There is nix-darwin project that brings Nix configuration to describing many of macOS services.
To not enter password on every
darwin-rebuild switch with nix-darwin, you can create
/etc/sudoers.d/nix-darwin file with this content:
<home-user> ALL=(ALL:ALL) NOPASSWD: /run/current-system/sw/bin/darwin-rebuild (where
home-user is name of home directory)
Nix darwin generates files to