From 7680fa9e33a771e2ec7af8daf4fe0afbe0437f8c Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Sun, 5 Dec 2021 19:23:59 -0500
Subject: [PATCH] more hercules

---
 containers/hercules.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/containers/hercules.nix b/containers/hercules.nix
index 6bb5611..027427a 100644
--- a/containers/hercules.nix
+++ b/containers/hercules.nix
@@ -2,8 +2,9 @@
 
 # A separate container to run Hercules effects
 # https://docs.hercules-ci.com/hercules-ci/effects/
+#
+# TODO: Prevent access to local network, while allowing internet access
 {
-  # TODO: hercules ci cache here
   nix.binaryCachePublicKeys = [
     "hercules-ci.cachix.org-1:ZZeDl9Va+xe9j+KqdzoBZMFJHVQ42Uu/c/1/KMC5Lw0="
   ];
@@ -28,7 +29,8 @@
       ];
       services.hercules-ci-agent.enable = true;
       services.hercules-ci-agent.settings.concurrentTasks = 4;
-      services.hercules-ci-agent.settings.nixUserIsTrusted = lib.mkForce false;
+      nix.allowedUsers = [ "*" ];
+      nix.trustedUsers = [ "*" ];
 
       networking.firewall.allowedTCPPorts = [ ];
     };