diff --git a/makeDarwinImage/default.nix b/makeDarwinImage/default.nix
index 836fe93..8f4431d 100644
--- a/makeDarwinImage/default.nix
+++ b/makeDarwinImage/default.nix
@@ -5,7 +5,7 @@
 let
   diskSize = if diskSizeBytes < 40000000000 then throw "diskSizeBytes ${toString diskSizeBytes} too small for macOS" else diskSizeBytes;
 
-  installAssistant-fetched = import <nix/fetchurl.nix> {
+  installAssistant-fetched = fetchurl {
     url = "https://swcdn.apple.com/content/downloads/32/13/052-33049-A_UX3Z28TPLL/702vi772ckrytq1r67eli9zrgsu8jxxoqw/InstallAssistant.pkg";
     sha256 = "sha256-IEJAiqpMNyF053UrW8Lz2r8uk+0LjS8MIs2ERWKqgrw=";
   };
diff --git a/makeDarwinImage/module.nix b/makeDarwinImage/module.nix
index 635bb57..e17a6af 100644
--- a/makeDarwinImage/module.nix
+++ b/makeDarwinImage/module.nix
@@ -97,12 +97,26 @@ in
         Whether to open the sshPort and vncDisplayNumber on the networking.firewall
       '';
     };
+    installNix = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Whether to install Nix (it requires the machine to access the internet for the installation)
+      '';
+    };
+    darwinConfig = lib.mkOption {
+      type = lib.types.anything; # TODO figure out a better type
+      default = null;
+      description = lib.mdDoc ''
+	A darwinConfig to use for the VM (it may require to access the internet)
+      '';
+    };
   };
   config = let
     run-macos = cfg.package.makeRunScript {
       diskImage = cfg.package;
       extraQemuFlags = [ "-vnc ${cfg.vncListenAddr}:${toString cfg.vncDisplayNumber}" ] ++ cfg.extraQemuFlags;
-      inherit (cfg) threads cores sockets mem sshListenAddr sshPort;
+      inherit (cfg) threads cores sockets mem sshListenAddr sshPort installNix darwinConfig;
     };
   in lib.mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ (5900 + cfg.vncDisplayNumber) cfg.sshPort ];
@@ -117,7 +131,6 @@ in
           Type = "simple";
           ExecStart = "${lib.getExe run-macos}";
           Restart = "always";
-          DynamicUser = true;
           StateDirectory = baseNameOf cfg.dataDir;
           WorkingDirectory = cfg.dataDir;
         };
diff --git a/makeDarwinImage/run.nix b/makeDarwinImage/run.nix
index 6526468..8107b49 100644
--- a/makeDarwinImage/run.nix
+++ b/makeDarwinImage/run.nix
@@ -1,4 +1,6 @@
 { writeShellScriptBin
+, openssh
+, sshpass
 , makeDarwinImage
 , qemu_kvm
 , nix
@@ -14,9 +16,49 @@
 , mem ? "6G"
 , diskImage ? (makeDarwinImage {})
 , extraQemuFlags ? []
+, installNix ? true
+, darwinConfig ? null
 , lib
-}:
-writeShellScriptBin "run-macOS.sh" ''
+, writeShellScript
+}: let
+  darwinSystemDrv = builtins.unsafeDiscardOutputDependency darwinConfig.system.drvPath;
+  installNixRemotelyScript = writeShellScript "install-nix.sh" ''
+      if ! command -v nix &> /dev/null
+      then
+        echo "Nix not found, installing it..."
+        echo admin | sudo -S /bin/sh -c "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm"
+      fi
+  '';
+  installNixDarwinScript = writeShellScript "install-nix.sh" ''
+    DARWIN_CONFIG="$(nix build ${darwinSystemDrv}^out --print-out-paths --no-link)"
+    echo admin | sudo -S rm /etc/nix/nix.conf
+    echo admin | sudo -S $DARWIN_CONFIG/activate-user
+    echo admin | sudo -S $DARWIN_CONFIG/activate
+  '';
+  installNixScript = writeShellScript "install-nix.sh" ''
+    PATH=$PATH:${openssh}/bin:${sshpass}/bin
+    KEY_PATH=".ssh/id_ed25519"
+    [ ! -f $KEY_PATH ] && ssh-keygen -t ed25519 -f $KEY_PATH -N ""
+
+    while ! ssh-keyscan -p ${toString sshPort} 127.0.0.1
+    do
+      sleep 3
+      echo SSH not ready
+    done
+
+    echo "SSH ready"
+
+    sshpass -p admin ssh-copy-id -i $KEY_PATH -p ${toString sshPort} -o "StrictHostKeyChecking no" admin@127.0.0.1
+
+    ssh -p ${toString sshPort} -o "StrictHostKeyChecking no" -i $KEY_PATH admin@127.0.0.1 bash -s -- < ${installNixRemotelyScript}
+
+    ${lib.optionalString (! isNull darwinConfig) ''
+      NIX_SSHOPTS="-p ${toString sshPort} -i $KEY_PATH" nix-copy-closure --to admin@127.0.0.1 ${darwinSystemDrv}
+
+      ssh -p ${toString sshPort} -o "StrictHostKeyChecking no" -i $KEY_PATH admin@127.0.0.1 bash -s -- < ${installNixDarwinScript}
+    ''}
+  '';
+in writeShellScriptBin "run-macOS.sh" ''
   MY_OPTIONS="+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check"
 
   # In case Nix is not on the path, add it, but make it lower precedence than
@@ -51,6 +93,8 @@ writeShellScriptBin "run-macOS.sh" ''
     ${qemu_kvm}/bin/qemu-img create -b ${diskImage} -F qcow2 -f qcow2 ./macos-ventura.qcow2
   fi
 
+  ${lib.optionalString installNix "${installNixScript}&"}
+
   # Sometimes plugins like JACK will not be compatible with QEMU from this
   # flake, so unset LD_LIBRARY_PATH
   set -x