fix disko to actually install

3 files changed, 16 insertions, 0 deletions

diff --git a/nix/flake.nix b/nix/flake.nix
index 795ab4b..9102d40 100644
--- a/nix/flake.nix
+++ b/nix/flake.nix
@@ -36,6 +36,11 @@
       url = "github:Janik-Haag/nixos-dns";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    nixpak = {
+      url = "github:nixpak/nixpak";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
@@ -50,6 +55,7 @@
       nixos-dns,
       deep-research,
       impermanence,
+      nixpak,
       ...
   }
     @attrs:
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index a2912ea..5b44fc4 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -259,6 +259,12 @@
     apparmor = {
   	  enable = true;
   	  killUnconfinedConfinables = true;
+      packages = with pkgs; [
+        apparmor-profiles
+      ];
+      policies = {
+        firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox";
+      };
     };
 
     pam.loginLimits = [
diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix
index 3bb8f18..e8b4b6f 100644
--- a/nix/modules/impermanence.nix
+++ b/nix/modules/impermanence.nix
@@ -32,6 +32,10 @@
     umount /btrfs_tmp
   '' else "");
 
+  boot.initrd.luks.devices = (if config.monorepo.profiles.impermanence.enable then [
+    { name = "crypted"; device = "/dev/disk/by-partlabel/disk-main-luks"; }
+  ] else []);
+
   fileSystems = if (config.monorepo.profiles.impermanence.enable) then {
     "/persistent" = {
       neededForBoot = true;