diff --git a/common/tooling/apparmor/apparmor-d-module.nix b/common/tooling/apparmor/apparmor-d-module.nix
index a526bcc..3ec6ee2 100644
--- a/common/tooling/apparmor/apparmor-d-module.nix
+++ b/common/tooling/apparmor/apparmor-d-module.nix
@@ -26,16 +26,9 @@ let
         description = "whether to enforce this profile";
       };
 
-      path = mkOption {
-        type = types.nonEmptyStr;
-        description = "path of the apparmor profile within apparmor.d, as copied from github";
-        example = "apparmor.d/profiles-s-z/vesktop";
-      };
-
       name = mkOption {
         type = types.nonEmptyStr;
-        description = "Name of the profile as placed in /etc/apparmor.d. Default is the profile name as given in apparmor.d.";
-        default = last (path.subpath.components config.path);
+        description = "name of the apparmor profile within apparmor.d";
         example = "vesktop";
       };
       };
@@ -54,21 +47,23 @@ let
   
   config = mkIf (cfg.enable) {
     security.apparmor.packages = [ apparmor-d ];
-    security.apparmor.policies = mergeAttrsList (map (p: if (builtins.isString p) then (let name = last (path.subpath.components p); in {
-      "${name}" = {
+    security.apparmor.policies = mergeAttrsList (map (p: if (builtins.isString p) then {
+      "${p}" = {
         enable = true;
         enforce = true;
         profile = ''
-          include "${apparmor-d}/etc/${p}"
+          include "${apparmor-d}/etc/apparmor.d/${p}"
         '';
       };
-    }) else {
+    } else {
       ${p.name} = {
         inherit (p) enable enforce;
         profile = ''
-          include "${apparmor-d}/etc/${p.path}"
+          include "${apparmor-d}/etc/apparmor.d/${p.name}"
         '';
       };
     }) cfg.profiles );
+
+    environment.systemPackages = [ apparmor-d ];
   };
 }
diff --git a/common/tooling/apparmor/apparmor-d-package.nix b/common/tooling/apparmor/apparmor-d-package.nix
index 41e3ca1..41ae8e7 100644
--- a/common/tooling/apparmor/apparmor-d-package.nix
+++ b/common/tooling/apparmor/apparmor-d-package.nix
@@ -1,5 +1,5 @@
-{ stdenv, fetchFromGitHub }: 
-stdenv.mkDerivation rec {
+{ buildGoModule, fetchFromGitHub, git, lib }: 
+buildGoModule {
   pname = "apparmor-d";
   version = "unstable-2024-10-12";
 
@@ -9,16 +9,35 @@ stdenv.mkDerivation rec {
     repo = "apparmor.d";
     hash = "sha256-Yx9UJdmBqjMSPVwFyvidQXfQ4pdEKaDMfvi7gF6GSVc=";
   };
+
+  vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
   
   doCheck = false;
-  dontBuild = true;
+  #dontBuild = true;
+
+  nativeBuildInputs = [ git ];
 
   patches = [
     ./apparmor-d-paths.patch
   ];
 
-  installPhase = ''
-    mkdir -p $out/etc
-    cp -r apparmor.d $out/etc
+  postInstall = ''
+    mkdir -p $out/etc build/apparmor.d
+    
+    rm $out/bin/cmd $out/bin/aa
+    mv $out/bin/prebuild build/prebuild
+    
+    DISTRIBUTION=arch ./build/prebuild --complain --abi 4 # fixme: replace with nixos support once available
+    
+    mv .build/apparmor.d $out/etc
   '';
+
+  meta = {
+    description = "Full set of AppArmor profiles (~ 1500 profiles) ";
+    homepage = "https://github.com/roddhjav/apparmor.d";
+    license = lib.licenses.gpl2Only;
+    mainProgram = "aa-log";
+    maintainers = with lib.maintainers; [ grimmauld ];
+    platforms = lib.platforms.linux;
+  };
 }
diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix
index bb47b16..ffbb553 100644
--- a/common/tooling/apparmor/default.nix
+++ b/common/tooling/apparmor/default.nix
@@ -21,37 +21,39 @@ in
     security.apparmor_d = {
       enable = true;
       profiles = [
-        "apparmor.d/profiles-s-z/vesktop"
-        "apparmor.d/profiles-s-z/speech-dispatcher"
-        "apparmor.d/profiles-s-z/thunderbird-glxtest"
-        "apparmor.d/groups/browsers/firefox"
-        "apparmor.d/profiles-m-r/pass"
-        "apparmor.d/profiles-s-z/spotify"
-        "apparmor.d/profiles-s-z/thunderbird"
-        "apparmor.d/groups/freedesktop/xdg-open"
-        "apparmor.d/groups/children/child-open-any"
-        "apparmor.d/groups/children/child-open"
-        "apparmor.d/groups/browsers/firefox-glxtest"
+        "vesktop"
+        "speech-dispatcher"
+        "thunderbird-glxtest"
+        # "firefox"
+        "firefox.apparmor.d"
+        "pass"
+        "spotify"
+        # "thunderbird"
+        "thunderbird.apparmor.d"
+        "xdg-open"
+        "child-open-any"
+        "child-open"
+        "firefox-glxtest"
 #      {
 #        enable = true;
 #        enforce = true;
-#        path = "apparmor.d/profiles-g-l/gamemoded";
+#        name = "gamemoded";
 #      };
         {
           enable = false;
           enforce = false;
           # somehow this has conflicting imports and i have no clue how to fix it
-          path = "apparmor.d/profiles-m-r/pkexec";
+          name = "pkexec";
         }
         {
           enable = true;
           enforce = false;
-          path = "apparmor.d/groups/freedesktop/xdg-mime";
+          name = "xdg-mime";
         }
         {
           enable = true;
           enforce = false;
-          path = "apparmor.d/profiles-m-r/mimetype";
+          name = "mimetype";
         }      
       ];
     };