diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml
index 65c20eb6..0b9fd5fb 100644
--- a/.github/workflows/flake-update.yml
+++ b/.github/workflows/flake-update.yml
@@ -6,7 +6,6 @@ env:
   CI_PLATFORM: gh-actions
   DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
   NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
-  NIX_INSTALLER: --daemon
 jobs:
   ci-check:
     name: flake-update check
@@ -48,9 +47,13 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
         NF_UPDATE_GIT_COMMIT: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: flake-update
       name: flake update build
       run: nix run .#nf-update
diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml
index 44a3f6e0..57ce1e7f 100644
--- a/.github/workflows/nodes.yml
+++ b/.github/workflows/nodes.yml
@@ -6,7 +6,6 @@ env:
   CI_PLATFORM: gh-actions
   DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
   NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
-  NIX_INSTALLER: --daemon
 jobs:
   ci-check:
     name: nodes check
@@ -48,8 +47,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-base
       name: build home closure for home-base
       run: nix run .#nf-build-system -- homeConfigurations.home-base.activationPackage
@@ -107,8 +110,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-graphical
       name: build home closure for home-graphical
       run: nix run .#nf-build-system -- homeConfigurations.home-graphical.activationPackage
@@ -166,8 +173,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-neovim
       name: build home closure for home-neovim
       run: nix run .#nf-build-system -- homeConfigurations.home-neovim.activationPackage
@@ -225,8 +236,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: home-shell
       name: build home closure for home-shell
       run: nix run .#nf-build-system -- homeConfigurations.home-shell.activationPackage
@@ -284,8 +299,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: mai
       name: build system closure for mai
       run: nix run .#nf-build-system -- nixosConfigurations.mai.config.system.build.toplevel
@@ -343,8 +362,12 @@ jobs:
       name: nix install
       uses: arcnmx/ci/actions/nix/install@v0.7
     - env:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+        DISCORD_WEBHOOK_LINK: ${{ secrets.DISCORD_WEBHOOK_LINK }}
         NF_CONFIG_ROOT: ${{ github.workspace }}
         NF_UPDATE_CACHIX_PUSH: '1'
+        NIX_CONFIG: ${{ secrets.NIX_CONFIG }}
       id: mei
       name: build system closure for mei
       run: nix run .#nf-build-system -- nixosConfigurations.mei.config.system.build.toplevel
diff --git a/ci/common.nix b/ci/common.nix
index def93174..394e12e7 100644
--- a/ci/common.nix
+++ b/ci/common.nix
@@ -16,6 +16,7 @@
 
   nix.config = {
     max-silent-time = 60 * 60;
+    build-users-group = "";
   };
   /*
     nix.config = {
diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix
index 5150f7c9..0c9071a9 100644
--- a/ci/flake-cron.nix
+++ b/ci/flake-cron.nix
@@ -13,7 +13,6 @@ with lib; {
         CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
         CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
         DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
-        NIX_INSTALLER = "--daemon";
         NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
       };
       on = let
@@ -42,9 +41,13 @@ with lib; {
           order = 500;
           run = "nix run .#nf-update";
           env = {
+            CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
+            CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
+            DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
             NF_UPDATE_GIT_COMMIT = "1";
             NF_UPDATE_CACHIX_PUSH = "1";
             NF_CONFIG_ROOT = "\${{ github.workspace }}";
+            NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
           };
         };
       };
diff --git a/ci/nodes.nix b/ci/nodes.nix
index e5e942b9..1de58cd1 100644
--- a/ci/nodes.nix
+++ b/ci/nodes.nix
@@ -18,7 +18,6 @@ in {
         CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
         DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
         NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
-        NIX_INSTALLER = "--daemon";
       };
       on = let
         paths = [
@@ -43,6 +42,10 @@ in {
               order = 500;
               run = "nix run .#nf-build-system -- nixosConfigurations.${name}.config.system.build.toplevel ${name} NixOS";
               env = {
+                NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
+                CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
+                CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
+                DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
                 NF_UPDATE_CACHIX_PUSH = "1";
                 NF_CONFIG_ROOT = "\${{ github.workspace }}";
               };
@@ -55,6 +58,10 @@ in {
               order = 500;
               run = "nix run .#nf-build-system -- homeConfigurations.${name}.activationPackage ${name} Home";
               env = {
+                NIX_CONFIG = "\${{ secrets.NIX_CONFIG }}";
+                CACHIX_AUTH_TOKEN = "\${{ secrets.CACHIX_AUTH_TOKEN }}";
+                CACHIX_SIGNING_KEY = "\${{ secrets.CACHIX_SIGNING_KEY }}";
+                DISCORD_WEBHOOK_LINK = "\${{ secrets.DISCORD_WEBHOOK_LINK }}";
                 NF_UPDATE_CACHIX_PUSH = "1";
                 NF_CONFIG_ROOT = "\${{ github.workspace }}";
               };