Add custom system-manager module

README.md

@@ -216,6 +216,49 @@ This configuration, for example, would be compatible with Determinate Nix:
 }
 ```
 
+## System Manager
+
+> [!IMPORTANT]
+> Determinate's system-manager module does *not* install [Determinate Nix][det-nix] for you; consult our [installation instructions][docs] for that.
+> Instead, this module ensures that your system-manager configuration is compatible with Determinate Nix and ensures the nix daemon is managed through
+> system-manager.
+
+If you use [System Manager] to manage the /etc configuration of your Linux system, add the determinate flake as an input and import the `systemModules.default` module within your system config:
+
+``` nix
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    system-manager.url = "github:numtide/system-manager";
+    determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/3";
+  };
+
+  outputs = { self, ... }@inputs {
+    systemConfigs.default = inputs.system-manager.lib.makeSystemConfig {
+      system = "x86_64-linux";
+      modules = [
+        # Load the Determinate module
+        inputs.determinate.systemModules.default
+      ];
+    };
+  };
+}
+```
+
+Then follow these migration steps:
+
+1. Run `nix run 'github:numtide/system-manager' -- switch --flake . --sudo` on your dotfiles to pick up the new configuration. Ensure you see the following errors:
+
+```
+[2026-03-07T19:32:25Z ERROR system_manager_engine::activate::etc_files] Error while trying to link directory /etc/.system-manager-static/systemd/system: Unmanaged path already exists in filesystem, please remove it and run system-manager again: /etc/systemd/system/determinate-nixd.socket
+[2026-03-07T19:32:25Z ERROR system_manager_engine::activate::etc_files] Error while trying to link directory /etc/.system-manager-static/systemd/system: Unmanaged path already exists in filesystem, please remove it and run system-manager again: /etc/systemd/system/nix-daemon.service
+[2026-03-07T19:32:25Z ERROR system_manager_engine::activate::etc_files] Error while trying to link directory /etc/.system-manager-static/systemd/system: Unmanaged path already exists in filesystem, please remove it and run system-manager again: /etc/systemd/system/nix-daemon.socket
+```
+
+2. Move each file that failed to install to a safe backup location. E.g. `for f in determinate-nixd.socket nix-daemon{.service,.socket}; do mv "/etc/systemd/system/$f{,.backup}; done"`
+
+3. Rerun `nix run 'github:numtide/system-manager' -- switch --flake . --sudo`
+
 [actions]: https://github.com/features/actions
 [cache]: https://determinate.systems/posts/flakehub-cache-beta
 [configuring-determinate-nix]: https://docs.determinate.systems/determinate-nix#determinate-nix-configuration

flake.nix

@@ -80,6 +80,9 @@
 
       homeManagerModules.default = ./modules/home-manager/default.nix;
 
+      # System-manager module
+      systemModules.default = import ./modules/system-manager.nix inputs;
+
       nixosModules.default = import ./modules/nixos.nix inputs;
     };
 }

modules/system-manager.nix

@@ -0,0 +1,130 @@
+inputs:
+
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+let
+  cfg = config.determinate;
+
+  # Stronger than mkDefault (1000), weaker than mkForce (50) and the "default override priority"
+  # (100).
+  mkPreferable = lib.mkOverride 750;
+
+  # Stronger than the "default override priority", as the upstream module uses that, and weaker than mkForce (50).
+  mkMorePreferable = lib.mkOverride 75;
+
+  # The settings configured in this module must be generally settable by users both trusted and
+  # untrusted by the Nix daemon. Settings that require being a trusted user belong in the
+  # `restrictedSettingsModule` below.
+  commonNixSettingsModule =
+    {
+      config,
+      pkgs,
+      lib,
+      ...
+    }:
+    lib.mkIf cfg.enable {
+      nix.package = inputs.nix.packages."${pkgs.stdenv.system}".default;
+    };
+in
+{
+  imports = [
+    commonNixSettingsModule
+  ];
+
+  options.determinate = {
+    enable = lib.mkEnableOption "Determinate Nix" // {
+      default = true;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [
+      inputs.self.packages.${pkgs.stdenv.system}.default
+    ];
+
+    # NOTE(cole-h): Move the generated nix.conf to /etc/nix/nix.custom.conf, which is included from
+    # the Determinate Nixd-managed /etc/nix/nix.conf.
+    environment.etc."nix/nix.conf".target = "nix/nix.custom.conf";
+
+    systemd = {
+      services.nix-daemon = {
+        description = "Nix Daemon, with Determinate Nix superpowers.";
+        wantedBy = [ "multi-user.target" ];
+
+        unitConfig = {
+          Documentation = "man:nix-daemon https://determinate.systems";
+          RequiresMountsFor = [
+            "/nix/store"
+            "/nix/var"
+            "/nix/var/nix/db"
+          ];
+          ConditionPathIsReadWrite = [
+            "/nix/var/nix/daemon-socket"
+          ];
+        };
+
+        serviceConfig = {
+          ExecStart = [
+            "@${
+              inputs.self.packages.${pkgs.stdenv.system}.default
+            }/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
+          ];
+          KillMode = mkPreferable "process";
+          LimitNOFILE = mkMorePreferable 1048576;
+          LimitSTACK = mkPreferable "64M";
+          TasksMax = mkPreferable 1048576;
+        };
+      };
+
+      sockets = {
+        nix-daemon = {
+          description = "Determinate Nix Daemon Socket";
+          wantedBy = [ "sockets.target" ];
+          before = [ "multi-user.target" ];
+
+          unitConfig = {
+            RequiresMountsFor = [
+              "/nix/store"
+              "/nix/var"
+              "/nix/var/nix/db"
+            ];
+            ConditionPathIsReadWrite = [
+              "/nix/var/nix/daemon-socket"
+            ];
+          };
+
+          socketConfig = {
+            FileDescriptorName = "nix-daemon.socket";
+            ListenStream = "/nix/var/nix/daemon-socket/socket";
+          };
+        };
+
+        determinate-nixd = {
+          description = "Determinate Nixd Daemon Socket";
+          wantedBy = [ "sockets.target" ];
+          before = [ "multi-user.target" ];
+
+          unitConfig = {
+            RequiresMountsFor = [
+              "/nix/store"
+              "/nix/var/determinate"
+            ];
+          };
+
+          socketConfig = {
+            Service = "nix-daemon.service";
+            FileDescriptorName = "determinate-nixd.socket";
+            ListenStream = "/nix/var/determinate/determinate-nixd.socket";
+            DirectoryMode = "0755";
+          };
+        };
+      };
+    };
+
+  };
+}