diff --git a/.github/workflows/check-shell.yml b/.github/workflows/check-shell.yml
index d148563c43110..3e8df619dbd14 100644
--- a/.github/workflows/check-shell.yml
+++ b/.github/workflows/check-shell.yml
@@ -30,4 +30,4 @@ jobs:
       - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
 
       - name: Build shell
-        run: nix-build shell.nix
+        run: nix-build ci -A shell
diff --git a/.github/workflows/eval-lib-tests.yml b/.github/workflows/lib-tests.yml
similarity index 90%
rename from .github/workflows/eval-lib-tests.yml
rename to .github/workflows/lib-tests.yml
index 722371ac19a29..0643f980381b4 100644
--- a/.github/workflows/eval-lib-tests.yml
+++ b/.github/workflows/lib-tests.yml
@@ -28,4 +28,4 @@ jobs:
 
       - name: Building Nixpkgs lib-tests
         run: |
-          nix-build --arg pkgs "(import ./ci/. {}).pkgs" ./lib/tests/release.nix
+          nix-build ci -A lib-tests
diff --git a/.github/workflows/manual-nixos-v2.yml b/.github/workflows/manual-nixos-v2.yml
index 26fa03aba9b46..d69cf3bbf409d 100644
--- a/.github/workflows/manual-nixos-v2.yml
+++ b/.github/workflows/manual-nixos-v2.yml
@@ -46,7 +46,7 @@ jobs:
 
       - name: Build NixOS manual
         id: build-manual
-        run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.${{ matrix.system }}
+        run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual --argstr system ${{ matrix.system }}
 
       - name: Upload NixOS manual
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
diff --git a/.github/workflows/manual-nixpkgs-v2.yml b/.github/workflows/manual-nixpkgs-v2.yml
index a97bd0aac7194..66075b7089db3 100644
--- a/.github/workflows/manual-nixpkgs-v2.yml
+++ b/.github/workflows/manual-nixpkgs-v2.yml
@@ -32,4 +32,4 @@ jobs:
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
       - name: Building Nixpkgs manual
-        run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests
+        run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual-nixpkgs -A manual-nixpkgs-tests
diff --git a/.github/workflows/nix-parse-v2.yml b/.github/workflows/nix-parse-v2.yml
index cc988e20bd6eb..019ad770672b0 100644
--- a/.github/workflows/nix-parse-v2.yml
+++ b/.github/workflows/nix-parse-v2.yml
@@ -15,18 +15,6 @@ jobs:
     needs: get-merge-commit
     if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
     steps:
-      - name: Get list of changed files from PR
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh api \
-            repos/${{ github.repository }}/pulls/${{github.event.number}}/files --paginate \
-            | jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
-            > "$HOME/changed_files"
-          if [[ -s "$HOME/changed_files" ]]; then
-            echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
-          fi
-
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
@@ -37,11 +25,7 @@ jobs:
           extra_nix_config: sandbox = true
           nix_path: nixpkgs=channel:nixpkgs-unstable
 
-      - name: Parse all changed or added nix files
+      - name: Parse all nix files
         run: |
-          ret=0
-          while IFS= read -r file; do
-            out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
-          done < "$HOME/changed_files"
-          exit "$ret"
-        if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
+          # Tests multiple versions at once, let's make sure all of them run, so keep-going.
+          nix-build ci -A parse --keep-going
diff --git a/ci/default.nix b/ci/default.nix
index 67f59d61bfd4e..dd21e18584928 100644
--- a/ci/default.nix
+++ b/ci/default.nix
@@ -70,4 +70,16 @@ in
   requestReviews = pkgs.callPackage ./request-reviews { };
   codeownersValidator = pkgs.callPackage ./codeowners-validator { };
   eval = pkgs.callPackage ./eval { };
+
+  # CI jobs
+  lib-tests = import ../lib/tests/release.nix { inherit pkgs; };
+  manual-nixos = (import ../nixos/release.nix { }).manual.${system} or null;
+  manual-nixpkgs = (import ../pkgs/top-level/release.nix { }).manual;
+  manual-nixpkgs-tests = (import ../pkgs/top-level/release.nix { }).manual.tests;
+  parse = pkgs.lib.recurseIntoAttrs {
+    latest = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.latest; };
+    lix = pkgs.callPackage ./parse.nix { nix = pkgs.lix; };
+    minimum = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.minimum; };
+  };
+  shell = import ../shell.nix { inherit nixpkgs system; };
 }
diff --git a/ci/parse.nix b/ci/parse.nix
new file mode 100644
index 0000000000000..26ac0f785fd44
--- /dev/null
+++ b/ci/parse.nix
@@ -0,0 +1,43 @@
+{
+  lib,
+  nix,
+  runCommand,
+}:
+let
+  nixpkgs =
+    with lib.fileset;
+    toSource {
+      root = ../.;
+      fileset = (fileFilter (file: file.hasExt "nix") ../.);
+    };
+in
+runCommand "nix-parse-${nix.name}"
+  {
+    nativeBuildInputs = [
+      nix
+    ];
+  }
+  ''
+    export NIX_STORE_DIR=$TMPDIR/store
+    export NIX_STATE_DIR=$TMPDIR/state
+
+    cd "${nixpkgs}"
+
+    # Passes all files to nix-instantiate at once.
+    # Much faster, but will only show first error.
+    parse-all() {
+      find . -type f -iname '*.nix' | xargs -P $(nproc) nix-instantiate --parse >/dev/null 2>/dev/null
+    }
+
+    # Passes each file separately to nix-instantiate with -n1.
+    # Much slower, but will show all errors.
+    parse-each() {
+      find . -type f -iname '*.nix' | xargs -n1 -P $(nproc) nix-instantiate --parse >/dev/null
+    }
+
+    if ! parse-all; then
+      parse-each
+    fi
+
+    touch $out
+  ''
diff --git a/nixos/tests/scion/freestanding-deployment/default.nix b/nixos/tests/scion/freestanding-deployment/default.nix
index ca6c7cffc30eb..7dbd10c225a5e 100644
--- a/nixos/tests/scion/freestanding-deployment/default.nix
+++ b/nixos/tests/scion/freestanding-deployment/default.nix
@@ -23,7 +23,7 @@ import ../../make-test-python.nix (
           networkConfig.Address = "192.168.1.${toString hostId}/24";
         };
         environment.etc = {
-          "scion/topology.json".source = ./topology${toString hostId}.json;
+          "scion/topology.json".source = ./topology + "${toString hostId}.json";
           "scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}";
           "scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc";
           "scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw==";
diff --git a/pkgs/test/make-binary-wrapper/default.nix b/pkgs/test/make-binary-wrapper/default.nix
index 6f086de299a0b..715b28f912e49 100644
--- a/pkgs/test/make-binary-wrapper/default.nix
+++ b/pkgs/test/make-binary-wrapper/default.nix
@@ -20,7 +20,7 @@ let
     runCommand "make-binary-wrapper-test-${testname}" env ''
       mkdir -p tmp/foo # for the chdir test
 
-      source=${./${testname}}
+      source=${./. + "/${testname}"}
 
       params=$(<"$source/${testname}.cmdline")
       eval "makeCWrapper /send/me/flags $params" > wrapper.c