25 lines
499 B
Nix
25 lines
499 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.ptw.security.apparmor;
|
|
in {
|
|
options.ptw.security.apparmor = {
|
|
enable = lib.mkEnableOption "Enable AppArmor";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
apparmor-bin-utils
|
|
];
|
|
|
|
services.dbus.apparmor = "enabled";
|
|
security.apparmor = {
|
|
enable = true;
|
|
enableCache = true;
|
|
includes = {
|
|
profiles = "${pkgs.apparmor-profiles}/etc/apparmor.d";
|
|
};
|
|
};
|
|
};
|
|
}
|