diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7b3884b..f73594c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,6 +26,8 @@ jobs:
       uses: ./
       with:
         nix_path: ${{ env.nixpkgs_channel }}
+    - name: Test environment variables
+      run: ./test-env.sh
     - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
     - run: cat /etc/nix/nix.conf
     # cachix should be available and be able to configure a cache
diff --git a/install-nix.sh b/install-nix.sh
index 2b03e30..f8f87de 100755
--- a/install-nix.sh
+++ b/install-nix.sh
@@ -31,6 +31,7 @@ add_config() {
 add_config "show-trace = true"
 # Set jobs to number of cores
 add_config "max-jobs = auto"
+# TODO: is this still necessary if we set NIX_SSL_CERT_FILE below?
 if [[ $OSTYPE =~ darwin ]]; then
   add_config "ssl-cert-file = /etc/ssl/cert.pem"
 fi
@@ -70,8 +71,14 @@ installer_options=(
   --nix-extra-conf-file "$workdir/nix.conf"
 )
 
-# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported
+# Enable daemon on macOS and Linux systems with systemd, unless --no-daemon is specified
 if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then
+  use_daemon() { true; }
+else
+  use_daemon() { false; }
+fi
+
+if use_daemon; then
   installer_options+=(
     --daemon
     --daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')"
@@ -107,19 +114,70 @@ done
 
 sh "$workdir/install" "${installer_options[@]}"
 
-# Set paths
-echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
-# new path for nix 2.14
-echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
+# Configure the environment
+#
+# Adapted from the single- and multi-user scripts:
+#   single-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in
+#   multi-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in
+#
+# These scripts would normally be evaluated as part of the user's shell profile.
+# GitHub doesn't evaluate profiles or rc scripts by default, so we set up the environment manually.
+echo "::debug::Nix installed, setting up environment"
 
+# Export the path to Nix
 if [[ -n "${INPUT_NIX_PATH:-}" ]]; then
   echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
 fi
 
-# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197
+# Set temporary directory if not already set
+# Fixes https://github.com/cachix/install-nix-action/issues/197
 if [[ -z "${TMPDIR:-}" ]]; then
   echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV"
 fi
 
+# Determine NIX_LINK path (XDG spec, newer XDG-compliant, or legacy)
+if [[ -n "${XDG_STATE_HOME:-}" && -e "$XDG_STATE_HOME/nix/profile" ]]; then
+  NIX_LINK="$XDG_STATE_HOME/nix/profile"
+elif [[ -e "$HOME/.local/state/nix/profile" ]]; then
+  NIX_LINK="$HOME/.local/state/nix/profile"
+else
+  NIX_LINK="$HOME/.nix-profile"
+fi
+
+# Set Nix profiles
+echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >> "$GITHUB_ENV"
+
+# Set NIX_SSL_CERT_FILE if not already configured
+if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
+  # Check common SSL certificate file locations
+  if [[ -f "/etc/ssl/certs/ca-certificates.crt" ]]; then # NixOS, Ubuntu, Debian, Gentoo, Arch
+    echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >> "$GITHUB_ENV"
+  elif [[ $OSTYPE =~ darwin && -f "/etc/ssl/cert.pem" ]]; then # macOS
+    echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >> "$GITHUB_ENV"
+  elif [[ -f "/etc/ssl/ca-bundle.pem" ]]; then # openSUSE Tumbleweed
+    echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >> "$GITHUB_ENV"
+  elif [[ -f "/etc/ssl/certs/ca-bundle.crt" ]]; then # Old NixOS
+    echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV"
+  elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS
+    echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >> "$GITHUB_ENV"
+  elif [[ -f "/usr/local/share/certs/ca-root-nss.crt" ]]; then # FreeBSD
+    echo "NIX_SSL_CERT_FILE=/usr/local/share/certs/ca-root-nss.crt" >> "$GITHUB_ENV"
+  elif [[ -f "/etc/pki/tls/cacert.pem" ]]; then # OpenELEC
+    echo "NIX_SSL_CERT_FILE=/etc/pki/tls/cacert.pem" >> "$GITHUB_ENV"
+  elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile
+    echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV"
+  elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile
+    echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV"
+  fi
+fi
+
+# Set paths based on the installation type
+if use_daemon; then
+  # Multi-user daemon install - add both paths
+  echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
+fi
+# Always add the user profile path
+echo "$NIX_LINK/bin" >> "$GITHUB_PATH"
+
 # Close the log message group which was opened above
 echo "::endgroup::"
diff --git a/test-env.sh b/test-env.sh
new file mode 100755
index 0000000..bdcccf7
--- /dev/null
+++ b/test-env.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+echo "=== Testing Nix Environment Variables ==="
+echo
+
+# Test NIX_PROFILES
+echo "NIX_PROFILES: ${NIX_PROFILES:-<not set>}"
+if [[ -n "${NIX_PROFILES:-}" ]]; then
+  echo "✓ NIX_PROFILES is set"
+else
+  echo "✗ NIX_PROFILES is not set"
+  exit 1
+fi
+
+# Test NIX_SSL_CERT_FILE
+echo "NIX_SSL_CERT_FILE: ${NIX_SSL_CERT_FILE:-<not set>}"
+if [[ -n "${NIX_SSL_CERT_FILE:-}" ]]; then
+  if [[ -f "$NIX_SSL_CERT_FILE" ]]; then
+    echo "✓ NIX_SSL_CERT_FILE is set and file exists"
+  else
+    echo "⚠ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE"
+  fi
+else
+  echo "⚠ NIX_SSL_CERT_FILE is not set (may be OK depending on system)"
+fi
+
+# Test PATH contains Nix paths
+echo "PATH: $PATH"
+if echo "$PATH" | grep -E -q "(\.nix-profile|nix/profile)"; then
+  echo "✓ PATH contains Nix paths"
+else
+  echo "✗ PATH does not contain Nix paths"
+  exit 1
+fi
+
+# Test NIX_PATH if set
+if [[ -n "${NIX_PATH:-}" ]]; then
+  echo "NIX_PATH: $NIX_PATH"
+  echo "✓ NIX_PATH is set"
+else
+  echo "NIX_PATH: <not set>"
+fi
+
+# Test TMPDIR
+echo "TMPDIR: ${TMPDIR:-<not set>}"
+if [[ -n "${TMPDIR:-}" ]]; then
+  echo "✓ TMPDIR is set"
+else
+  echo "⚠ TMPDIR is not set"
+fi
+
+echo
+echo "=== Testing Nix Command ==="
+if command -v nix >/dev/null 2>&1; then
+  echo "✓ nix command is available"
+  echo "Nix version: $(nix --version)"
+else
+  echo "✗ nix command is not available"
+  exit 1
+fi
+
+echo
+echo "=== Environment Setup Test Complete ==="