Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Assert to catch non-existent profiles at nix build time

Browse Source
This commit is contained in:
Grimmauld 2024-10-18 13:59:49 +02:00
parent 0fc6f9d53b
commit 9c7828fae6
Signed by: Grimmauld
GPG Key ID: C2946668769F91FB
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/tooling/apparmor/apparmor-d-module.nix
View File

@ -5,7 +5,7 @@
...
}:
let
inherit (lib) mkIf mapAttrs;
inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile;
cfg = config.security.apparmor_d;
apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
@ -26,7 +26,11 @@ let
security.apparmor.policies = mapAttrs (name: value: {
enable = value != "disable";
enforce = value == "enforce";
profile = ''include "${apparmor-d}/etc/apparmor.d/${name}"'';
profile = let
file = "${apparmor-d}/etc/apparmor.d/${name}";
in
assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";
''include "${file}"'';
}) cfg.profiles;
environment.systemPackages = [ apparmor-d ];