name: Nix

on:
  workflow_call:
    inputs:
      command:
        required: true
        type: string
    secrets:
      CACHIX_AUTH_TOKEN:
        required: false

permissions:
  contents: read
  id-token: write

jobs:
  nix:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5

      - name: "Install Nix"
        uses: cachix/install-nix-action@v31.8.2

      - uses: cachix/cachix-action@v16
        with:
          name: nyx
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
      - run: ${{ inputs.command }}