There is security.wrappers which you can use to to create a wrapper for a binary, see https://nixos.org/nixos/options.html#wrappers
The wrapper can in turn be found in /run/wrappers/bin/<name>
Another option of course is to start the daemon via systemd, where you can either start it as the root user or set the correct Capabilities.
I hope this helps!