zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions 1 Activity

Improve nix settings for sandboxed workspaces
All checks were successful
Check Flake / check-flake (push) Successful in 1m15s
Details

Browse Source
This commit is contained in:
Zuckerberg
2026-02-14 11:29:02 -08:00
parent 99ef62d31a
commit 3d08a3e9bc
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
common/sandboxed-workspace/base.nix
View File

@@ -114,6 +114,7 @@ in
# Enable flakes # Enable flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "googlebot" ];
# Make nixpkgs available in NIX_PATH and registry (like the NixOS ISO) # Make nixpkgs available in NIX_PATH and registry (like the NixOS ISO)
# This allows `nix-shell -p`, `nix repl '<nixpkgs>'`, etc. to work # This allows `nix-shell -p`, `nix repl '<nixpkgs>'`, etc. to work

3
common/sandboxed-workspace/incus.nix
View File

@@ -32,6 +32,9 @@ let
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# Incus containers don't support the kernel features nix sandbox requires
nix.settings.sandbox = false;
environment.systemPackages = [ environment.systemPackages = [
(lib.hiPrio (pkgs.writeShellScriptBin "claude" '' (lib.hiPrio (pkgs.writeShellScriptBin "claude" ''
exec ${pkgs.claude-code}/bin/claude --dangerously-skip-permissions "$@" exec ${pkgs.claude-code}/bin/claude --dangerously-skip-permissions "$@"