From 56337bd35424b6e9fd131b542b2b5f0c3fb8a1d4 Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@gmail.com>
Date: Fri, 19 Sep 2025 00:51:40 -0700
Subject: fix disko to actually install

---
 nix/flake.nix                 | 6 ++++++
 nix/modules/configuration.nix | 6 ++++++
 nix/modules/impermanence.nix  | 4 ++++
 3 files changed, 16 insertions(+)

(limited to 'nix')

diff --git a/nix/flake.nix b/nix/flake.nix
index 795ab4b..9102d40 100644
--- a/nix/flake.nix
+++ b/nix/flake.nix
@@ -36,6 +36,11 @@
       url = "github:Janik-Haag/nixos-dns";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    nixpak = {
+      url = "github:nixpak/nixpak";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
@@ -50,6 +55,7 @@
       nixos-dns,
       deep-research,
       impermanence,
+      nixpak,
       ...
   }
     @attrs:
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index a2912ea..5b44fc4 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -259,6 +259,12 @@
     apparmor = {
   	  enable = true;
   	  killUnconfinedConfinables = true;
+      packages = with pkgs; [
+        apparmor-profiles
+      ];
+      policies = {
+        firefox.path = "${pkgs.apparmor-profiles}/share/apparmor/extra-profiles/firefox";
+      };
     };
 
     pam.loginLimits = [
diff --git a/nix/modules/impermanence.nix b/nix/modules/impermanence.nix
index 3bb8f18..e8b4b6f 100644
--- a/nix/modules/impermanence.nix
+++ b/nix/modules/impermanence.nix
@@ -32,6 +32,10 @@
     umount /btrfs_tmp
   '' else "");
 
+  boot.initrd.luks.devices = (if config.monorepo.profiles.impermanence.enable then [
+    { name = "crypted"; device = "/dev/disk/by-partlabel/disk-main-luks"; }
+  ] else []);
+
   fileSystems = if (config.monorepo.profiles.impermanence.enable) then {
     "/persistent" = {
       neededForBoot = true;
-- 
cgit v1.3