From 3b2e272cb349e5b8c34e9fbcdf41bbe896b4d081 Mon Sep 17 00:00:00 2001
From: Noa Aarts <noa@voorwaarts.nl>
Date: Wed, 23 Oct 2024 15:56:19 +0200
Subject: [PATCH] feat: use sandbox

---
 hosts/lambdaos/configuration.nix | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/hosts/lambdaos/configuration.nix b/hosts/lambdaos/configuration.nix
index 30b0eb6..a747a8f 100644
--- a/hosts/lambdaos/configuration.nix
+++ b/hosts/lambdaos/configuration.nix
@@ -43,16 +43,14 @@
     };
   };
 
-  nix.sshServe = {
-    enable = true;
-    keys =
-      [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRZXNqs7FgVeTCt2ElOARt5f/bR1gjk5bS+zCJA6C1P root@nuOS"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7X17VovmxkwhKxIg795yO1Sf7dwO50pybMRlUDLLcA hydra@nuOS"
-      ];
-    write = true;
-  };
+  nix.settings = {
+    trusted-users = [ "noa" ];
+    sandbox = true;
+    show-trace = true;
 
+    system-features = [ "big-parallel" "kvm" "recursive-nix" ];
+    sandbox-paths = [ "/bin/sh=${pkgs.busybox-sandbox-shell.out}/bin/busybox" ];
+  };
 
   # Allow unfree packages
   nixpkgs.config = {