From a828980065ef19a4ccf4a37302034ede10484f80 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 27 Feb 2026 19:04:46 +0100
Subject: [PATCH 1/5] workflows/ci: Only build hosts that will be auto deployed

---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7da36fe..2fe3648 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,11 @@ jobs:
           printf "checks=%s" "$checks" >> "$GITHUB_OUTPUT"
       - id: hosts
         run: |
-          hosts=$(nix flake show --json | jq -c '.nixosConfigurations | keys')
+          hosts=$(nix eval .#nixosConfigurations --apply 'configs:
+            configs
+            |> builtins.attrNames
+            |> builtins.filter (name: configs.${name}.config.custom.services.comin.enable)
+          ' --json)
           printf "hosts=%s" "$hosts" >> "$GITHUB_OUTPUT"
   build-check:
     needs: parse-flake

From 3be317bbb5b91e5d19ae3c762abd26c188e05b9a Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 27 Feb 2026 19:14:12 +0100
Subject: [PATCH 2/5] workflows: Add names to run steps

---
 .github/workflows/ci.yml     | 18 ++++++++++++------
 .github/workflows/update.yml |  3 ++-
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2fe3648..0629d1e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,11 +14,13 @@ jobs:
       - uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - id: checks
+      - name: Get checks
+        id: checks
         run: |
           checks=$(nix flake show --json | jq -c '.checks."x86_64-linux" | keys')
           printf "checks=%s" "$checks" >> "$GITHUB_OUTPUT"
-      - id: hosts
+      - name: Get hosts
+        id: hosts
         run: |
           hosts=$(nix eval .#nixosConfigurations --apply 'configs:
             configs
@@ -43,7 +45,8 @@ jobs:
           name: sebastian-stork
           authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
           useDaemon: false
-      - run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
+      - name: Build check
+        run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
   build-host:
     needs: parse-flake
     runs-on: ubuntu-latest
@@ -61,7 +64,8 @@ jobs:
           name: sebastian-stork
           authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
           useDaemon: false
-      - run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
+      - name: Build host
+        run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
   flake-check:
     needs: build-check
     runs-on: ubuntu-latest
@@ -74,7 +78,8 @@ jobs:
         with:
           name: sebastian-stork
           authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-      - run: nix flake check --keep-going --print-build-logs
+      - name: Run flake check
+        run: nix flake check --keep-going --print-build-logs
   deploy:
     needs: [build-host, flake-check]
     runs-on: ubuntu-latest
@@ -82,4 +87,5 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v5
-      - run: git push origin HEAD:deploy --force
+      - name: Push to deploy branch
+        run: git push origin HEAD:deploy --force
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 75d0605..0cafcba 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -13,7 +13,8 @@ jobs:
       - uses: cachix/install-nix-action@v31
         with:
           extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - run: |
+      - name: Update and push
+        run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
           nix flake update --commit-lock-file

From 9d46cb54df5a76efeac66a5c1e13b942c05221bd Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 27 Feb 2026 19:31:01 +0100
Subject: [PATCH 3/5] workflows/ci: Remove job `flake-check` as checks already
 get built manually

---
 .github/workflows/ci.yml | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0629d1e..9afbf01 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -66,22 +66,8 @@ jobs:
           useDaemon: false
       - name: Build host
         run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
-  flake-check:
-    needs: build-check
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-      - uses: cachix/install-nix-action@v31
-        with:
-          extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - uses: cachix/cachix-action@v15
-        with:
-          name: sebastian-stork
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-      - name: Run flake check
-        run: nix flake check --keep-going --print-build-logs
   deploy:
-    needs: [build-host, flake-check]
+    needs: [build-check, build-host]
     runs-on: ubuntu-latest
     permissions:
       contents: write

From 116ac08ad898e217ab054483261efc0d65a60491 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 27 Feb 2026 19:47:16 +0100
Subject: [PATCH 4/5] workflows/ci: Also build workstations but don't wait for
 them for deploying

---
 .github/workflows/build-host.yml | 29 +++++++++++++++++
 .github/workflows/ci.yml         | 53 +++++++++++++++++---------------
 2 files changed, 58 insertions(+), 24 deletions(-)
 create mode 100644 .github/workflows/build-host.yml

diff --git a/.github/workflows/build-host.yml b/.github/workflows/build-host.yml
new file mode 100644
index 0000000..ed4be9c
--- /dev/null
+++ b/.github/workflows/build-host.yml
@@ -0,0 +1,29 @@
+name: Build host
+on:
+  workflow_call:
+    inputs:
+      hosts:
+        required: true
+        type: string
+    secrets:
+      CACHIX_AUTH_TOKEN:
+        required: true
+jobs:
+  build-host:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        host: ${{ fromJson(inputs.hosts) }}
+    steps:
+      - uses: actions/checkout@v5
+      - uses: cachix/install-nix-action@v31
+        with:
+          extra_nix_config: experimental-features = nix-command flakes pipe-operators
+      - uses: cachix/cachix-action@v15
+        with:
+          name: sebastian-stork
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+          useDaemon: false
+      - name: Build host
+        run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9afbf01..ff94c51 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,7 +8,8 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       checks: ${{ steps.checks.outputs.checks }}
-      hosts: ${{ steps.hosts.outputs.hosts }}
+      servers: ${{ steps.servers.outputs.servers }}
+      workstations: ${{ steps.workstations.outputs.workstations }}
     steps:
       - uses: actions/checkout@v5
       - uses: cachix/install-nix-action@v31
@@ -19,15 +20,24 @@ jobs:
         run: |
           checks=$(nix flake show --json | jq -c '.checks."x86_64-linux" | keys')
           printf "checks=%s" "$checks" >> "$GITHUB_OUTPUT"
-      - name: Get hosts
-        id: hosts
+      - name: Get servers
+        id: servers
         run: |
-          hosts=$(nix eval .#nixosConfigurations --apply 'configs:
+          servers=$(nix eval .#nixosConfigurations --apply 'configs:
             configs
             |> builtins.attrNames
             |> builtins.filter (name: configs.${name}.config.custom.services.comin.enable)
           ' --json)
-          printf "hosts=%s" "$hosts" >> "$GITHUB_OUTPUT"
+          printf "servers=%s" "$servers" >> "$GITHUB_OUTPUT"
+      - name: Get workstations
+        id: workstations
+        run: |
+          workstations=$(nix eval .#nixosConfigurations --apply 'configs:
+            configs
+            |> builtins.attrNames
+            |> builtins.filter (name: !configs.${name}.config.custom.services.comin.enable)
+          ' --json)
+          printf "workstations=%s" "$workstations" >> "$GITHUB_OUTPUT"
   build-check:
     needs: parse-flake
     runs-on: ubuntu-latest
@@ -47,27 +57,22 @@ jobs:
           useDaemon: false
       - name: Build check
         run: nix build .#checks.x86_64-linux.${{ matrix.check }} --print-build-logs
-  build-host:
+  build-server:
     needs: parse-flake
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        host: ${{ fromJson(needs.parse-flake.outputs.hosts) }}
-    steps:
-      - uses: actions/checkout@v5
-      - uses: cachix/install-nix-action@v31
-        with:
-          extra_nix_config: experimental-features = nix-command flakes pipe-operators
-      - uses: cachix/cachix-action@v15
-        with:
-          name: sebastian-stork
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-          useDaemon: false
-      - name: Build host
-        run: nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --print-build-logs
+    uses: ./.github/workflows/build-host.yml
+    with:
+      hosts: ${{ needs.parse-flake.outputs.servers }}
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+  build-workstation:
+    needs: parse-flake
+    uses: ./.github/workflows/build-host.yml
+    with:
+      hosts: ${{ needs.parse-flake.outputs.workstations }}
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
   deploy:
-    needs: [build-check, build-host]
+    needs: [build-check, build-server]
     runs-on: ubuntu-latest
     permissions:
       contents: write

From 1f4283eb7b6c5d163a0214c7ff9f59f450a192a3 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Fri, 27 Feb 2026 19:52:23 +0100
Subject: [PATCH 5/5] workflows/build-host: Give the job a shorter name

---
 .github/workflows/build-host.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-host.yml b/.github/workflows/build-host.yml
index ed4be9c..392691a 100644
--- a/.github/workflows/build-host.yml
+++ b/.github/workflows/build-host.yml
@@ -10,6 +10,7 @@ on:
         required: true
 jobs:
   build-host:
+    name: ${{ matrix.host }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false