You can add a `# nix-sha256` comment to stack.yaml if you need it to work in restricted mode.
If the .nix files listed in the cache are full paths pointing at the store we get errors like this in restricted eval mode: error: access to path '/nix/store/...-cabal-simple.nix' is forbidden in restricted mode