sebnyberg

Nix Setup for MacOS + ZScaler

These are my personal notes for estting up Nix with ZScaler.

Export certs as cert bundle

ZScaler eavesdrops on all communication, which is indistinguishable from a MITM attack.

Trust the cert in the KeyChain cert store. Then export the bundle to /etc/ssl/certs/ca-certificates.crt:

myypo

{
  config,
  lib,
  pkgs,
  ...
}: let
  nordVpnPkg = pkgs.callPackage ({
    autoPatchelfHook,
    buildFHSEnvChroot,
    dpkg,