In case you might have a custom truststore with self-signed certificates, this is what you can do:
- Export all trusted certs in one big bundle
security export -t certs -f pemseq -k /Library/Keychains/System.keychain -o /tmp/certs-system.pem
security export -t certs -f pemseq -k /System/Library/Keychains/SystemRootCertificates.keychain -o /tmp/certs-root.pem
cat /tmp/certs-root.pem /tmp/certs-system.pem > /tmp/ca_cert.pem
- Copy bundle to /etc/nix/
sudo mv /tmp/ca_cert.pem /etc/nix/
- Edit launchctl plist of nix-daemon
sudo vi /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- Ensure the EnvironmentVariables key is present:
<key>EnvironmentVariables</key>
<dict>
<key>NIX_SSL_CERT_FILE</key>
<string>/etc/nix/ca_cert.pem</string>
<key>SSL_CERT_FILE</key>
<string>/etc/nix/ca_cert.pem</string>
<key>REQUEST_CA_BUNDLE</key>
<string>/etc/nix/ca_cert.pem</string>
</dict>
<key>ProgramArguments</key>
<array>
- Reload nix-daemon service
sudo launchctl unload /Libray/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load /Libray/LaunchDaemons/org.nixos.nix-daemon.plist
- Verify service contains EnvironmentVariables
sudo launchctl print system/org.nixos.nix-daemon