sops: fix config for darwin

common/nix-settings.nix

@@ -21,7 +21,6 @@ in
   sops = {
     secrets."nix/access-tokens" = {
       owner = "root";
-      group = "users";
       mode = "0440";
       sopsFile = ./secrets.yaml;
     };
@@ -30,7 +29,8 @@ in
         access-tokens = ${config.sops.placeholder."nix/access-tokens"}
       '';
       owner = "root";
-      group = "users";
+      # secret needs to be readable by users (nix client) as well as nix-daemon (running as root)
+      group = if pkgs.stdenv.isDarwin then "localaccounts" else "users";
       mode = "0440";
     };
   };