diff --git a/.github/actions/nix-install-ephemeral/action.yml b/.github/actions/nix-install-ephemeral/action.yml
index 5dbdabe8e..239f7777a 100644
--- a/.github/actions/nix-install-ephemeral/action.yml
+++ b/.github/actions/nix-install-ephemeral/action.yml
@@ -5,6 +5,14 @@ inputs:
     description: 'Whether to push build outputs to the Nix binary cache'
     required: false
     default: 'false'
+  enable-sccache-sandbox-path:
+    description: 'Whether to expose /nix/var/cache/sccache in the Nix sandbox'
+    required: false
+    default: 'false'
+  max-jobs:
+    description: 'Maximum number of parallel Nix builds'
+    required: false
+    default: ''
   aws-region:
     description: 'AWS region for the Nix binary cache S3 bucket'
     required: false
@@ -48,4 +56,8 @@ runs:
           substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
           trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
           ${{ inputs.push-to-cache == 'true' && 'post-build-hook = /etc/nix/upload-to-cache.sh' || '' }}
-          max-jobs = 4
+          ${{ inputs.enable-sccache-sandbox-path == 'true' && 'extra-sandbox-paths = /nix/var/cache/sccache?' || '' }}
+          ${{ inputs.max-jobs != '' && format('max-jobs = {0}', inputs.max-jobs) || '' }}
+          ${{ inputs.enable-sccache-sandbox-path == 'true' && 'auto-allocate-uids = true' || '' }}
+          ${{ inputs.enable-sccache-sandbox-path == 'true' && 'use-cgroups = true' || '' }}
+          experimental-features = nix-command flakes ${{ inputs.enable-sccache-sandbox-path == 'true' && 'cgroups auto-allocate-uids' || '' }}
diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
index d77f86b7c..910214b63 100644
--- a/.github/workflows/nix-build.yml
+++ b/.github/workflows/nix-build.yml
@@ -14,10 +14,6 @@ permissions:
   contents: write
   packages: write
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
 jobs:
   nix-eval:
     uses: ./.github/workflows/nix-eval.yml
@@ -40,17 +36,31 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix (ephemeral)
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         uses: ./.github/actions/nix-install-ephemeral
         with:
           push-to-cache: 'true'
+          enable-sccache-sandbox-path: ${{ matrix.postgresql_version && 'true' || 'false' }}
+          max-jobs: ${{ matrix.postgresql_version && '1' || '' }}
         env:
           DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
       - name: Install nix (self-hosted)
         if: ${{ matrix.attr != '' && matrix.runs_on.group == 'self-hosted-runners-nix' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Allow sccache cache write access
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        run: |
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -71,17 +81,31 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix (ephemeral)
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         uses: ./.github/actions/nix-install-ephemeral
         with:
           push-to-cache: 'true'
+          enable-sccache-sandbox-path: ${{ matrix.postgresql_version && 'true' || 'false' }}
+          max-jobs: ${{ matrix.postgresql_version && '1' || '' }}
         env:
           DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
       - name: Install nix (self-hosted)
         if: ${{ matrix.attr != '' && matrix.runs_on.group == 'self-hosted-runners-nix' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Allow sccache cache write access
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        run: |
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -102,9 +126,27 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Configure sccache for Nix builds
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          # Ensure sccache directory is writable by the build user
+          mkdir -p /nix/var/cache/sccache
+          chmod -R 755 /nix/var/cache/sccache
+          
+          # Update Nix configuration to allow access to sccache directory in sandbox
+          # Create temporary nix.conf with our additions
+          tee -a /etc/nix/nix.conf > /dev/null <<EOF
+          extra-sandbox-paths = /nix/var/cache/sccache
+          EOF
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -125,9 +167,27 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Configure sccache for Nix builds
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          # Ensure sccache directory is writable by the build user
+          mkdir -p /nix/var/cache/sccache
+          chmod -R 755 /nix/var/cache/sccache
+          
+          # Update Nix configuration to allow access to sccache directory in sandbox
+          # Create temporary nix.conf with our additions
+          tee -a /etc/nix/nix.conf > /dev/null <<EOF
+          extra-sandbox-paths = /nix/var/cache/sccache
+          EOF
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -148,14 +208,28 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-ephemeral
         with:
+          enable-sccache-sandbox-path: ${{ matrix.postgresql_version && 'true' || 'false' }}
+          max-jobs: ${{ matrix.postgresql_version && '1' || '' }}
           push-to-cache: 'true'
         env:
           DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+      - name: Allow sccache cache write access
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        run: |
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -176,14 +250,28 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-ephemeral
         with:
+          enable-sccache-sandbox-path: ${{ matrix.postgresql_version && 'true' || 'false' }}
+          max-jobs: ${{ matrix.postgresql_version && '1' || '' }}
           push-to-cache: 'true'
         env:
           DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+      - name: Allow sccache cache write access
+        if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
+        run: |
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -217,15 +305,3 @@ jobs:
       (needs.nix-build-packages-x86_64-linux.result == 'skipped' || needs.nix-build-packages-x86_64-linux.result == 'success') &&
       (needs.nix-build-checks-x86_64-linux.result == 'skipped' || needs.nix-build-checks-x86_64-linux.result == 'success')
     uses: ./.github/workflows/test.yml
-
-  docker-image-test:
-    needs: [nix-eval, nix-build-packages-aarch64-linux, nix-build-checks-aarch64-linux]
-    if: |
-      !cancelled() &&
-      needs.nix-eval.result == 'success' &&
-      (needs.nix-build-packages-aarch64-linux.result == 'skipped' || needs.nix-build-packages-aarch64-linux.result == 'success') &&
-      (needs.nix-build-checks-aarch64-linux.result == 'skipped' || needs.nix-build-checks-aarch64-linux.result == 'success')
-    uses: ./.github/workflows/docker-image-test.yml
-    secrets:
-      DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
-      NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
diff --git a/flake.nix b/flake.nix
index 4d9ccdbe4..4d3435286 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,7 +20,7 @@
     nix-editor.url = "github:snowfallorg/nix-editor";
     nix-eval-jobs.inputs.flake-parts.follows = "flake-parts";
     nix-eval-jobs.inputs.treefmt-nix.follows = "treefmt-nix";
-    nix-eval-jobs.url = "github:nix-community/nix-eval-jobs";
+    nix-eval-jobs.url = "github:jfroche/nix-eval-jobs/fix-warnings";
     nix2container.inputs.nixpkgs.follows = "nixpkgs";
     nix2container.url = "github:nlewo/nix2container";
     # Pin to a specific nixpkgs version that has compatible v8 and curl versions
diff --git a/nix/cargo-pgrx/buildPgrxExtension.nix b/nix/cargo-pgrx/buildPgrxExtension.nix
index a316015a5..1791f24d0 100644
--- a/nix/cargo-pgrx/buildPgrxExtension.nix
+++ b/nix/cargo-pgrx/buildPgrxExtension.nix
@@ -34,6 +34,7 @@
   stdenv,
   writeShellScriptBin,
   defaultBindgenHook,
+  sccache,
 }:
 
 # The idea behind: Use it mostly like rustPlatform.buildRustPackage and so
@@ -55,7 +56,7 @@
   postgresql,
   # enable override to generate bindings using bindgenHook.
   # Some older versions of cargo-pgrx use a bindgenHook that is not compatible with the
-  # current clang version present in stdenv
+  # current clang version present in stdenv
   bindgenHook ? defaultBindgenHook,
   # cargo-pgrx calls rustfmt on generated bindings, this is not strictly necessary, so we avoid the
   # dependency here. Set to false and provide rustfmt in nativeBuildInputs, if you need it, e.g.
@@ -157,12 +158,24 @@ let
         postgresql
         pkg-config
         bindgenHook
+        sccache
       ]
       ++ lib.optionals useFakeRustfmt [ fakeRustfmt ];
 
     buildPhase = ''
       runHook preBuild
 
+      ${lib.optionalString (!stdenv.hostPlatform.isDarwin) ''
+      if [[ -d "/nix/var/cache/sccache" && -w "/nix/var/cache/sccache" ]]; then
+        echo "sccache: cache directory available, enabling"
+        export RUSTC_WRAPPER="${sccache}/bin/sccache"
+        export SCCACHE_DIR="/nix/var/cache/sccache"
+        export SCCACHE_CACHE_SIZE="50G"
+      else
+        echo "sccache: cache directory not available, skipping"
+      fi
+      ''}
+
       echo "Executing cargo-pgrx buildPhase"
       ${preBuildAndTest}
       ${maybeEnterBuildAndTestSubdir}
@@ -183,6 +196,13 @@ let
         --features "${builtins.concatStringsSep " " buildFeatures}" \
         --out-dir "$out"
 
+      ${lib.optionalString (!stdenv.hostPlatform.isDarwin) ''
+      if [[ -n "''${RUSTC_WRAPPER:-}" ]]; then
+        echo "sccache stats:"
+        ${sccache}/bin/sccache --show-stats
+      fi
+      ''}
+
       ${maybeLeaveBuildAndTestSubdir}
 
       runHook postBuild
diff --git a/nix/docs/README.md b/nix/docs/README.md
index 0d7b080ee..11e9e3e18 100644
--- a/nix/docs/README.md
+++ b/nix/docs/README.md
@@ -35,6 +35,10 @@ learn how to play with `postgres` in the [build guide](./build-postgres.md).
 - **[Migration Tests](./migration-tests.md)** - Testing database migrations
 - **[Testing PG Upgrade Scripts](./testing-pg-upgrade-scripts.md)** - Testing PostgreSQL upgrades
 
+## CI/CD
+
+- **[sccache in CI](./sccache-ci.md)** - Rust compilation caching for pgrx extensions
+
 ## Reference
 
 - **[References](./references.md)** - Useful links and resources
diff --git a/nix/docs/sccache-ci.md b/nix/docs/sccache-ci.md
new file mode 100644
index 000000000..4e244027a
--- /dev/null
+++ b/nix/docs/sccache-ci.md
@@ -0,0 +1,88 @@
+# sccache in CI
+
+This document explains how sccache is integrated into the Nix CI pipeline to accelerate Rust compilation for pgrx-based PostgreSQL extensions.
+
+## Overview
+
+Building pgrx extensions (pg_graphql, pg_jsonschema, wrappers, etc.) involves significant Rust compilation.
+sccache caches compiled artifacts to speed up subsequent builds when source code hasn't changed.
+
+The integration required solving several challenges around Nix's sandboxed builds and CI runner persistence.
+
+## Architecture
+
+Ephemeral CI runners (Blacksmith) use stickydisk for persistent storage at `/nix/var/cache/sccache`.
+Self-hosted Darwin runners use a local directory at the same path.
+
+The cache is keyed by PostgreSQL version to avoid cross-version cache pollution:
+- Extension packages: `sccache-Linux-ARM64-pg17`, `sccache-Linux-ARM64-pg15`, etc.
+- Non-extension packages: `sccache-Linux-ARM64-shared`
+
+| Platform | Runner type | sccache enabled |
+|----------|-------------|-----------------|
+| x86_64-linux | Blacksmith ephemeral | Yes (extensions only) |
+| aarch64-linux | Blacksmith ephemeral | Yes (extensions only) |
+| aarch64-linux | Self-hosted (KVM packages) | No |
+| aarch64-darwin | Self-hosted | Yes (extensions only) |
+
+## Nix sandbox integration
+
+Nix builds run in a sandbox that isolates the build environment.
+To allow sccache to persist across builds, the cache directory must be mounted into the sandbox via `extra-sandbox-paths`.
+
+### Linux with auto-allocate-uids
+
+On Linux, we use Nix's `auto-allocate-uids` feature which creates user namespaces for builds.
+This introduces a UID mapping challenge.
+
+The base UID is 872415232 (0x34000000).
+Inside the sandbox, processes run as root (UID 0), but outside the sandbox this maps to UID 872415232.
+Files created inside the sandbox are owned by this mapped UID.
+
+The workflow changes ownership to UID 872415232 before builds to ensure cache access works correctly.
+
+### Darwin
+
+Darwin doesn't have user namespaces.
+Builds run as nixbld users (members of the `nixbld` group).
+The cache directory is owned by the nixbld group with setgid permissions.
+
+## Compromises and limitations
+
+### max-jobs = 1 for extensions
+
+With `auto-allocate-uids`, each parallel Nix build gets a different UID slot (872415232, 872480768, etc.).
+When multiple builds run in parallel, they create files with different ownership, causing EPERM errors when one build tries to update another's cache files.
+
+To avoid this, extension builds use `max-jobs = 1`, serializing Nix builds so all use the same UID slot.
+Non-extension packages don't use sccache and can build in parallel.
+
+### Blacksmith stickydisk last-writer-wins
+
+Blacksmith's stickydisk has "last writer wins" semantics for concurrent writes.
+If multiple jobs write to the same cache key simultaneously, only the last job's writes persist.
+
+We mitigate this by using per-PostgreSQL-version cache keys, reducing concurrent writes to the same cache.
+
+### Extensions only
+
+sccache is only enabled for extension packages (those with `postgresql_version` in the matrix).
+Non-extension packages (PostgreSQL itself, tooling) build without sccache to allow parallel builds.
+
+## Debugging
+
+To check sccache statistics, look for output at the end of extension builds:
+
+```
+sccache stats:
+Compile requests                    150
+Compile requests executed           148
+Cache hits                          120
+Cache misses                         28
+```
+
+## References
+
+- [Nix auto-allocate-uids](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-allocate-uids)
+- [sccache](https://github.com/mozilla/sccache)
+- [Blacksmith stickydisk](https://blacksmith.sh/docs/stickydisk)
diff --git a/nix/ext/pg_graphql/default.nix b/nix/ext/pg_graphql/default.nix
index 11ea156dc..8ab0a97a6 100644
--- a/nix/ext/pg_graphql/default.nix
+++ b/nix/ext/pg_graphql/default.nix
@@ -132,9 +132,11 @@ let
       supportedVersions;
   versionsBuilt = if latestOnly then [ latestVersion ] else versions;
   numberOfVersionsBuilt = builtins.length versionsBuilt;
-  packages = builtins.attrValues (
-    lib.mapAttrs (name: value: build name value.hash value.rust value.pgrx) versionsToUse
-  );
+  packagesAttrSet = lib.mapAttrs' (name: value: {
+    name = lib.replaceStrings [ "." ] [ "_" ] name;
+    value = build name value.hash value.rust value.pgrx;
+  }) versionsToUse;
+  packages = builtins.attrValues packagesAttrSet;
 in
 (buildEnv {
   name = pname;
@@ -187,6 +189,10 @@ in
         latestVersion
       else
         "multi-" + lib.concatStringsSep "-" (map (v: lib.replaceStrings [ "." ] [ "-" ] v) versions);
+    # Expose individual packages for CI to build separately
+    packages = packagesAttrSet // {
+      recurseForDerivations = true;
+    };
   };
 }).overrideAttrs
   (_: {
diff --git a/nix/ext/pg_jsonschema/default.nix b/nix/ext/pg_jsonschema/default.nix
index 4ec4f97a9..2f491a2d3 100644
--- a/nix/ext/pg_jsonschema/default.nix
+++ b/nix/ext/pg_jsonschema/default.nix
@@ -137,9 +137,11 @@ let
       { "${latestVersion}" = supportedVersions.${latestVersion}; }
     else
       supportedVersions;
-  packages = builtins.attrValues (
-    lib.mapAttrs (name: value: build name value.hash value.rust value.pgrx) versionsToUse
-  );
+  packagesAttrSet = lib.mapAttrs' (name: value: {
+    name = lib.replaceStrings [ "." ] [ "_" ] name;
+    value = build name value.hash value.rust value.pgrx;
+  }) versionsToUse;
+  packages = builtins.attrValues packagesAttrSet;
   versionsBuilt = if latestOnly then [ latestVersion ] else versions;
   numberOfVersionsBuilt = builtins.length versionsBuilt;
 in
@@ -186,6 +188,10 @@ in
         latestVersion
       else
         "multi-" + lib.concatStringsSep "-" (map (v: lib.replaceStrings [ "." ] [ "-" ] v) versions);
+    # Expose individual packages for CI to build separately
+    packages = packagesAttrSet // {
+      recurseForDerivations = true;
+    };
   };
 }).overrideAttrs
   (_: {
diff --git a/nix/packages/github-matrix/github_matrix.py b/nix/packages/github-matrix/github_matrix.py
index 81385c215..200b99d41 100755
--- a/nix/packages/github-matrix/github_matrix.py
+++ b/nix/packages/github-matrix/github_matrix.py
@@ -58,6 +58,7 @@ class GitHubActionPackage(TypedDict):
     system: System
     runs_on: RunsOnConfig
     postgresql_version: NotRequired[str]
+    cache_key: NotRequired[str]
 
 
 class NixEvalError(TypedDict):
@@ -209,8 +210,7 @@ def run_nix_eval_jobs(
 
 def is_extension_pkg(pkg: NixEvalJobsOutput) -> bool:
     """Check if the package is a postgresql extension package."""
-    attrs = pkg["attr"].split(".")
-    return attrs[-2] == "exts"
+    return ".exts." in pkg["attr"]
 
 
 # thank you buildbot-nix https://github.com/nix-community/buildbot-nix/blob/985d069a2a45cf4a571a4346107671adc2bd2a16/buildbot_nix/buildbot_nix/build_trigger.py#L297
@@ -247,6 +247,31 @@ def is_kvm_pkg(pkg: NixEvalJobsOutput) -> bool:
     return "kvm" in pkg.get("requiredSystemFeatures", [])
 
 
+def clean_package_for_output(pkg: NixEvalJobsOutput) -> GitHubActionPackage:
+    """Convert nix-eval-jobs output to GitHub Actions matrix package"""
+    runner = get_runner_for_package(pkg)
+    if runner is None:
+        raise ValueError(f"No runner configuration for system: {pkg['system']}")
+    returned_pkg: GitHubActionPackage = {
+        "attr": pkg["attr"],
+        "name": pkg["name"],
+        "system": pkg["system"],
+        "runs_on": runner,
+    }
+    if is_extension_pkg(pkg):
+        # Extract PostgreSQL version from attribute path
+        # e.g., legacyPackages.aarch64-linux.psql_17.exts.wrappers-pkgs.0_5_6
+        #   or  legacyPackages.aarch64-linux.psql_17.exts.pg_graphql
+        attrs = pkg["attr"].split(".")
+        exts_idx = attrs.index("exts")
+        pg_version = attrs[exts_idx - 1].split("_")[-1]
+        returned_pkg["postgresql_version"] = pg_version
+        returned_pkg["cache_key"] = f"pg{pg_version}"
+    else:
+        returned_pkg["cache_key"] = "shared"
+    return returned_pkg
+
+
 def get_runner_for_package(pkg: NixEvalJobsOutput) -> RunsOnConfig | None:
     """Determine the appropriate GitHub Actions runner for a package.
 
@@ -286,7 +311,7 @@ def main() -> None:
 
     args = parser.parse_args()
 
-    max_workers: int = os.cpu_count() or 1
+    max_workers: int = int(os.cpu_count() / 2) or 1
 
     cmd = build_nix_eval_command(max_workers, args.flake_outputs)
 
@@ -294,23 +319,6 @@ def main() -> None:
     packages, warnings_list, errors_list = run_nix_eval_jobs(cmd)
     gh_action_packages = sort_pkgs_by_closures(packages)
 
-    def clean_package_for_output(pkg: NixEvalJobsOutput) -> GitHubActionPackage:
-        """Convert nix-eval-jobs output to GitHub Actions matrix package"""
-        runner = get_runner_for_package(pkg)
-        if runner is None:
-            raise ValueError(f"No runner configuration for system: {pkg['system']}")
-        returned_pkg: GitHubActionPackage = {
-            "attr": pkg["attr"],
-            "name": pkg["name"],
-            "system": pkg["system"],
-            "runs_on": runner,
-        }
-        if is_extension_pkg(pkg):
-            # Extract PostgreSQL version from attribute path
-            attrs = pkg["attr"].split(".")
-            returned_pkg["postgresql_version"] = attrs[-3].split("_")[-1]
-        return returned_pkg
-
     # Group packages by system and type (checks vs packages)
     packages_by_system: Dict[System, List[GitHubActionPackage]] = defaultdict(list)
     checks_by_system: Dict[System, List[GitHubActionPackage]] = defaultdict(list)
diff --git a/nix/packages/github-matrix/tests/test_github_matrix.py b/nix/packages/github-matrix/tests/test_github_matrix.py
index 17ce8132d..2546eb6ee 100644
--- a/nix/packages/github-matrix/tests/test_github_matrix.py
+++ b/nix/packages/github-matrix/tests/test_github_matrix.py
@@ -4,6 +4,7 @@
 
 from github_matrix import (
     NixEvalJobsOutput,
+    clean_package_for_output,
     get_runner_for_package,
     is_extension_pkg,
     is_kvm_pkg,
@@ -260,3 +261,80 @@ def test_dependency_order(self):
 
         result = sort_pkgs_by_closures([pkg1, pkg2])
         assert result == [pkg1, pkg2]
+
+
+class TestCleanPackageForOutput:
+    def test_extension_package_simple_path(self):
+        """Test extension package like pg_graphql with simple attr path"""
+        pkg: NixEvalJobsOutput = {
+            "attr": "legacyPackages.aarch64-linux.psql_17.exts.pg_graphql",
+            "attrPath": [
+                "legacyPackages",
+                "aarch64-linux",
+                "psql_17",
+                "exts",
+                "pg_graphql",
+            ],
+            "cacheStatus": "notBuilt",
+            "drvPath": "/nix/store/test.drv",
+            "name": "pg_graphql",
+            "system": "aarch64-linux",
+        }
+        result = clean_package_for_output(pkg)
+        assert result["postgresql_version"] == "17"
+        assert result["cache_key"] == "pg17"
+
+    def test_extension_package_versioned_path(self):
+        """Test extension package like wrappers with version suffix in attr path"""
+        pkg: NixEvalJobsOutput = {
+            "attr": "legacyPackages.aarch64-linux.psql_17.exts.wrappers-pkgs.0_5_6",
+            "attrPath": [
+                "legacyPackages",
+                "aarch64-linux",
+                "psql_17",
+                "exts",
+                "wrappers-pkgs",
+                "0_5_6",
+            ],
+            "cacheStatus": "notBuilt",
+            "drvPath": "/nix/store/test.drv",
+            "name": "wrappers-0.5.6",
+            "system": "aarch64-linux",
+        }
+        result = clean_package_for_output(pkg)
+        assert result["postgresql_version"] == "17"
+        assert result["cache_key"] == "pg17"
+
+    def test_extension_package_pg15(self):
+        """Test extension package with PostgreSQL 15"""
+        pkg: NixEvalJobsOutput = {
+            "attr": "legacyPackages.x86_64-linux.psql_15.exts.pg_cron",
+            "attrPath": [
+                "legacyPackages",
+                "x86_64-linux",
+                "psql_15",
+                "exts",
+                "pg_cron",
+            ],
+            "cacheStatus": "notBuilt",
+            "drvPath": "/nix/store/test.drv",
+            "name": "pg_cron",
+            "system": "x86_64-linux",
+        }
+        result = clean_package_for_output(pkg)
+        assert result["postgresql_version"] == "15"
+        assert result["cache_key"] == "pg15"
+
+    def test_non_extension_package(self):
+        """Test non-extension package gets shared cache key"""
+        pkg: NixEvalJobsOutput = {
+            "attr": "legacyPackages.x86_64-linux.psql_15",
+            "attrPath": ["legacyPackages", "x86_64-linux", "psql_15"],
+            "cacheStatus": "notBuilt",
+            "drvPath": "/nix/store/test.drv",
+            "name": "postgresql-15.0",
+            "system": "x86_64-linux",
+        }
+        result = clean_package_for_output(pkg)
+        assert "postgresql_version" not in result
+        assert result["cache_key"] == "shared"