{ config, lib, pkgs, ... }: let inherit (lib) getExe; aa-alias-manager = pkgs.callPackage ./aa-alias-manager-package.nix { }; alias_dir = "/run/aliases.d"; in { config = { security.apparmor.includes."tunables/alias.d/store" = '' include if exists "${alias_dir}" ''; systemd.services.aa-alias-setup = { before = [ "apparmor.service" ]; requiredBy = [ "apparmor.service" ]; path = [ config.nix.package ]; # respect the users choice to use alternative nix implementations serviceConfig = { Type = "oneshot"; ExecStart = "${getExe aa-alias-manager} -o ${alias_dir} -p ${./aa-alias-patterns.json}"; }; }; }; }