27 lines
551 B
Nix
27 lines
551 B
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
inherit (config.grimmShared) enable tooling;
|
|
inherit (lib) mkIf;
|
|
apparmor-d = pkgs.callPackage ./apparmor-d.nix {};
|
|
in
|
|
{
|
|
config = mkIf (enable && tooling.enable) {
|
|
services.dbus.apparmor = "enabled";
|
|
security.auditd.enable = true;
|
|
|
|
security.apparmor.packages = [ apparmor-d ];
|
|
security.apparmor.enable = true;
|
|
|
|
security.apparmor.includes = {
|
|
vesktop = ''include "${apparmor-d}/etc/apparmor.d/profiles-s-z/vesktop"'';
|
|
};
|
|
|
|
security.apparmor.policies = {};
|
|
};
|
|
}
|