Revert "nix-daemon: default useSandbox to true"

This reverts commit d0a086770a1be8c1f3175c195587052c5a5bfe1c.

2 files changed, 4 insertions, 8 deletions

diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 68dc8e9b4bfc..8f9694bad8bd 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -30,10 +30,6 @@ has the following highlights: </para>
   <listitem>
     <para>PHP now defaults to PHP 7.1</para>
   </listitem>
-
-  <listitem>
-    <para>nix-daemon now uses sandboxing by default.</para>
-  </listitem>
 </itemizedlist>
 
 <para>The following new services were added since the last release:</para>
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index 4c7264f4ac83..7101cadfeed2 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -100,14 +100,14 @@ in
 
       useSandbox = mkOption {
         type = types.either types.bool (types.enum ["relaxed"]);
-        default = true;
+        default = false;
         description = "
           If set, Nix will perform builds in a sandboxed environment that it
           will set up automatically for each build.  This prevents
           impurities in builds by disallowing access to dependencies
-          outside of the Nix store. It doesn't affect derivation
-          hashes, so changing this option will not trigger a rebuild
-          of packages.
+          outside of the Nix store. This isn't enabled by default for
+          performance. It doesn't affect derivation hashes, so changing
+          this option will not trigger a rebuild of packages.
         ";
       };