diff --git a/modules/home-environment.nix b/modules/home-environment.nix
index 59497ec4a971..773d8a7926cd 100644
--- a/modules/home-environment.nix
+++ b/modules/home-environment.nix
@@ -474,6 +474,14 @@ in
       '';
     };
 
+    home.buildEnvWithNoChroot = mkEnableOption ''
+      Sets <code>__noChroot = true</code> on select <code>buildEnv</code>
+      derivations that assemble large numbers of paths, as well the activation
+      script derivations. This may be used to avoid sandbox failures on Darwin,
+      see https://github.com/NixOS/nix/issues/4119 and the <code>sandbox</code>
+      option in <command>man nix.conf</command>.
+    '';
+
     home.preferXdgDirectories = mkEnableOption "" // {
       description = ''
         Whether to make programs use XDG directories whenever supported.
@@ -701,7 +709,7 @@ in
         )
         + optionalString (!cfg.emptyActivationPath) "\${PATH:+:}$PATH";
 
-        activationScript = pkgs.writeShellScript "activation-script" ''
+        activationScript = (pkgs.writeShellScript "activation-script" ''
           set -eu
           set -o pipefail
 
@@ -718,9 +726,11 @@ in
           fi
 
           ${activationCmds}
-        '';
+        '').overrideAttrs (old: {
+          __noChroot = cfg.buildEnvWithNoChroot;
+        });
       in
-        pkgs.runCommand
+        (pkgs.runCommand
           "home-manager-generation"
           {
             preferLocalBuild = true;
@@ -742,9 +752,11 @@ in
             ln -s ${cfg.path} $out/home-path
 
             ${cfg.extraBuilderCommands}
-          '';
+          '').overrideAttrs (old: {
+            __noChroot = cfg.buildEnvWithNoChroot;
+          });
 
-    home.path = pkgs.buildEnv {
+    home.path = (pkgs.buildEnv {
       name = "home-manager-path";
 
       paths = cfg.packages;
@@ -755,6 +767,8 @@ in
       meta = {
         description = "Environment of packages installed through home-manager";
       };
-    };
+    }).overrideAttrs (old: {
+      __noChroot = cfg.buildEnvWithNoChroot;
+    });
   };
 }
diff --git a/modules/targets/darwin/fonts.nix b/modules/targets/darwin/fonts.nix
index 988c5edc9792..e1f905de3baf 100644
--- a/modules/targets/darwin/fonts.nix
+++ b/modules/targets/darwin/fonts.nix
@@ -4,11 +4,11 @@ with lib;
 
 let
   homeDir = config.home.homeDirectory;
-  fontsEnv = pkgs.buildEnv {
+  fontsEnv = (pkgs.buildEnv {
     name = "home-manager-fonts";
     paths = config.home.packages;
     pathsToLink = "/share/fonts";
-  };
+  }).overrideAttrs (old: { __noChroot = config.home.buildEnvWithNoChroot; });
   fonts = "${fontsEnv}/share/fonts";
   installDir = "${homeDir}/Library/Fonts/HomeManager";
 in {
diff --git a/modules/targets/darwin/linkapps.nix b/modules/targets/darwin/linkapps.nix
index 0d434234bbbf..871d33d69d79 100644
--- a/modules/targets/darwin/linkapps.nix
+++ b/modules/targets/darwin/linkapps.nix
@@ -4,11 +4,12 @@
   config = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin {
     # Install MacOS applications to the user environment.
     home.file."Applications/Home Manager Apps".source = let
-      apps = pkgs.buildEnv {
+      apps = (pkgs.buildEnv {
         name = "home-manager-applications";
         paths = config.home.packages;
         pathsToLink = "/Applications";
-      };
+      }).overrideAttrs
+        (old: { __noChroot = config.home.buildEnvWithNoChroot; });
     in "${apps}/Applications";
   };
 }