diff --git a/modules/athena-bccr/hm.nix b/modules/athena-bccr/hm.nix
index 0678e3c..df41f12 100644
--- a/modules/athena-bccr/hm.nix
+++ b/modules/athena-bccr/hm.nix
@@ -5,7 +5,12 @@
   doctrine,
   ...
 }: let
-  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
+  athena =
+    (pkgs.${doctrine.prefix}.athena-bccr.override {
+      inherit (cfg) mirror;
+    }).${
+      cfg.release
+    };
 in {
   home.packages = [
     athena.firmador
diff --git a/modules/athena-bccr/options.nix b/modules/athena-bccr/options.nix
index eb61cf5..7b6cf93 100644
--- a/modules/athena-bccr/options.nix
+++ b/modules/athena-bccr/options.nix
@@ -7,6 +7,12 @@ with lib.types; {
       description = "hash of the Gaudi client";
     };
 
+    mirror = lib.mkOption {
+      type = nullOr str;
+      default = null;
+      description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
+    };
+
     release = lib.mkOption {
       type = str;
       default = "latest";
@@ -21,6 +27,12 @@ with lib.types; {
       description = "user group with full access to the smartcard reader";
     };
 
+    mirror = lib.mkOption {
+      type = nullOr str;
+      default = null;
+      description = "release zip mirror base URL, if null then the release zip must be manually added to the Nix store";
+    };
+
     release = lib.mkOption {
       type = str;
       default = "latest";
diff --git a/modules/athena-bccr/sys.nix b/modules/athena-bccr/sys.nix
index 98ae904..bd7d758 100644
--- a/modules/athena-bccr/sys.nix
+++ b/modules/athena-bccr/sys.nix
@@ -6,7 +6,13 @@
   doctrine,
   ...
 }: let
-  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
+  athena =
+    (pkgs.${doctrine.prefix}.athena-bccr.override {
+      inherit (cfg) mirror;
+    }).${
+      cfg.release
+    };
+
   inherit (athena) vendor;
 
   driver = athena.card-driver.lib;
diff --git a/pkgs/athena-bccr/default.nix b/pkgs/athena-bccr/default.nix
index c4a8575..038220b 100644
--- a/pkgs/athena-bccr/default.nix
+++ b/pkgs/athena-bccr/default.nix
@@ -1,6 +1,7 @@
 {
   callPackage,
   lib,
+  mirror ? null,
 }: let
   latest = "deb64-rev26.2";
 
@@ -18,7 +19,7 @@
   pkgsForRelease = release: let
     inherit (unwrapped) card-driver bccr-cacerts;
 
-    unwrapped = overrideUnwrapped {inherit release;} {};
+    unwrapped = overrideUnwrapped {inherit mirror release;} {};
     pkcs11-module = "${card-driver.lib}/${card-driver.pkcs11-path}";
   in {
     inherit card-driver bccr-cacerts pkcs11-module;
diff --git a/pkgs/athena-bccr/unwrapped.nix b/pkgs/athena-bccr/unwrapped.nix
index 3a70144..848ea3e 100644
--- a/pkgs/athena-bccr/unwrapped.nix
+++ b/pkgs/athena-bccr/unwrapped.nix
@@ -1,5 +1,7 @@
 {
+  fetchurl,
   lib,
+  mirror ? null,
   requireFile,
   release,
   gaudiHash ? null,
@@ -7,20 +9,32 @@
 }: let
   inherit (release) srcPaths vendor;
 
-  src = requireFile {
-    url = "https://soportefirmadigital.com";
+  url =
+    if mirror != null
+    then "${mirror}/${release.filename}"
+    else "https://soportefirmadigital.com";
+
+  fetchSrc =
+    if mirror != null
+    then fetchurl
+    else requireFile;
+
+  src = fetchSrc {
     name = release.filename;
 
+    inherit url;
     inherit (release) hash;
   };
 
-  gaudiUpdateSrc = {update-gaudi}:
-    requireFile {
-      url = "${update-gaudi}";
-      name = "gaudi-update-${release.name}.zip";
-
-      hash = gaudiHash;
-    };
+  gaudiUpdateSrc = {
+    update-gaudi,
+    runCommand,
+  }:
+    runCommand "gaudi-update-${release.name}.zip" {
+      outputHash = gaudiHash;
+    } ''
+      ${update-gaudi} $out
+    '';
 
   moduleFromDeb = name: args @ {
     stdenv,
@@ -176,6 +190,7 @@ in
       pkgs,
       stdenv,
       unzip,
+      runCommand,
       writeShellScriptBin,
       update-gaudi,
       ...
@@ -186,7 +201,7 @@ in
       };
 
       fakeSudo = writeShellScriptBin "sudo" "";
-      gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;};
+      gaudiUpdate = gaudiUpdateSrc {inherit runCommand update-gaudi;};
     in
       moduleFromDeb "gaudi" {
         inherit dpkg stdenv unzip;
@@ -288,17 +303,20 @@ in
         wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar"
         wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar"
 
+        if [ -n "$1" ]; then
+            zip_path="$1"
+        else
+            zip_path="$PWD/gaudi-update-${release.name}.zip"
+        fi
+
         # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2
         TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} +
-        zip_path="$PWD/gaudi-update-${release.name}.zip"
         TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" .
         TZ=UTC touch -a -m -t 198002010000.00 "$zip_path"
 
-        set -x
-        nix-store --add-fixed sha256 "$zip_path"
-        set +x
-
-        echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
+        if [ -z "$1" ]; then
+            echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))"
+        fi
       '';
   }
   // lib.optionalAttrs (vendor == "athena") {