diff options
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/flake.nix | 6 | ||||
| -rw-r--r-- | nix/modules/configuration.nix | 6 | ||||
| -rw-r--r-- | nix/modules/impermanence.nix | 4 |
3 files changed, 16 insertions, 0 deletions
diff --git a/nix/flake.nix b/nix/flake.nix index 795ab4b..9102d40 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -36,6 +36,11 @@ url = "github:Janik-Haag/nixos-dns"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixpak = { + url = "github:nixpak/nixpak"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -50,6 +55,7 @@ nixos-dns, deep-research, impermanence, + nixpak, ... } @attrs: diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index a2912ea..5b44fc4 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -259,6 +259,12 @@ apparmor = { enable = true; killUnconfinedConfinables = true; + packages = with pkgs; [ + apparmor-profiles + ]; + policies = { + firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox"; + }; }; pam.loginLimits = [ diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix index 3bb8f18..e8b4b6f 100644 --- a/nix/modules/impermanence.nix +++ b/nix/modules/impermanence.nix @@ -32,6 +32,10 @@ umount /btrfs_tmp '' else ""); + boot.initrd.luks.devices = (if config.monorepo.profiles.impermanence.enable then [ + { name = "crypted"; device = "/dev/disk/by-partlabel/disk-main-luks"; } + ] else []); + fileSystems = if (config.monorepo.profiles.impermanence.enable) then { "/persistent" = { neededForBoot = true; |