about summary refs log tree commit diff stats
path: root/sys/svcs/nix
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2024-01-13 21:59:37 +0100
committerSoispha <soispha@vhack.eu>2024-01-13 21:59:37 +0100
commit2631fac04b5f32d47aabceafb48753b4cf511c41 (patch)
tree2ce2222aabcee7f2390913208c2ed7cbeed72db2 /sys/svcs/nix
parentbuild(treewide): Update shell library (diff)
downloadnixos-config-2631fac04b5f32d47aabceafb48753b4cf511c41.tar.gz
nixos-config-2631fac04b5f32d47aabceafb48753b4cf511c41.zip
fix(sys/svcs/nix): Improve some default configuration
Diffstat (limited to '')
-rw-r--r--sys/svcs/nix/default.nix8
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/svcs/nix/default.nix b/sys/svcs/nix/default.nix
index 11bae56f..7e5c8388 100644
--- a/sys/svcs/nix/default.nix
+++ b/sys/svcs/nix/default.nix
@@ -34,12 +34,18 @@ in {
         #"ca-derivations"
       ];
 
+      use-xdg-base-directories = true;
+
       #substituters = ["https://cache.ngi0.nixos.org/"];
       #trusted-public-keys = ["cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="];
-      fallback = true; # TODO: what does this do?
+
+      fallback = true; # Build from source, if binary can't be substituted
 
       keep-failed = true; # keep failed tmp build dirs
       pure-eval = true; # restrict file system and network access to hash
+
+      sandbox-fallback = false; # Don't disable the sandbox, if the kernel doesn't support
+                                # it
     };
   };
 }