diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml
index 0b9fd5fb..65c20eb6 100644
--- a/.github/workflows/flake-update.yml
+++ b/.github/workflows/flake-update.yml
@@ -6,6 +6,7 @@ env:
   CI_PLATFORM: gh-actions
   DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
   NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
+  NIX_INSTALLER: --daemon
 jobs:
   ci-check:
     name: flake-update check
@@ -47,13 +48,9 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
         NF_UPDATE_GIT_COMMIT: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: flake-update
       name: flake update build
       run: nix run .#nf-update
diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml
index 57ce1e7f..44a3f6e0 100644
--- a/.github/workflows/nodes.yml
+++ b/.github/workflows/nodes.yml
@@ -6,6 +6,7 @@ env:
   CI_PLATFORM: gh-actions
   DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
   NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
+  NIX_INSTALLER: --daemon
 jobs:
   ci-check:
     name: nodes check
@@ -47,12 +48,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-base
       name: build home closure for home-base
       run: nix run .#nf-build-system -- homeConfigurations.home-base.activationPackage
@@ -110,12 +107,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-graphical
       name: build home closure for home-graphical
       run: nix run .#nf-build-system -- homeConfigurations.home-graphical.activationPackage
@@ -173,12 +166,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-neovim
       name: build home closure for home-neovim
       run: nix run .#nf-build-system -- homeConfigurations.home-neovim.activationPackage
@@ -236,12 +225,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-shell
       name: build home closure for home-shell
       run: nix run .#nf-build-system -- homeConfigurations.home-shell.activationPackage
@@ -299,12 +284,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: mai
       name: build system closure for mai
       run: nix run .#nf-build-system -- nixosConfigurations.mai.config.system.build.toplevel
@@ -362,12 +343,8 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
-        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
-        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
-        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: mei
       name: build system closure for mei
       run: nix run .#nf-build-system -- nixosConfigurations.mei.config.system.build.toplevel
diff --git a/ci/common.nix b/ci/common.nix
index 394e12e7..def93174 100644
--- a/ci/common.nix
+++ b/ci/common.nix
@@ -16,7 +16,6 @@
 
   nix.config = {
     max-silent-time = 60 * 60;
-    build-users-group = "";
   };
   /*
     nix.config = {
diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix
index 0c9071a9..5150f7c9 100644
--- a/ci/flake-cron.nix
+++ b/ci/flake-cron.nix
@@ -13,6 +13,7 @@ with lib; {
         CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
         CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
         DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
+        NIX_INSTALLER = "--daemon";
         NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
       };
       on = let
@@ -41,13 +42,9 @@ with lib; {
           order = 500;
           run = "nix run .#nf-update";
           env = {
-            CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
-            CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
-            DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
             NF_UPDATE_GIT_COMMIT = "1";
             NF_UPDATE_CACHIX_PUSH = "1";
             NF_CONFIG_ROOT = "\${{ github.workspace }}";
-            NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
           };
         };
       };
diff --git a/ci/nodes.nix b/ci/nodes.nix
index 1de58cd1..e5e942b9 100644
--- a/ci/nodes.nix
+++ b/ci/nodes.nix
@@ -18,6 +18,7 @@ in {
         CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
         DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
         NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
+        NIX_INSTALLER = "--daemon";
       };
       on = let
         paths = [
@@ -42,10 +43,6 @@ in {
               order = 500;
               run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS";
               env = {
-                NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
-                CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
-                CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
-                DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
                 NF_UPDATE_CACHIX_PUSH = "1";
                 NF_CONFIG_ROOT = "\${{ github.workspace }}";
               };
@@ -58,10 +55,6 @@ in {
               order = 500;
               run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home";
               env = {
-                NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
-                CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
-                CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
-                DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
                 NF_UPDATE_CACHIX_PUSH = "1";
                 NF_CONFIG_ROOT = "\${{ github.workspace }}";
               };