diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml
index 378552f..c966ae1 100644
--- a/.github/workflows/cache.yml
+++ b/.github/workflows/cache.yml
@@ -29,5 +29,5 @@ jobs:
         nix run github:AtaraxiaSjel/attic#attic -- login dev https://cache.ataraxiadev.com/ ${{ secrets.ATTIC_TOKEN }}
     - name: Build system and push to cache
       run: |
-        nix shell -f . nix-build-uncached -c nix-build-uncached ci.nix
-        nix run github:AtaraxiaSjel/attic#attic -- attic push ataraxiadev ./result*
+        nix develop .#ci -c nix-build-uncached ci.nix
+        nix develop .#ci -c attic push ataraxiadev ./result*
diff --git a/.github/workflows/iso.yml b/.github/workflows/iso.yml
index b0c62ae..1b4c5b1 100644
--- a/.github/workflows/iso.yml
+++ b/.github/workflows/iso.yml
@@ -29,7 +29,7 @@ jobs:
     - name: Push ISO to artifacts
       uses: actions/upload-artifact@v3
       with:
-        name: nix-flakes.iso
+        name: nix-flakes.iso.zip
         path: result/iso/*.iso
         if-no-files-found: error
         retention-days: 30
\ No newline at end of file
diff --git a/ci.nix b/ci.nix
index 5990ade..4e64d59 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,7 @@
 let
   outputs = builtins.getFlake (toString ./.);
-  pkgs = outputs.inputs.nixpkgs;
-  host-workstation = pkgs.lib.collect pkgs.lib.isDerivation outputs.packages.x86_64-linux.host-workstation;
-  host-hypervisor = pkgs.lib.collect pkgs.lib.isDerivation outputs.packages.x86_64-linux.host-hypervisor;
-in host-workstation ++ host-hypervisor
+  system = "x86_64-linux";
+  pkgs = import outputs.inputs.nixpkgs { inherit system; };
+  host-workstation = (pkgs.callPackage ./scripts/force_cached.nix {}) outputs.packages.x86_64-linux.host-workstation;
+  host-hypervisor = (pkgs.callPackage ./scripts/force_cached.nix {}) outputs.packages.x86_64-linux.host-hypervisor;
+in host-workstation // host-hypervisor
diff --git a/flake.nix b/flake.nix
index 99d4e29..a5dcfd1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -159,8 +159,7 @@
     };
 
     outputsBuilder = channels: let
-      pkgs = channels.unstable;
-      pkgs-zfs = channels.unstable-zfs;
+      pkgs = channels.unstable-zfs;
       # FIXME: nixos-rebuild with --flake flag doesn't work with doas
       rebuild = pkgs.writeShellScriptBin "rebuild" ''
         if [[ -z $1 ]]; then
@@ -187,12 +186,21 @@
         nix flake lock --update-input hyprland
       '';
     in {
-      devShells.default = channels.unstable.mkShell {
-        name = "aliases";
-        packages = with pkgs; [
-          rebuild update-vscode upgrade upgrade-hyprland
-          nixfmt nixpkgs-fmt statix vulnix deadnix
-        ];
+      devShells = {
+        default = pkgs.mkShell {
+          name = "aliases";
+          packages = with pkgs; [
+            rebuild update-vscode upgrade upgrade-hyprland
+            nixfmt nixpkgs-fmt statix vulnix deadnix
+          ];
+        };
+        ci = pkgs.mkShell {
+          name = "ci";
+          packages = with pkgs; [
+            inputs.attic.packages.${pkgs.system}.attic
+            nix-build-uncached
+          ];
+        };
       };
       packages = {
         Flakes-ISO = nixos-generators.nixosGenerate {
diff --git a/profiles/nix/default.nix b/profiles/nix/default.nix
index 3e8bec9..f674c9b 100644
--- a/profiles/nix/default.nix
+++ b/profiles/nix/default.nix
@@ -29,6 +29,7 @@ with config.deviceSpecific; {
         "https://hyprland.cachix.org"
         "https://ataraxiadev-foss.cachix.org"
         "https://cache.ataraxiadev.com/ataraxiadev"
+        "https://numtide.cachix.org"
       ];
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@@ -37,6 +38,7 @@ with config.deviceSpecific; {
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
         "ataraxiadev-foss.cachix.org-1:ws/jmPRUF5R8TkirnV1b525lP9F/uTBsz2KraV61058="
         "ataraxiadev:V/fCdvz1bMsQzYZcLltcAULST+MoChv53EfedmyJ8Uw="
+        "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
       ];
       trusted-users = [ "root" config.mainuser "@wheel" ];
       use-xdg-base-directories = true;
diff --git a/scripts/force_cached.nix b/scripts/force_cached.nix
new file mode 100644
index 0000000..274592a
--- /dev/null
+++ b/scripts/force_cached.nix
@@ -0,0 +1,39 @@
+{ coreutils }:
+
+attrs:
+with builtins;
+let
+  # Copied from <nixpkgs/lib>
+  isDerivation = x: isAttrs x && x ? type && x.type == "derivation";
+
+  # Return true if `nix-build` would traverse that attribute set to look for
+  # more derivations to build.
+  hasRecurseIntoAttrs = x: isAttrs x && (x.recurseForDerivations or false);
+
+  # Wraps derivations that disallow substitutes so that they can be cached.
+  toCachedDrv = drv:
+    if !(drv.allowSubstitutes or true) then
+      derivation
+        {
+          name = "${drv.name}-to-cached";
+          system = drv.system;
+          builder = "/bin/sh";
+          args = [ "-c" "${coreutils}/bin/ln -s ${drv} $out; exit 0" ];
+        }
+    else
+      drv;
+
+  op = _: val:
+    if isDerivation val then
+      toCachedDrv val
+    else if hasRecurseIntoAttrs val then
+      forceCached val
+    else
+      val
+  ;
+
+  # Traverses a tree of derivation and wrap all of those that disallow
+  # substitutes.
+  forceCached = attrs: mapAttrs op attrs;
+in
+forceCached attrs