diff --git a/deploy-static-site/action.yaml b/deploy-static-site/action.yaml
index 12ac14c..11e9de7 100644
--- a/deploy-static-site/action.yaml
+++ b/deploy-static-site/action.yaml
@@ -1,6 +1,11 @@
 name: Deploy Static Site
 description: Build site with Nix, push tarball to S3, deploy via Nomad with shared static-server image
 
+# Expected env vars (set by calling workflow from secrets):
+#   AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
+#   NIX_SIGNING_KEY
+#   NOMAD_TOKEN
+
 inputs:
   domain:
     description: 'Domain the site is served at (e.g. toph.so)'
@@ -21,6 +26,16 @@ inputs:
     required: false
     default: 'contabo'
 
+  s3-endpoint:
+    description: 'S3 endpoint URL'
+    required: false
+    default: 'https://s3.toph.so'
+
+  s3-bucket:
+    description: 'S3 bucket for site tarballs and Nix cache'
+    required: false
+    default: 'nix-cache'
+
   smoke-test:
     description: 'Run a smoke test against the domain after deploy'
     required: false
@@ -31,22 +46,7 @@ runs:
   steps:
     - name: Install tools
       shell: bash
-      run: nix profile install nixpkgs#nomad nixpkgs#awscli2 nixpkgs#jq
-
-    - name: Read Nomad vars
-      shell: bash
-      run: |
-        S3_VARS=$(nomad var get -out json static-sites/s3)
-        echo "AWS_ACCESS_KEY_ID=$(echo "$S3_VARS"    | jq -r '.Items.access_key')" >> $GITHUB_ENV
-        echo "AWS_SECRET_ACCESS_KEY=$(echo "$S3_VARS" | jq -r '.Items.secret_key')" >> $GITHUB_ENV
-        echo "AWS_ENDPOINT_URL=$(echo "$S3_VARS"     | jq -r '.Items.endpoint')"    >> $GITHUB_ENV
-        echo "S3_BUCKET=$(echo "$S3_VARS"            | jq -r '.Items.bucket')"      >> $GITHUB_ENV
-
-        NIX_VARS=$(nomad var get -out json static-sites/nix)
-        echo "NIX_SIGNING_KEY=$(echo "$NIX_VARS" | jq -r '.Items.signing_key')" >> $GITHUB_ENV
-      env:
-        NOMAD_ADDR: ${{ inputs.nomad-addr }}
-        NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }}
+      run: nix profile install nixpkgs#nomad nixpkgs#awscli2
 
     - name: Build site
       shell: bash
@@ -58,7 +58,7 @@ runs:
         echo "${NIX_SIGNING_KEY}" > /tmp/nix-key
         nix store sign -k /tmp/nix-key --recursive ./result-site
         nix copy \
-          --to "s3://${S3_BUCKET}?endpoint=${AWS_ENDPOINT_URL}&access-key-id=${AWS_ACCESS_KEY_ID}&secret-access-key=${AWS_SECRET_ACCESS_KEY}" \
+          --to "s3://${{ inputs.s3-bucket }}?endpoint=${{ inputs.s3-endpoint }}&access-key-id=${AWS_ACCESS_KEY_ID}&secret-access-key=${AWS_SECRET_ACCESS_KEY}" \
           ./result-site
         rm /tmp/nix-key
 
@@ -68,7 +68,10 @@ runs:
         SITE_HASH=$(git rev-parse --short=12 HEAD)
         echo "SITE_HASH=${SITE_HASH}" >> $GITHUB_ENV
         tar czf /tmp/site.tar.gz -C result-site .
-        aws s3 cp /tmp/site.tar.gz "s3://${S3_BUCKET}/sites/${{ inputs.domain }}/${SITE_HASH}.tar.gz"
+        aws s3 cp \
+          --endpoint-url "${{ inputs.s3-endpoint }}" \
+          /tmp/site.tar.gz \
+          "s3://${{ inputs.s3-bucket }}/sites/${{ inputs.domain }}/${SITE_HASH}.tar.gz"
 
     - name: Deploy Nomad job
       shell: bash
@@ -76,10 +79,10 @@ runs:
         python3 "${{ github.action_path }}/generate-job.py" | nomad job run -json -
       env:
         NOMAD_ADDR: ${{ inputs.nomad-addr }}
-        NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }}
         DOMAIN: ${{ inputs.domain }}
         SERVER_IMAGE: ${{ inputs.server-image }}
         DATACENTER: ${{ inputs.datacenter }}
+        S3_BUCKET: ${{ inputs.s3-bucket }}
 
     - name: Smoke test
       if: inputs.smoke-test == 'true'