diff --git a/.github/actions/ci-setup/action.yaml b/.github/actions/ci-setup/action.yaml
deleted file mode 100644
index a5e04f2..0000000
--- a/.github/actions/ci-setup/action.yaml
+++ /dev/null
@@ -1,77 +0,0 @@
-name: Setup Environment
-description: Setup environment
-inputs:
-  nix_cache_private_key:
-    required: false
-    description: Private key for Nix cache
-
-  s3_access_key:
-    required: false
-    description: Access key for S3 bucket
-
-  s3_secret_key:
-    required: false
-    description: Secret key for S3 bucket
-
-  sccache_enabled:
-    required: true
-    description: Whether to enable sccache
-
-  shell:
-    required: true
-    description: "Shell to use"
-runs:
-  using: "composite"
-  steps:
-    - name: Setup nix build paths file
-      shell: bash
-      env:
-        NIX_CACHE_URL: s3://${{ env.S3_BUCKET }}/cache/nix?endpoint=${{ env.S3_ENDPOINT }}&scheme=https&compression=zstd&parallel-compression=true
-      run: |
-        echo "NIX_CACHE_URL=${NIX_CACHE_URL}" >> $GITHUB_ENV
-
-    - name: Setup s3 credentials
-      shell: bash
-      env:
-        AWS_ACCESS_KEY_ID: ${{ inputs.s3_access_key || env.PUBLIC_S3_ACCESS_KEY }}
-        AWS_SECRET_ACCESS_KEY: ${{ inputs.s3_secret_key || env.PUBLIC_S3_SECRET_KEY }}
-      run: |
-        echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" >> $GITHUB_ENV
-        echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> $GITHUB_ENV
-
-    - name: Setup nix cache private key
-      if: inputs.nix_cache_private_key != ''
-      shell: bash
-      env:
-        NIX_CACHE_PRIVATE_KEY: ${{ inputs.nix_cache_private_key }}
-      run: |
-        printenv NIX_CACHE_PRIVATE_KEY >> /tmp/nix-cache-key.pem
-
-    - name: Nix cache upload
-      uses: gacts/run-and-post-run@v1
-      if: inputs.nix_cache_private_key != '' && inputs.s3_access_key != '' && inputs.s3_secret_key != ''
-      with:
-        post: exec ${{ github.workspace }}/.github/scripts/nix-upload-cache.sh
-
-    - name: Install Nix
-      uses: cachix/install-nix-action@v25
-      with:
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-          max-jobs = auto
-          http-connections = 128
-          connect-timeout = 5
-          substituters = https://cache.nixos.org https://ci-cache.troymoder.dev/cache/nix
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= troy-crates-nix-cache:Gzil33SGyR5pzjFPe1l4ACZy2lfXi3Y5R5cO6BmOwkE=⏎
-          post-build-hook = ${{ github.workspace }}/.github/scripts/nix-post-build-hook.sh
-
-    - name: Setup sccache
-      if: inputs.sccache_enabled == 'true'
-      uses: ./.github/actions/setup-sccache
-      with:
-        shell: ${{ inputs.shell }}
-
-    - name: Setup shell
-      shell: ${{ inputs.shell }}
-      run: |
-        echo "activated shell"
diff --git a/.github/actions/setup-sccache/action.yaml b/.github/actions/setup-sccache/action.yaml
deleted file mode 100644
index 0ff489a..0000000
--- a/.github/actions/setup-sccache/action.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: Setup SCCache
-description: Starts sccache server in the background (requires Nix and nix develop)
-inputs:
-  shell:
-    required: true
-    description: "Shell to use"
-runs:
-  using: "composite"
-  steps:
-    - name: Write GCS key for SCCache
-      shell: ${{ inputs.shell }}
-      run: |
-        echo "SCCACHE_GHA_ENABLED=false" >> $GITHUB_ENV
-        echo "SCCACHE_BUCKET=${{ env.S3_BUCKET }}" >> $GITHUB_ENV
-        echo "SCCACHE_ENDPOINT=https://${{ env.S3_ENDPOINT }}" >> $GITHUB_ENV
-        echo "SCCACHE_S3_KEY_PREFIX=cache/sccache" >> $GITHUB_ENV
-        echo "SCCACHE_REGION=auto" >> $GITHUB_ENV
-
-    - name: Start SCCache server
-      shell: ${{ inputs.shell }}
-      run: |
-        set -xeo pipefail
-        sccache --start-server
-        sccache -z
-
-    - name: Show sccache stats
-      uses: gacts/run-and-post-run@v1
-      with:
-        post: nix develop . --command sccache -s
diff --git a/.github/scripts/nix-post-build-hook.sh b/.github/scripts/nix-post-build-hook.sh
deleted file mode 100755
index 5c84777..0000000
--- a/.github/scripts/nix-post-build-hook.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-set -f # disable globbing
-export IFS=' '
-
-echo "${OUT_PATHS}" >>/tmp/nix-built-paths.txt
diff --git a/.github/scripts/nix-shell.sh b/.github/scripts/nix-shell.sh
index 3f79798..e0f4f88 100755
--- a/.github/scripts/nix-shell.sh
+++ b/.github/scripts/nix-shell.sh
@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 
 shell="${NIX_SHELL:-default}"
-nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command bash -e "$@"
+nix develop "${GITHUB_WORKSPACE:-.}#${shell}" --impure --command "$@"
diff --git a/.github/scripts/nix-upload-cache.sh b/.github/scripts/nix-upload-cache.sh
deleted file mode 100755
index c416f0e..0000000
--- a/.github/scripts/nix-upload-cache.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-if [[ ! -f /tmp/nix-cache-key.pem ]]; then
-	echo "Error: /tmp/nix-cache-key.pem not found"
-	exit 1
-fi
-
-if [[ -z "${NIX_CACHE_URL:-}" ]]; then
-	echo "Error: NIX_CACHE_URL not set"
-	exit 1
-fi
-
-if [[ -s /tmp/nix-built-paths.txt ]]; then
-	echo "Uploading $(wc -l </tmp/nix-built-paths.txt) paths to cache..."
-	nix copy \
-		--to "${NIX_CACHE_URL}&secret-key=/tmp/nix-cache-key.pem&multipart-upload=true" \
-		$(sort -u /tmp/nix-built-paths.txt | tr '\n' ' ') ||
-		echo "Warning: nix copy failed, continuing anyway"
-else
-	echo "No paths were built locally"
-fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8776142..737d63d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,37 +10,72 @@ env:
   CARGO_TERM_COLOR: always
   RUSTFLAGS: -Dwarnings
   RUSTDOCFLAGS: -Dwarnings
-  # These are read-only keys for a S3 bucket for sccache caching
-  S3_ENDPOINT: "6ca7d4e3d5c9496083876496fc36b8b0.r2.cloudflarestorage.com"
-  S3_BUCKET: "troy-crates-ci"
-  PUBLIC_S3_ACCESS_KEY: "b93e0986c42bc88d2d85dc087f2a94ba"
-  PUBLIC_S3_SECRET_KEY: "60bc5cfd8b121d0acb35d829755b587d29fd8da212c5a81fc4df3be0f433282e"
 
 concurrency:
   group: ci-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  fmt:
-    name: Format
+  test:
+    name: Test
     runs-on: ubuntu-latest
     permissions: &read-permissions
       contents: read
-    defaults:
+    defaults: &defaults
       run:
-        shell: &shell bash -c ". $GITHUB_WORKSPACE/.github/scripts/nix-shell.sh {0}"
+        shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup environment
-        uses: ./.github/actions/ci-setup
+      - &setup-nix
+        name: Setup environment
+        uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e
         with:
-          shell: *shell
           nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "false"
+          nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }}
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }}
+          s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }}
+          s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }}
+
+      - &setup-sccache
+        name: Setup sccache
+        uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e
+        with:
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          sccache_command: ${{ github.workspace }}/.github/scripts/nix-shell.sh sccache
+
+      - name: Run tests
+        run: just test
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          files: lcov.info
+          fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload test results to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          files: target/nextest/**/junit.xml
+          report_type: test_results
+          fail_ci_if_error: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  fmt:
+    name: Format
+    runs-on: ubuntu-latest
+    permissions: *read-permissions
+    defaults: *defaults
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - *setup-nix
 
       - name: Check formatting
         run: just fmt
@@ -52,21 +87,14 @@ jobs:
     name: Sync README
     runs-on: ubuntu-latest
     permissions: *read-permissions
-    defaults:
-      run:
-        shell: *shell
+    defaults: *defaults
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup environment
-        uses: ./.github/actions/ci-setup
-        with:
-          shell: *shell
-          nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "true"
+      - *setup-nix
+
+      - *setup-sccache
 
       - name: Sync README
         run: just sync-readme-test
@@ -75,82 +103,30 @@ jobs:
     name: Clippy
     runs-on: ubuntu-latest
     permissions: *read-permissions
-    defaults:
-      run:
-        shell: *shell
+    defaults: *defaults
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup environment
-        uses: ./.github/actions/ci-setup
-        with:
-          shell: *shell
-          nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "true"
+      - *setup-nix
+
+      - *setup-sccache
 
       - name: Run clippy
         run: cargo clippy --all-targets --all-features
 
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-    permissions: *read-permissions
-    defaults:
-      run:
-        shell: *shell
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - name: Setup environment
-        uses: ./.github/actions/ci-setup
-        with:
-          shell: *shell
-          nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "true"
-
-      - name: Run tests
-        run: just test
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
-        with:
-          files: lcov.info
-          fail_ci_if_error: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-      - name: Upload test results to Codecov
-        uses: codecov/codecov-action@v5
-        with:
-          files: target/nextest/**/junit.xml
-          report_type: test_results
-          fail_ci_if_error: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-
   doc:
     name: Documentation
     runs-on: ubuntu-latest
     permissions: *read-permissions
-    defaults:
-      run:
-        shell: *shell
+    defaults: *defaults
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup environment
-        uses: ./.github/actions/ci-setup
-        with:
-          shell: *shell
-          nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "true"
+      - *setup-nix
+
+      - *setup-sccache
 
       - name: Check documentation
         run: just doc
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
index b9609cd..76dbef4 100644
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -7,10 +7,6 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
-  S3_ENDPOINT: "6ca7d4e3d5c9496083876496fc36b8b0.r2.cloudflarestorage.com"
-  S3_BUCKET: "troy-crates-ci"
-  PUBLIC_S3_ACCESS_KEY: "b93e0986c42bc88d2d85dc087f2a94ba"
-  PUBLIC_S3_SECRET_KEY: "60bc5cfd8b121d0acb35d829755b587d29fd8da212c5a81fc4df3be0f433282e"
 
 concurrency:
   group: release-pr-${{ github.ref }}
@@ -26,22 +22,31 @@ jobs:
       pull-requests: write
     defaults:
       run:
-        shell: &shell bash -c ". $GITHUB_WORKSPACE/.github/scripts/nix-shell.sh {0}"
+        shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
       - name: Setup environment
-        uses: ./.github/actions/ci-setup
+        uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e
         with:
-          shell: *shell
           nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "false"
+          nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }}
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }}
+          s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }}
+          s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }}
+
+      - name: Setup sccache
+        uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e
+        with:
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          sccache_command: ${{ github.workspace }}/.github/scripts/nix-shell.sh sccache
 
       - name: Update crates
-        run: release-plz update > /tmp/release-body.txt
+        run: release-plz update > ${{ runner.temp }}/release-body.txt
 
       - name: Sync README
         run: just sync-readme
@@ -59,11 +64,11 @@ jobs:
           fi
 
       - name: Create PR
-        if: steps.changes.outputs.has_changes == 'true'
+        if: ${{ steps.changes.outputs.has_changes == 'true' }}
         uses: peter-evans/create-pull-request@v8
         with:
           title: "chore: release"
           commit-message: "chore: release"
-          body-path: /tmp/release-body.txt
+          body-path: ${{ runner.temp }}/release-body.txt
           branch: release-pr
           labels: release
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index 56c8a48..bfa5969 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -8,10 +8,6 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
-  S3_ENDPOINT: "6ca7d4e3d5c9496083876496fc36b8b0.r2.cloudflarestorage.com"
-  S3_BUCKET: "troy-crates-ci"
-  PUBLIC_S3_ACCESS_KEY: "b93e0986c42bc88d2d85dc087f2a94ba"
-  PUBLIC_S3_SECRET_KEY: "60bc5cfd8b121d0acb35d829755b587d29fd8da212c5a81fc4df3be0f433282e"
 
 concurrency:
   group: release-publish-${{ github.ref }}
@@ -27,22 +23,25 @@ jobs:
       contents: write
     defaults:
       run:
-        shell: &shell bash -c ". $GITHUB_WORKSPACE/.github/scripts/nix-shell.sh {0}"
+        shell: ${{ github.workspace }}/.github/scripts/nix-shell.sh bash -e {0}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
 
       - name: Setup environment
-        uses: ./.github/actions/ci-setup
+        uses: troymoder/shared-actions/setup-nix@b114355b5a126b78c9e19920afa01075a32ee39e
         with:
-          shell: *shell
           nix_cache_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
-          s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
-          s3_secret_key: ${{ secrets.S3_SECRET_KEY }}
-          sccache_enabled: "false"
+          nix_cache_public_key: ${{ vars.NIX_CACHE_PUBLIC_KEY }}
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          s3_public_url: ${{ vars.S3_CACHE_PUBLIC_URL }}
+          s3_access_key: ${{ secrets.S3_CACHE_BUCKET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_ACCESS_KEY }}
+          s3_secret_access_key: ${{ secrets.S3_CACHE_BUCKET_SECRET_ACCESS_KEY || vars.S3_CACHE_BUCKET_PUBLIC_SECRET_ACCESS_KEY }}
 
-      - name: Release crates
-        env:
-          GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
-        run: release-plz release
+      - name: Setup sccache
+        uses: troymoder/shared-actions/setup-sccache@b114355b5a126b78c9e19920afa01075a32ee39e
+        with:
+          s3_bucket: ${{ vars.S3_CACHE_BUCKET }}
+          s3_endpoint: ${{ vars.S3_CACHE_ENDPOINT }}
+          sccache_command: ${{ github.workspace }}/.github/scripts/nix-shell.sh sccache