From 1e5e0c5764a96d1eb45e4cd6a51a3c1685b1ffd8 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Fri, 24 Mar 2023 15:58:28 +0100
Subject: [PATCH] inject nix conf in daemon

---
 hcl/builder.hcl | 1 +
 hcl/nix.conf    | 4 ++--
 hcl/pin.sh      | 1 -
 main.go         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hcl/builder.hcl b/hcl/builder.hcl
index 0d5a5ce..3b1252e 100644
--- a/hcl/builder.hcl
+++ b/hcl/builder.hcl
@@ -100,6 +100,7 @@ job "builder" {
       command = "nix-daemon"
       volumes = [ 
         "/var/cache/albatros/nix:/nix",
+        "local/nix.conf:/etc/nix/nix.conf",
         "local/pin.sh:/usr/local/bin/pin.sh"
       ]
     }
diff --git a/hcl/nix.conf b/hcl/nix.conf
index e89fc14..a10ba5e 100644
--- a/hcl/nix.conf
+++ b/hcl/nix.conf
@@ -3,7 +3,7 @@ trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDS
 max-jobs = auto
 cores = 0
 log-lines = 200
-filter-syscalls = false
-sandbox = false
+filter-syscalls = true
+sandbox = true
 experimental-features = nix-command flakes
 post-build-hook = /usr/local/bin/pin.sh
diff --git a/hcl/pin.sh b/hcl/pin.sh
index 5dbe92d..eca04cb 100644
--- a/hcl/pin.sh
+++ b/hcl/pin.sh
@@ -2,4 +2,3 @@
 set -euxo pipefail
 
 echo "hook on $DRV_PATH"
-echo "hook on $DRV_PATH" 1>&2
diff --git a/main.go b/main.go
index 46ce05f..1dfad43 100644
--- a/main.go
+++ b/main.go
@@ -15,7 +15,7 @@ import (
 	"strings"
 )
 
-// Albatros
+// Albatros CI
 
 type GitUser struct {
 	Name     string `json:"name"`