<chapter xmlns="http://docbook.org/ns/docbook"
      xmlns:xlink="http://www.w3.org/1999/xlink"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
      xml:id="ch-env-variables">

<title>Environment Variables</title>

<para>To use Nix, some environment variables should be set.  In
particular, <envar>PATH</envar> should contain the directories
<filename><replaceable>prefix</replaceable>/bin</filename> and
<filename>~/.nix-profile/bin</filename>.  The first directory contains
the Nix tools themselves, while <filename>~/.nix-profile</filename> is
a symbolic link to the current <emphasis>user environment</emphasis>
(an automatically generated package consisting of symlinks to
installed packages).  The simplest way to set the required environment
variables is to include the file
<filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename>
in your <filename>~/.profile</filename> (or similar), like this:</para>

<screen>
source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen>

<section xml:id="sec-nix-ssl-cert-file">

<title><envar>NIX_SSL_CERT_FILE</envar></title>

<para>If you need to specify a custom certificate bundle to account
for an HTTPS-intercepting man in the middle proxy, you must specify
the path to the certificate bundle in the environment variable
<envar>NIX_SSL_CERT_FILE</envar>.</para>


<para>If you don't specify a <envar>NIX_SSL_CERT_FILE</envar>
manually, Nix will install and use its own certificate
bundle.</para>

<procedure>
  <step><para>Set the environment variable and install Nix</para>
    <screen>
$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
$ sh &lt;(curl https://nixos.org/nix/install)
</screen></step>

  <step><para>In the shell profile and rc files (for example,
  <filename>/etc/bashrc</filename>, <filename>/etc/zshrc</filename>),
  add the following line:</para>
<programlisting>
export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
</programlisting>
</step>
</procedure>

<note><para>You must not add the export and then do the install, as
the Nix installer will detect the presense of Nix configuration, and
abort.</para></note>

<section xml:id="sec-nix-ssl-cert-file-with-nix-daemon-and-macos">
<title><envar>NIX_SSL_CERT_FILE</envar> with macOS and the Nix daemon</title>

<para>On macOS you must specify the environment variable for the Nix
daemon service, then restart it:</para>

<screen>
$ sudo launchctl setenv NIX_SSL_CERT_FILE /etc/ssl/my-certificate-bundle.crt
$ sudo launchctl kickstart -k system/org.nixos.nix-daemon
</screen>
</section>

</section>
</chapter>