diff options
Diffstat (limited to 'nix/modules')
| -rw-r--r-- | nix/modules/configuration.nix | 6 | ||||
| -rw-r--r-- | nix/modules/impermanence.nix | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index a2912ea..5b44fc4 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -259,6 +259,12 @@ apparmor = { enable = true; killUnconfinedConfinables = true; + packages = with pkgs; [ + apparmor-profiles + ]; + policies = { + firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; + }; }; pam.loginLimits = [ diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix index 3bb8f18..e8b4b6f 100644 --- a/nix/modules/impermanence.nix +++ b/nix/modules/impermanence.nix @@ -32,6 +32,10 @@ umount /btrfs_tmp '' else ""); + boot.initrd.luks.devices = (if config.monorepo.profiles.impermanence.enable then [ + { name = "crypted"; device = "/dev/disk/by-partlabel/disk-main-luks"; } + ] else []); + fileSystems = if (config.monorepo.profiles.impermanence.enable) then { "/persistent" = { neededForBoot = true; |