fix cert bundle for services.nix-daemon

modules/nix/default.nix

@@ -46,12 +46,12 @@ in
 
     nix = {
 
-      package = mkOption {
+      profile = mkOption {
         type = types.path;
         default = "/nix/var/nix/profiles/default";
         defaultText = "pkgs.nix";
         description = ''
-          This option specifies the profile or Nix package instance to use throughout the system.
+          This option specifies the profile that contains the Nix package instance to use throughout the system.
         '';
       };
 
@@ -335,7 +335,7 @@ in
       }
 
       // optionalAttrs cfg.distributedBuilds {
-        NIX_BUILD_HOOK = "${cfg.package}/libexec/nix/build-remote.pl";
+        NIX_BUILD_HOOK = "${cfg.profile}/libexec/nix/build-remote.pl";
         NIX_REMOTE_SYSTEMS = "/etc/nix/machines";
         NIX_CURRENT_LOAD = "/run/nix/current-load";
       };

modules/services/nix-daemon.nix

@@ -38,7 +38,7 @@ in
     '';
 
     launchd.daemons.nix-daemon = {
-      serviceConfig.Program = "${config.nix.package}/bin/nix-daemon";
+      serviceConfig.Program = "${config.nix.profile}/bin/nix-daemon";
       serviceConfig.KeepAlive = true;
       serviceConfig.ProcessType = "Background";
       serviceConfig.LowPriorityIO = config.nix.daemonIONice;
@@ -46,7 +46,8 @@ in
       serviceConfig.SoftResourceLimits.NumberOfFiles = 4096;
 
       serviceConfig.EnvironmentVariables = config.nix.envVars
-        // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
+        # // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
+        // { SSL_CERT_FILE = "${config.nix.profile}/etc/ssl/certs/ca-bundle.crt"; }
         // { TMPDIR = "${cfg.tempDir}"; };
     };
   };