellAttributes =
+    {
+      NIX_PATH = "nixpkgs=${pkgs.path}";
+      NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
+    }
+    // globals.environmentVariables;
+
+  cardanoOpsMkShellDefault =
+    with pkgs;
+
+    ## Note: we're using the non-rec, verbose, pkgs-relative references on purpose:
+    ##       this serves as a reference on how to define a derived shell.
+    mkShell
+      ({
+        inherit (cardano-ops.deployment-shell) nativeBuildInputs passthru;
+       }
+       // cardano-ops.deployment-shell.extraMkShellAttributes);
+}
diff --git a/shell.nix b/shell.nix
index 32a7a580..6505fd15 100644
--- a/shell.nix
+++ b/shell.nix
@@ -10,43 +10,8 @@
     inherit config;
   }
 }:
-with pkgs; with lib;
-let
-  nivOverrides = writeShellScriptBin "niv-overrides" ''
-    niv --sources-file ${toString globals.sourcesJsonOverride} $@
-  '';
 
-in  mkShell (rec {
-  nativeBuildInputs = [
-    awscli2
-    bashInteractive
-    cardano-cli
-    dnsutils
-    niv
-    locli
-    nivOverrides
-    nix
-    nix-diff
-    nixops
-    pandoc
-    perl
-    pstree
-    telnet
-    cardano-ping
-    git
-    direnv
-    nix-direnv
-    lorri
-    relayUpdateTimer
-  ] ++ (lib.optionals pkgs.stdenv.hostPlatform.isLinux ([
-    # Those fail to compile under macOS:
-    node-update
-    # script NOT for use on mainnet:
-  ] ++ lib.optional (globals.environmentName != "mainnet") kes-rotation));
+## See the definition of `cardanoOpsMkShellDefault` for a reference implementation
+##   of a cardano-ops-like shell with deployment capability.
+pkgs.cardano-ops.deployment-shell.cardanoOpsMkShellDefault
 
-  NIX_PATH = "nixpkgs=${path}";
-  NIXOPS_DEPLOYMENT = "${globals.deploymentName}";
-  passthru = {
-    gen-graylog-creds = iohk-ops-lib.scripts.gen-graylog-creds { staticPath = ./static; };
-  };
-} // globals.environmentVariables)