From 9c7828fae6fee8416adde14164b2a6fcf9f2593a Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Fri, 18 Oct 2024 13:59:49 +0200
Subject: [PATCH] Assert to catch non-existent profiles at nix build time

---
 common/tooling/apparmor/apparmor-d-module.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/common/tooling/apparmor/apparmor-d-module.nix b/common/tooling/apparmor/apparmor-d-module.nix
index f723206..1aaf3a7 100644
--- a/common/tooling/apparmor/apparmor-d-module.nix
+++ b/common/tooling/apparmor/apparmor-d-module.nix
@@ -5,7 +5,7 @@
   ...
 }:
 let
-  inherit (lib) mkIf mapAttrs;
+  inherit (lib) mkIf mapAttrs assertMsg pathIsRegularFile;
 
   cfg = config.security.apparmor_d;
   apparmor-d = pkgs.callPackage ./apparmor-d-package.nix {};
@@ -26,7 +26,11 @@ let
     security.apparmor.policies = mapAttrs (name: value: {
       enable = value != "disable";
       enforce = value == "enforce";
-      profile = ''include "${apparmor-d}/etc/apparmor.d/${name}"'';
+      profile = let
+        file = "${apparmor-d}/etc/apparmor.d/${name}";
+      in
+        assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";
+       ''include "${file}"'';
     }) cfg.profiles;
     
     environment.systemPackages = [ apparmor-d ];