grimm-nixos-laptop/common/tooling/apparmor/bare.nix

{
  pkgs,
  config,
  lib,
  ...
}:
let
  inherit (config.grimmShared) enable tooling;
  inherit (lib) mkIf;
in
{
  config = mkIf (enable && tooling.enable && config.security.apparmor.enable) {
    services.dbus.apparmor = "enabled";
    security.auditd.enable = true;

    security.apparmor.enableCache = true;

    environment.systemPackages = with pkgs; [ apparmor-parser ];

    #    security.apparmor.aa-alias-manager.enable = false;

    security.audit.backlogLimit = 512;

  };
}
save 2024-12-21 21:53:10 +01:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}:`
			`let`
			`inherit (config.grimmShared) enable tooling;`
			`inherit (lib) mkIf;`
			`in`
			`{`
			`config = mkIf (enable && tooling.enable && config.security.apparmor.enable) {`
			`services.dbus.apparmor = "enabled";`
			`security.auditd.enable = true;`

			`security.apparmor.enableCache = true;`

			`environment.systemPackages = with pkgs; [ apparmor-parser ];`

			`# security.apparmor.aa-alias-manager.enable = false;`

			`security.audit.backlogLimit = 512;`

getting started with HM 2024-12-23 12:18:12 +01:00			`};`
save 2024-12-21 21:53:10 +01:00			`}`