From 3b05cb46a1c737351e823151514066216704cca8 Mon Sep 17 00:00:00 2001
From: Ryan Cao <70191398+ryanccn@users.noreply.github.com>
Date: Sun, 28 Jan 2024 10:15:42 +0800
Subject: [PATCH] fix(nix): turn on `sandbox`

---
 modules/nix.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/nix.nix b/modules/nix.nix
index 1a9a482..76d6c52 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -19,11 +19,13 @@ in {
 
   nix.settings = {
     experimental-features = "nix-command flakes";
-    build-users-group = "nixbld";
-    trusted-users = ["ryanccn"];
     auto-optimise-store = true;
     extra-platforms = ["x86_64-darwin" "aarch64-darwin"];
 
+    sandbox = true;
+    build-users-group = "nixbld";
+    trusted-users = ["ryanccn"];
+
     extra-substituters = [
       "https://nix-community.cachix.org"
       "https://crane.cachix.org"