diff --git a/common/default.nix b/common/default.nix
index 2be6122..59b4765 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -13,6 +13,7 @@ in
   imports = [
     ./packages.nix
     ./nitrokey.nix
+    ./nix-settings.nix
   ];
 
   services.davfs2.enable = true;
@@ -221,27 +222,7 @@ in
   # Enable all sysrq functions (useful to recover from some issues):
   boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)
 
-  nix = {
-    # expose all flake inputs through nix Path and registry
-    registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // {
-      nixpkgs.flake = inputs.nixpkgs;
-    };
-    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
-    # keep build-time deps around for offline-rebuilding
-    settings = {
-      # keep around all inputs necessary for offline-rebuilding the system
-      keep-outputs = true;
-      keep-derivations = true;
-      trusted-users = [ "spiollinux" ];
-      experimental-features = [
-        "nix-command"
-        "flakes"
-        "repl-flake"
-      ];
-      # use all cores for building
-      cores = 0;
-    };
-  };
+  nix.settings.trusted-users = [ "spiollinux" ];
   # override tmpdir for daemon
   #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
 
diff --git a/common/nix-settings.nix b/common/nix-settings.nix
new file mode 100644
index 0000000..eb8555d
--- /dev/null
+++ b/common/nix-settings.nix
@@ -0,0 +1,34 @@
+# needs to be kept compatible to both NixOS and nix-darwin
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  inputs = config.inputInjection.flake-inputs;
+  unstable = inputs.nixos-unstable;
+in
+{
+  nix = {
+    # expose all flake inputs through nix Path and registry
+    registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // {
+      nixpkgs.flake = inputs.nixpkgs;
+    };
+    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
+  };
+  nix.settings = builtins.mapAttrs (_: lib.mkDefault) {
+    # keep around all inputs necessary for offline-rebuilding the system
+    keep-outputs = true;
+    keep-derivations = true;
+    trusted-users = [ "spiollinux" ];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+      "repl-flake"
+    ];
+    # use all cores for building
+    cores = 0;
+  };
+}
diff --git a/darwin/configuration.nix b/darwin/configuration.nix
index 2a999ca..779ab1c 100644
--- a/darwin/configuration.nix
+++ b/darwin/configuration.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 
 {
+  imports = [ ../common/nix-settings.nix ];
+  nix.settings.trusted-users = [ "os" ];
   # List packages installed in system profile. To search by name, run:
   # $ nix-env -qaP | grep wget
   environment.systemPackages = [ pkgs.vim ];
diff --git a/flake.nix b/flake.nix
index 21df996..022a7e0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -112,7 +112,10 @@
         ];
       };
       darwinConfigurations."OS-MacBook-Pro" = nix-darwin.lib.darwinSystem {
-        modules = [ ./darwin/configuration.nix ];
+        modules = [
+          ./darwin/configuration.nix
+          inputInjection
+        ];
       };
       homeConfigurations = {
         spiollinux-desktop = mkHomeManager "desktop" "spiollinux" systems.x86_64-linux;