I believe the README.md could use an introduction section that answers the following questions:

• how does nix-darwin relate to https://nixos.org/nix/download.html
• what the provided darwin-rebuild and darwin-option tools are and how they relate to nixos-rebuild.

The Install section should probably say, that you want to install nixos via https://nixos.org/nix/download.html first?

Also, I guess a note that bash is required for the script to work, and there is no zsh support?

I'm making a separate issue for this.

I've done some hacking locally (and trashed my /nix/store/ several times) and have a broken implementation I can push to my fork tomorrow or Wednesday.

The main issues are with /s in the etc config (see nixpkgs/nixos/modules/programs/fish.nix) and by extension the foreign-env/ config. I'm guessing/hoping you can get it sorted once I push. 😄

After installing nix-darwin I get the error message below when trying to

• darwin-rebuild build, or
• install a package with nix-env

download-from-binary-cache.pl: Nix was not compiled with libsodium, required for signed binary cache support at /nix/store/qfwm0b5qkr8v8gsv9dh2z3arky9p1myg-nix-1.11.5/lib/perl5/site_perl/5.22.2/darwin-2level/Nix/Manifest.pm line 479.
error: substituter ‘download-from-binary-cache.pl’ died unexpectedly

I got this error message earlier today and after that I

• removed /nix, /etc/nix and /etc/static
• installed Nix again
• setup nix-darwin

The system was up again, but after making a change to my darwin-configuration.nix I tried darwin-rebuild build and got the above error message again. I also tried to install something with nix-env, but got the above error message again.

To see if it is an issue with nix and not nix-darwin, I again removed /nix, /etc/nix and /etc/static and did a new installation of Nix. I confirmed that I could install something with nix-env. Then setup nix-darwin. The system is up again, but now if try to install something with nix-env I get the above error message again.

I hope the information I have provided is helpful. I'm not experienced with Nix at all.

Thanks for making this! Please let me know if I can be of any assistance :)

I'd love to use this system, but I'm loath to touch system-managed areas like /etc. It appears there are at least a few places in the current implementation where /etc is hard-wired. Would it be difficult to allow the user to specify an alternate install location?

Should the nix-daemon service be enabled by default now that the nix installer is in multi-user mode?

If not, this is probably something that needs documentation.

Currently services.nix-daemon does not set the variables NIX_BUILD_HOOK or NIX_REMOTE_SYSTEMS when nix.buildMachines or nix.distributedBuilds is set.

Maybe this is nothing to worry about right now? We've deliberately stayed on Sierra at work because of problems with High Sierra (NixOS/nix#1583), I suppose anyone else who is aware of that issue is holding back too.

It's impossible to configure NIX_SSL_CERT_FILE for services.nix-daemon due to

I'd suggest adding a configuration option which takes a list of certificate files and concatenates everything together into one large .crt which is then then set as the value for NIX_SSL_CERT_FILE for the daemon.

When I open a new terminal and run darwin-rebuild switch, I get

$ darwin-rebuild switch
building the system configuration...
error: file ‘darwin’ was not found in the Nix search path (add it using $NIX_PATH or -I)

Not sure if I'm missing a step from the installation instructions, or if there's something else going on. If I run $ export NIX_PATH=darwin=$HOME/.nix-defexpr/darwin:darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:$NIX_PATH, I am able to run darwin-rebuild switch successfully:

$ darwin-rebuild switch
building the system configuration...
writing defaults...
setting up user launchd services...
setting up ~/Applications...
setting up /etc...
setting up launchd services...
configuring time...
configuring networking...
$

I have in my /etc/bashrc

[ ... ]
export PATH=$HOME/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
export EDITOR="nano"
export NIX_CONF_DIR="/etc/nix"
export NIX_OTHER_STORES="/run/nix/remote-stores/*/nix"
export NIX_PATH="darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels:$HOME/.nix-defexpr/channels"
[ ... ]

However after running . /etc/bashrc I don't get the NIX_PATH I expect.

Some part of the system activation seems to change the permissions of /nix/store.
This causes issues with single user installs.

Hi, this project is amazing!

I have hacked together nix configs before, but I really would like to learn the "right" way to handle this situation. I'm opening an issue here because I think many people who use this project know nix very well:

Here is a snippet from my ~/.nixpkgs/darwin-configuration.nix to add a custom prompt to zsh:

{ config, lib, pkgs, ... }:
let
  pureZshSrc = pkgs.fetchFromGitHub {
    owner = "bkase";
    repo = "pure";
    rev = "fdae02de51d940db59004ac93c24530cdb972376";
    sha256 = "1wp30lsqyz17swxhml2ryn7kx32kf8r1fcc244cwchzi77bwjv6c";
  };
  pureZsh = pkgs.stdenv.mkDerivation rec {
    name = "pure-zsh-${version}";
    version = "2017-03-04";
    src = pureZshSrc;

    installPhase = ''
      mkdir -p $out/share/zsh/site-functions
      cp pure.zsh $out/share/zsh/site-functions/prompt_pure_setup
      cp async.zsh $out/share/zsh/site-functions/async
    '';
  };
in
{
  environment.systemPackages =
    [ pkgs.nix-repl
      pureZsh
    ];

  programs.zsh.enable = true;
  programs.zsh.promptInit = ''
    # enable my pure prompt fork
    fpath+=( "${pureZsh.out}/share/zsh/site-functions" $fpath )

    autoload -U promptinit && promptinit
    prompt pure
  '';
/* ... */

This seems ugly for a few reasons:

1. I clearly shouldn't be inlining the definition the pure zsh prompt package. Would you recommend putting this in a separate file and importing it?
2. It feels strange to be doing a stdenv.mkDerivation just to rename a file. Is there a simpler way to do this?
3. Needing to extend fpath in the promptInit seems wrong. And there is a coupling between the pureZsh system package and the promptInit.

It makes sense how to add something like pureZsh as a mkOption on the zsh program, but this is a fork of this prompt theme, so it seems like something that wouldn't be upstreamed and should be local to my darwin-configuration.nix.

Thanks in advance!

wireguard-go now supports macOS. See https://lists.zx2c4.com/pipermail/wireguard/2018-May/002854.html

It might be nice to have some configuration for this, similar to what the NixOS module provides.

I “accidentally” enabled nix-daemon, and now (after disabling it) whenever I try darwin-rebuild build, it errors with “the group ‘nixbld’ specified in ‘build-users-group’ does not exist”

How can I get it to not try to start nix-daemon now?

When I place nixpkgs.config.programs.tmux.enable = true; in my darwin-configuration.nix, it doesn't seem to take effect and install https://github.com/NixOS/nixpkgs/blob/release-18.03/nixos/modules/programs/tmux.nix.

Here's a simplified version of my darwin-configuration.nix:

{ config, lib, pkgs, ... }:
{
  # ...
  nixpkgs.config.programs.tmux.enable = true;
  # ...
}

I also tried to put nixpkgs.config.programs.tmux.enable = true; in ~/.nixpkgs/config.nix but it still doesn't seem to take effect.

What is the correct way to set nixpkgs.config.programs?

After the restart, I'm unable to use darwin-rebuild:

% darwin-rebuild build
building the system configuration...
warning: Nix search path entry ‘/nix/var/nix/profiles/per-user/root/channels’ does not exist, ignoring
error: file ‘darwin’ was not found in the Nix search path (add it using $NIX_PATH or -I)

After fixing it manually, it starts to build but not switch:

% export NIX_PATH=darwin=$HOME/.nix-defexpr/darwin:darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:nixpkgs=$HOME/.nix-defexpr/channels/nixpkgs:$HOME/.nix-defexpr/channels
% darwin-rebuild switch
building the system configuration...
warning: Nix search path entry ‘/nix/var/nix/profiles/per-user/root/channels’ does not exist, ignoring
error: file ‘darwin’ was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:1
error: Changed <darwin> but target does not exist, aborting activation
Add the darwin repo as a channel or set nix.nixPath:
$ sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
$ sudo nix-channel --update

or set

    nix.nixPath = [ "darwin=/Users/ignat/.nix-defexpr/darwin" ];

If I follow the advice, the graphical systems restarts once again with no noticeable effect.

Before 1d0ecb8 it used to work. What can I do now to get it working back?

Using a MacBook Air with a fresh install of 10.13 on an encrypted case-insensitive APFS volume. When following the manual install instructions, I get as far as $(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild build before the OS locks up and I have to reboot.

A while ago I made a folder icon to use for the /nix/ directory:

It's just an old macOS folder with the Nix logo on top of it. Here's the script to set it up:

https://github.com/matthewbauer/macNixOS/blob/master/install-folder-icon.sh

Is there any way to integrate this into nix-darwin? I haven't looked much on the inner workings and I suspect that it would be "impure" because SetFile is closed-source and /nix, etc...

Right now, the documentation mentions the potential collision with /etc/bashrc. It's probably best to extend this paragraph so it mentions we should look out for any warnings similar as the above, with the required course of action.
Affects at least:

• nix module
• zsh module
• fish module

Just so that we have more users, it would be nice to get launchd stuff here using lib.toPlist from Nixpkgs. I can contribute fixes there if implementation needs to change. Otherwise it should just be this line:

https://github.com/LnL7/nix-darwin/blob/master/modules/launchd/default.nix#L13

to something like

 value.text = lib.generators.toPlist {} value.serviceConfig;

Darwin allows dynamic loading of kernel modules with sudo kextload $kextpath and unloading with sudo kextunload $kextpath.
Maybe we can have nix-darwin load kexts from nix packages (I'm thinking for the NVIDIA CUDA drivers). The kexts must have permissions of user=root, group=wheel so it may not work in the store.

# Scan packages for $out/Library/Extensions/*.kext
system.extraModulePackages = [ ];

Then we can add options for loading the modules from nixpkgs-generated store paths:

hardware.gpu.nvidiaCuda = true;

which would add the CUDA kext to system.extraModulePackages, in addition to adding the CUDA package to systemPackages

Hopefully that makes sense!

I got a new MacBook, so the first thing I did was

open Terminal

curl https://nixos.org/nix/install | sh

open new Terminal

bash <(curl https://raw.githubusercontent.com/LnL7/nix-darwin/master/bootstrap.sh)

But bootstrap.sh fails with

Copying example configuration to ~/.nixpkgs/darwin-configuration.nix...
cp: /Users/greg/.nix-defexpr/darwin/modules/examples/simple.nix: No such file or directory

and this is because line 141 seems to install the channel under “/nix/var/nix/profiles/per-user/greg/channels/darwin” (“greg” instead of “root”), so the symlink created at line 145 is pointing at nothing.

Not really sure where this issue should live, so I’m starting here.

Looking at it in more detail, there are some other differences, but the key thing here is that “/run/current-system/sw/bin” isn’t in the paths seen by Emacs. I’m not sure if this is an issue from the Emacs side or the way that nix-darwin sets up Mac applications (running emacs from the command-line gives paths with “/run/current-system”).

I tried overriding the gitAndTools.hub package without success. It'd be nice to have a working example in the docs here.

NixOS already has a bunch of infrastructure for this and makes it a lot nicer to get an overview of the available options including their description, etc.

Issue description

https://gist.github.com/qmmdb/3bb39f0b78a9c5da1916172ececb86fd

ld: library not found for -lncurses
clang-4.0: error: linker command failed with exit code 1 (use -v to see invocation)
`clang' failed in phase `Linker'. (Exit code: 1)

Steps to reproduce

Run nix-shell -p haskell.compiler.ghcjs

Technical details

• system: "x86_64-darwin"
• host os: Darwin 16.7.0, macOS 10.12.6
• multi-user?: yes
• sandbox: no
• version: nix-env (Nix) 1.11.16
• channels(root): "nixpkgs-18.03pre125021.73a01aa028c"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixpkgs

I'm using the lnl.nix kwm and khd configurations and I see that the files are being created in /etc/per-user/{user}/... However kwm and khd do not read from that location. When I copy the files to $HOME/.khdrc and $HOME/kwm/.kwmrc everything start working as expected.

Any ideas?

I am trying to add an option for the Dark Mode in Mojave.

When I enable it, it sets NSGlobalDomain.AppleInterfaceStyle to Dark and when I disable it, it simply removes the key. I am not sure how to handle this with the current defaults-write framework. Should I just make up an arbitrary value (e.g. Light and say that it is the default)?

To be honest, I don’t really know how defaults work on macOS, but I noticed that setting this key does not really switch the UI. Is this just how it works or should I look for some special command that will force it to apply the change?

Hi there,

I currently have a setup using the latest version of nix-darwin, and a fairly recent nixpkgs checkout. If I enable nix.package = pkgs.nix, my darwin-rebuild switch fails.

I'm using a nix.nixPath that looks something like this:

nix.nixPath = [
    "darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
     ("nixpkgs=" + (import ../../packages/darwin-nixpkgs { inherit lib; }))
     "/nix/var/nix/profiles/per-user/root/channels"
     "$HOME/.nix-defexpr/channels"
];

Which basically is fixing my nixpkgs path to a specific checkout url. This works totally fine, until I add the nix.package = pkgs.nix line. The failure looks like this:

warning: unknown setting 'signed-binary-caches'
warning: unknown setting 'signed-binary-caches'
warning: unknown setting 'signed-binary-caches'
error: imported archive of ‘/nix/store/bwls0n1kp1zf3ssxmj1xmk3aqg5qllxc-ff3fe105f209a5e934b4062a9259e1e0cc587c8e.tar.gz’ lacks a signature
error: Changed <nixpkgs> but target does not exist, aborting activation
Add a nixpkgs channel or set nix.nixPath:
$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs
$ nix-channel --update

or set

warning: unknown setting 'signed-binary-caches'
error: imported archive of ‘/nix/store/bwls0n1kp1zf3ssxmj1xmk3aqg5qllxc-ff3fe105f209a5e934b4062a9259e1e0cc587c8e.tar.gz’ lacks a signature
    nix.nixPath = [ "nixpkgs=" ];

I've tried setting nix.requiresSignedPackages to false, but it doesn't seem to help. It looks like my nix-daemon config is receiving settings for nix2.0, while running the 1.11 version?

What's the proper way to have darwin-rebuild be capable of upgrading nix itself? I have a few different mac machines that need a similar upgrade and allowing a single setting file + darwin-rebuild switch would be ideal :) I do know I could probably fix this by manually upgrading my nix on the default profile, but that feels like I'm losing the power of darwin nix. Is there something I"m missing?

In my script to set up a new Mac, I have sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string $new_hostname. I can't find anything saying whether this is still used in High Sierra (I assume it is?) but it does not produce an error. Could be a good thing to add at

I tried nix-darwin for the first time and am very excited how it let's me use Nix even more. During installation I encountered two problems.

Edit config: Nix daemon

The installer asked whether I would want to edit the default config – of course I had to have a look! I enabled services.nix-daemon.enable = true; and services.nix-daemon.enableSocketListener = true; because I was excited to get an auto-upgrading Nix.

The problem with that was that the install then failed because the proper users that the launch daemon requires were not setup yet. I was then uncertain whether this broke something important and removed Nix and nix-darwin completely and redid the install.

Is it indeed a problem when the install aborts like this or could I have just continued? If it is a problem, would it make sense to make a change to the installer to work around this issue?

Warnings for root channels

After the install I got warnings that /nix/var/nix/profiles/per-user/root/channels did not exist, which was true. I'm not sure what this is used for; is it for multi-user installs? I'm using Nix 2.1.2 with the single-user install.

I fixed it by setting the path like so:

nix.nixPath =
    [ "darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
      "darwin=$HOME/.nix-defexpr/channels/darwin"
      "$HOME/.nix-defexpr/channels"
    ];

Should this be the default instead of https://github.com/LnL7/nix-darwin/blob/master/modules/nix/default.nix#L318 now that Nix has changed back to default to single-user installs?

So I got chunkwm working with nix-darwin thanks to the provided module, but I had one hickup.

https://github.com/LnL7/nix-darwin/blob/master/modules/services/chunkwm.nix#L115

The rc file that is created uses the nix-darwin etc environment hook. However, these files are always created with 444 (read only) with the writeText mechanism that backs it. Unfortunately, chunkwm tries to execute this file, and fails, causing it to start without actually applying the settings.

I'd write a pull myself but i'm not sure how you feel the solution should look. Should we just add an isExecutable property to the module? Should it apply to all octets, or just the owner one?

I use Emacs and fish, which might be a nice complement to lnl.nix's Vim and zsh config.

The readme is pretty basic at the moment. What should be added?

When I set programs.bash.enableCompletion = true;, it adds 0.8s to my login time, regardless of whether the shell is interactive or not. Annoying enough that now I just disable it.

Running darwin-rebuild switch after updating this morning, I got this error.

writing defaults...
setting up user launchd services...
setting up accessibility programs...
Error: attempt to write a readonly database

I'm not sure what I did with my installation, but whenever I darwin-rebuild {switch|build} I now need to set NIX_REMOTE= or else I get the following error:

building the system configuration...
error: couldn't change to directory of ‘/nix/var/nix/daemon-socket/socket’: No such file or directory
(use ‘--show-trace’ to show detailed location information)

(the trace is not useful)

I don't know if this is related to the problem I'm seeing now where /etc/static no longer updates after a rebuild. I'll dig into this further and try to debug it myself, but was wondering if something about how my configuration is broken is obvious to you.

Basic sanity check: https://travis-ci.org/LnL7/nix-darwin/builds/203187490

• use SUDO_USER/SUDO_UID instead of 2 separate scripts
• deprecate launchd.user.agents, system agents run as the current user and actual per-user agents are not supported at the moment anyway
• move ~/Applications, doesn't make much sense to put this in a home directory
• defaults write?

I've got a partially functioning version locally, but it's still very much in flux.

It would be fantastic if environment variables were set globally, not just for bash/zsh/etc. Unfortunately, Apple has made this extremely difficult.

Over the years/versions, environment variables have been set via /etc/environment, /etc/launchd.conf, and /Library/LaunchAgents/environment.plist (with probably some others along the way). I don’t think any of these work in Sierra (but I could be wrong). Maybe the last would work with defaults write com.apple.dt.Xcode UseSanitizedBuildSystemEnvironment -bool NO, judging by some googling.

This also seems to indicate that $PATH is going to get trounced no matter what.

Anyway … trying all of these, or maybe even selectively choosing one based on OS X version, or something would be great.

home-manager provides an overlay defined in the repository to have nix install it. I think that's pretty neat, and it would be great if a similar option would be provided here.

I'd like to add support for modifier key configuration and I'm looking for some input on how to go about it.

The first challenge is that the configuration is stored per keyboard which is identified by the USB vendor and product IDs. This can be somewhat assumed for the internal keyboards on apple laptops since they all have the same vendor ID from what I've found so far. Users might want to configure for other keyboards though, should this require them to provide the IDs? Provide an option for applying to all keyboards by iterating through ioreg?

The mapping is the second question. The actual configuration I'm using consists of

(
        {
        HIDKeyboardModifierMappingDst = 30064771296;
        HIDKeyboardModifierMappingSrc = 30064771129;
    }
)

which translates to mapping caps lock to control but is rather opaque. The values required are described in https://developer.apple.com/library/content/technotes/tn2450/_index.html and system preferences exposes 4 keys with 5 options each. Would it be best to have the user provide the raw values? Have the options more closely follow the system preferences dialog and hide the numeric values from the end user?

I'm interested in working up a PR for this myself but am inexperienced enough with nix to feel I need some pointers to do it well. Any info and suggestions appreciated!

(Part of the effort to kill this line of code dead.)

The command mentioned on https://nixos.org/wiki/Nix_on_OS_X#Configuration isn’t quite right, but something similar to it would be useful to add applications from /run/current-system/sw/Applications to /Applications (and similar for ~/Applications from user profiles).

Maybe behind a configuration option like system.launchpad.enable = true;

Doing:

> $(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild edit

results in:

dyld: Library not loaded: /usr/lib/system/libsystem_network.dylib
  Referenced from: /nix/store/yvkvyvc36l2dmwl22vajc8bdg7fv3p6b-Libsystem-osx-10.11.6/lib/libSystem.B.dylib

Notice rebuild and switch actually work fine. Same issue also with a direct invocation of darwin-rebuild. Any idea of what I might be doing wrong?

I've mostly moved from Homebrew to nix. So far, so good. I'm missing the ability to install casks, though, for important stuff like Anki, MacTex, and so forth. It seems like these should be some pretty easy expressions to write.

Is this a good channel for them? What should they be called? Where should they go?

There are a couple of hacky install lines that set up the system path correctly under NixOS:

https://github.com/NixOS/nixpkgs/blob/1ac5869907a9bbe9bb361e9d1a248bbb848c8544/nixos/modules/config/system-path.nix#L133-L154

The main one that's useful to me is the install-info one. I also suspect the GTK theming could be useful for some people.

I would like to present to you my case here.

So I am recovering my system from upgrading to Mojave, which means that I have a ton of broken binaries in my $PATH. The plan was to use an unupgraded Mac to build a bunch of useful derivations from the fixes nixpkgs tree and then use it as a binary cache for obtaining various bootstrap-level tools. I manually fixed nix first and then decided to configure everything else (the working nixpkgs commit and the substituter for bootstrap packages) using nix-darwin.

The problem is that activation scripts are using, for example, grep and I had gnugrep in my $PATH (because I like gnugrep and don’t like grep from macOS), but since this grep was broken, the activation scripts were crashing in multiple places and I spent quite a lot of time figuring out what was going on.

Wouldn’t it be better to bring everything we need for installation and activation with us? Or, at least, clean up $PATH by resetting it to the macOS default, so that we know exactly which tools we are using?

I imagine they could be linked into ~/Library/Fonts/ in much the same way the Applications are linked into ~/Applications.

They seem to consistently be in /fonts, but there are a bunch of directories in there, and I’m not sure what should be in ~/Library/Fonts.

I'm trying to install TexLive using texlive.combine, following the guide, but darwin-rebuild fails:

ignat@MBP-Ignat> darwin-rebuild switch --show-trace
building the system configuration...
error: while evaluating the attribute ‘buildCommand’ of the derivation ‘darwin-system-17.03pre99424.92b1e39’ at /Users/ignat/.nix-defexpr/darwin/modules/system/default.nix:79:7:
while evaluating the attribute ‘pkgs’ of the derivation ‘system-path’ at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/pkgs/build-support/trivial-builders.nix:7:14:
while evaluating anonymous function at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/types.nix:180:14, called from undefined position:
while evaluating the attribute ‘value’ at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/modules.nix:335:27:
while evaluating anonymous function at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/modules.nix:327:32, called from /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/modules.nix:327:19:
while evaluating ‘check’ at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/types.nix:155:15, called from /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/modules.nix:328:10:
while evaluating ‘isStorePath’ at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/strings.nix:442:17, called from /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/types.nix:155:36:
cannot coerce a function to a string, at /nix/store/mf298wc4z6k1592x04h8gk32z743dzg8-nixpkgs-17.03pre99424.92b1e39/nixpkgs/lib/strings.nix:442:44
[1] ignat@MBP-Ignat>

Here's the related fragment of my darwin-configuration.nix:

environment.systemPackages = with pkgs; [
  # ...
  texlive.combine {
    inherit (texlive) scheme-basic;
  }
];

Not sure if it's a bug in nix-darwin or nixpkgs, but at least it used to work on nixos.

NixOS supports enabling the gnupg agent in configuration.nix, so I figure nix-darwin should as well.