Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "config", default: None, }, FunctionHeadDestructuredArgument { identifier: "lib", default: None, }, FunctionHeadDestructuredArgument { identifier: "pkgs", default: None, }, ], }, ), body: With( With { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 3, column: 6, }, end: Position { line: 3, column: 9, }, }, }, ), target: LetIn( LetIn { bindings: [ Inherit( BindingInherit { from: Some( Identifier( Identifier { id: "builtins", span: Span { start: Position { line: 6, column: 12, }, end: Position { line: 6, column: 20, }, }, }, ), ), attributes: [ Raw( PartRaw { content: "attrNames", span: Span { start: Position { line: 6, column: 22, }, end: Position { line: 6, column: 31, }, }, }, ), Raw( PartRaw { content: "head", span: Span { start: Position { line: 6, column: 32, }, end: Position { line: 6, column: 36, }, }, }, ), Raw( PartRaw { content: "map", span: Span { start: Position { line: 6, column: 37, }, end: Position { line: 6, column: 40, }, }, }, ), Raw( PartRaw { content: "match", span: Span { start: Position { line: 6, column: 41, }, end: Position { line: 6, column: 46, }, }, }, ), Raw( PartRaw { content: "readFile", span: Span { start: Position { line: 6, column: 47, }, end: Position { line: 6, column: 55, }, }, }, ), ], span: Span { start: Position { line: 5, column: 4, }, end: Position { line: 6, column: 56, }, }, }, ), Inherit( BindingInherit { from: Some( Identifier( Identifier { id: "lib", span: Span { start: Position { line: 7, column: 12, }, end: Position { line: 7, column: 15, }, }, }, ), ), attributes: [ Raw( PartRaw { content: "types", span: Span { start: Position { line: 7, column: 17, }, end: Position { line: 7, column: 22, }, }, }, ), ], span: Span { start: Position { line: 5, column: 4, }, end: Position { line: 7, column: 23, }, }, }, ), Inherit( BindingInherit { from: Some( PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 8, column: 12, }, end: Position { line: 8, column: 18, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 8, column: 19, }, end: Position { line: 8, column: 30, }, }, }, ), ], default: None, }, ), ), attributes: [ Raw( PartRaw { content: "etc", span: Span { start: Position { line: 8, column: 32, }, end: Position { line: 8, column: 35, }, }, }, ), ], span: Span { start: Position { line: 5, column: 4, }, end: Position { line: 8, column: 36, }, }, }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "cfg", span: Span { start: Position { line: 9, column: 3, }, end: Position { line: 9, column: 6, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 9, column: 9, }, end: Position { line: 9, column: 15, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 9, column: 16, }, end: Position { line: 9, column: 24, }, }, }, ), Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 9, column: 25, }, end: Position { line: 9, column: 33, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "mkDisableOption", span: Span { start: Position { line: 10, column: 3, }, end: Position { line: 10, column: 18, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "name", }, ), body: BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkEnableOption", span: Span { start: Position { line: 10, column: 27, }, end: Position { line: 10, column: 41, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 10, column: 43, }, end: Position { line: 10, column: 46, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 10, column: 47, }, end: Position { line: 10, column: 52, }, }, }, ), ], default: None, }, ), arguments: [ Identifier( Identifier { id: "name", span: Span { start: Position { line: 10, column: 53, }, end: Position { line: 10, column: 57, }, }, }, ), ], }, ), ], }, ), operator: Update, right: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 11, column: 5, }, end: Position { line: 11, column: 12, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 11, column: 15, }, end: Position { line: 11, column: 19, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 12, column: 5, }, end: Position { line: 12, column: 12, }, }, }, ), ], to: Identifier( Identifier { id: "false", span: Span { start: Position { line: 12, column: 15, }, end: Position { line: 12, column: 20, }, }, }, ), }, ), ], span: Span { start: Position { line: 10, column: 62, }, end: Position { line: 13, column: 4, }, }, }, ), }, ), span: Span { start: Position { line: 10, column: 21, }, end: Position { line: 13, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enabledPolicies", span: Span { start: Position { line: 14, column: 3, }, end: Position { line: 14, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "filterAttrs", span: Span { start: Position { line: 14, column: 21, }, end: Position { line: 14, column: 32, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "n", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 14, column: 40, }, end: Position { line: 14, column: 41, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 14, column: 42, }, end: Position { line: 14, column: 48, }, }, }, ), ], default: None, }, ), span: Span { start: Position { line: 14, column: 37, }, end: Position { line: 14, column: 48, }, }, }, ), span: Span { start: Position { line: 14, column: 34, }, end: Position { line: 14, column: 48, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 14, column: 50, }, end: Position { line: 14, column: 53, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "policies", span: Span { start: Position { line: 14, column: 54, }, end: Position { line: 14, column: 62, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "imports", span: Span { start: Position { line: 18, column: 3, }, end: Position { line: 18, column: 10, }, }, }, ), ], to: List( List { elements: [ FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkRemovedOptionModule", span: Span { start: Position { line: 19, column: 6, }, end: Position { line: 19, column: 27, }, }, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 19, column: 31, }, end: Position { line: 19, column: 39, }, }, }, ), ], span: Span { start: Position { line: 19, column: 30, }, end: Position { line: 19, column: 40, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 19, column: 42, }, end: Position { line: 19, column: 50, }, }, }, ), ], span: Span { start: Position { line: 19, column: 41, }, end: Position { line: 19, column: 51, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "confineSUIDApplications", span: Span { start: Position { line: 19, column: 53, }, end: Position { line: 19, column: 76, }, }, }, ), ], span: Span { start: Position { line: 19, column: 52, }, end: Position { line: 19, column: 77, }, }, }, ), ], span: Span { start: Position { line: 19, column: 28, }, end: Position { line: 19, column: 79, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "Please use the new options: `security.apparmor.policies..enable'.", span: Span { start: Position { line: 19, column: 81, }, end: Position { line: 19, column: 154, }, }, }, ), ], span: Span { start: Position { line: 19, column: 80, }, end: Position { line: 19, column: 155, }, }, }, ), ], }, ), FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkRemovedOptionModule", span: Span { start: Position { line: 20, column: 6, }, end: Position { line: 20, column: 27, }, }, }, ), arguments: [ List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 20, column: 31, }, end: Position { line: 20, column: 39, }, }, }, ), ], span: Span { start: Position { line: 20, column: 30, }, end: Position { line: 20, column: 40, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 20, column: 42, }, end: Position { line: 20, column: 50, }, }, }, ), ], span: Span { start: Position { line: 20, column: 41, }, end: Position { line: 20, column: 51, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "profiles", span: Span { start: Position { line: 20, column: 53, }, end: Position { line: 20, column: 61, }, }, }, ), ], span: Span { start: Position { line: 20, column: 52, }, end: Position { line: 20, column: 62, }, }, }, ), ], span: Span { start: Position { line: 20, column: 28, }, end: Position { line: 20, column: 64, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "Please use the new option: `security.apparmor.policies'.", span: Span { start: Position { line: 20, column: 66, }, end: Position { line: 20, column: 122, }, }, }, ), ], span: Span { start: Position { line: 20, column: 65, }, end: Position { line: 20, column: 123, }, }, }, ), ], }, ), Path( Path { parts: [ Raw( PartRaw { content: "apparmor/includes.nix", span: Span { start: Position { line: 21, column: 5, }, end: Position { line: 21, column: 26, }, }, }, ), ], span: Span { start: Position { line: 21, column: 5, }, end: Position { line: 21, column: 26, }, }, }, ), Path( Path { parts: [ Raw( PartRaw { content: "apparmor/profiles.nix", span: Span { start: Position { line: 22, column: 5, }, end: Position { line: 22, column: 26, }, }, }, ), ], span: Span { start: Position { line: 22, column: 5, }, end: Position { line: 22, column: 26, }, }, }, ), ], span: Span { start: Position { line: 18, column: 13, }, end: Position { line: 23, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 25, column: 3, }, end: Position { line: 25, column: 10, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "security", span: Span { start: Position { line: 26, column: 5, }, end: Position { line: 26, column: 13, }, }, }, ), Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 26, column: 14, }, end: Position { line: 26, column: 22, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 27, column: 7, }, end: Position { line: 27, column: 13, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkEnableOption", span: Span { start: Position { line: 27, column: 16, }, end: Position { line: 27, column: 30, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 27, column: 32, }, end: Position { line: 27, column: 35, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 27, column: 36, }, end: Position { line: 27, column: 41, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: " the AppArmor Mandatory Access Control system.\n\nIf you're enabling this module on a running system,\nnote that a reboot will be required to activate AppArmor in the kernel.\n\nAlso, beware that enabling this module privileges stability over security\nby not trying to kill unconfined but newly confinable running processes by default,\nthough it would be needed because AppArmor can only confine new\nor already confined processes of an executable.\nThis killing would for instance be necessary when upgrading to a NixOS revision\nintroducing for the first time an AppArmor profile for the executable\nof a running process.\n\nEnable [](#opt-security.apparmor.killUnconfinedConfinables)\nif you want this service to do such killing\nby sending a `SIGTERM` to those running processes", span: Span { start: Position { line: 28, column: 1, }, end: Position { line: 43, column: 58, }, }, }, ), ], span: Span { start: Position { line: 27, column: 42, }, end: Position { line: 43, column: 60, }, }, }, ), ], }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "policies", span: Span { start: Position { line: 44, column: 7, }, end: Position { line: 44, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 44, column: 18, }, end: Position { line: 44, column: 26, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 45, column: 9, }, end: Position { line: 45, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 45, column: 23, }, end: Position { line: 45, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 45, column: 27, }, end: Position { line: 45, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "AppArmor policies.\n", span: Span { start: Position { line: 46, column: 1, }, end: Position { line: 47, column: 9, }, }, }, ), ], span: Span { start: Position { line: 45, column: 33, }, end: Position { line: 47, column: 11, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 48, column: 9, }, end: Position { line: 48, column: 13, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 48, column: 16, }, end: Position { line: 48, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "attrsOf", span: Span { start: Position { line: 48, column: 22, }, end: Position { line: 48, column: 29, }, }, }, ), ], default: None, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 48, column: 31, }, end: Position { line: 48, column: 36, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "submodule", span: Span { start: Position { line: 48, column: 37, }, end: Position { line: 48, column: 46, }, }, }, ), ], default: None, }, ), arguments: [ Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "name", default: None, }, FunctionHeadDestructuredArgument { identifier: "config", default: None, }, ], }, ), body: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 49, column: 11, }, end: Position { line: 49, column: 18, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 50, column: 13, }, end: Position { line: 50, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkDisableOption", span: Span { start: Position { line: 50, column: 22, }, end: Position { line: 50, column: 37, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "loading of the profile into the kernel", span: Span { start: Position { line: 50, column: 39, }, end: Position { line: 50, column: 77, }, }, }, ), ], span: Span { start: Position { line: 50, column: 38, }, end: Position { line: 50, column: 78, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enforce", span: Span { start: Position { line: 51, column: 13, }, end: Position { line: 51, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkDisableOption", span: Span { start: Position { line: 51, column: 23, }, end: Position { line: 51, column: 38, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "enforcing of the policy or only complain in the logs", span: Span { start: Position { line: 51, column: 40, }, end: Position { line: 51, column: 92, }, }, }, ), ], span: Span { start: Position { line: 51, column: 39, }, end: Position { line: 51, column: 93, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "profile", span: Span { start: Position { line: 52, column: 13, }, end: Position { line: 52, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 52, column: 23, }, end: Position { line: 52, column: 31, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 53, column: 15, }, end: Position { line: 53, column: 26, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 53, column: 29, }, end: Position { line: 53, column: 32, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 53, column: 33, }, end: Position { line: 53, column: 38, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The policy of the profile.", span: Span { start: Position { line: 53, column: 40, }, end: Position { line: 53, column: 66, }, }, }, ), ], span: Span { start: Position { line: 53, column: 39, }, end: Position { line: 53, column: 67, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 54, column: 15, }, end: Position { line: 54, column: 19, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 54, column: 22, }, end: Position { line: 54, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "lines", span: Span { start: Position { line: 54, column: 28, }, end: Position { line: 54, column: 33, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "apply", span: Span { start: Position { line: 55, column: 15, }, end: Position { line: 55, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 55, column: 23, }, end: Position { line: 55, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "writeText", span: Span { start: Position { line: 55, column: 28, }, end: Position { line: 55, column: 37, }, }, }, ), ], default: None, }, ), arguments: [ Identifier( Identifier { id: "name", span: Span { start: Position { line: 55, column: 38, }, end: Position { line: 55, column: 42, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 52, column: 32, }, end: Position { line: 56, column: 14, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 49, column: 21, }, end: Position { line: 57, column: 12, }, }, }, ), }, ), ], span: Span { start: Position { line: 48, column: 71, }, end: Position { line: 58, column: 10, }, }, }, ), span: Span { start: Position { line: 48, column: 48, }, end: Position { line: 58, column: 10, }, }, }, ), ], }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 59, column: 9, }, end: Position { line: 59, column: 16, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [], span: Span { start: Position { line: 59, column: 19, }, end: Position { line: 59, column: 21, }, }, }, ), }, ), ], span: Span { start: Position { line: 44, column: 27, }, end: Position { line: 60, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "includes", span: Span { start: Position { line: 61, column: 7, }, end: Position { line: 61, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 61, column: 18, }, end: Position { line: 61, column: 26, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 62, column: 9, }, end: Position { line: 62, column: 13, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 62, column: 16, }, end: Position { line: 62, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "attrsOf", span: Span { start: Position { line: 62, column: 22, }, end: Position { line: 62, column: 29, }, }, }, ), ], default: None, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 62, column: 30, }, end: Position { line: 62, column: 35, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "lines", span: Span { start: Position { line: 62, column: 36, }, end: Position { line: 62, column: 41, }, }, }, ), ], default: None, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 63, column: 9, }, end: Position { line: 63, column: 16, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [], span: Span { start: Position { line: 63, column: 19, }, end: Position { line: 63, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 64, column: 9, }, end: Position { line: 64, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 64, column: 23, }, end: Position { line: 64, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 64, column: 27, }, end: Position { line: 64, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "List of paths to be added to AppArmor's searched paths\nwhen resolving `include` directives.\n", span: Span { start: Position { line: 65, column: 1, }, end: Position { line: 67, column: 9, }, }, }, ), ], span: Span { start: Position { line: 64, column: 33, }, end: Position { line: 67, column: 11, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "apply", span: Span { start: Position { line: 68, column: 9, }, end: Position { line: 68, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mapAttrs", span: Span { start: Position { line: 68, column: 17, }, end: Position { line: 68, column: 25, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 68, column: 26, }, end: Position { line: 68, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "writeText", span: Span { start: Position { line: 68, column: 31, }, end: Position { line: 68, column: 40, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 61, column: 27, }, end: Position { line: 69, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "packages", span: Span { start: Position { line: 70, column: 7, }, end: Position { line: 70, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 70, column: 18, }, end: Position { line: 70, column: 26, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 71, column: 9, }, end: Position { line: 71, column: 13, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 71, column: 16, }, end: Position { line: 71, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "listOf", span: Span { start: Position { line: 71, column: 22, }, end: Position { line: 71, column: 28, }, }, }, ), ], default: None, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 71, column: 29, }, end: Position { line: 71, column: 34, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "package", span: Span { start: Position { line: 71, column: 35, }, end: Position { line: 71, column: 42, }, }, }, ), ], default: None, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 72, column: 9, }, end: Position { line: 72, column: 16, }, }, }, ), ], to: List( List { elements: [], span: Span { start: Position { line: 72, column: 19, }, end: Position { line: 72, column: 21, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 73, column: 9, }, end: Position { line: 73, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 73, column: 23, }, end: Position { line: 73, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 73, column: 27, }, end: Position { line: 73, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "List of packages to be added to AppArmor's include path", span: Span { start: Position { line: 73, column: 34, }, end: Position { line: 73, column: 89, }, }, }, ), ], span: Span { start: Position { line: 73, column: 33, }, end: Position { line: 73, column: 90, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 70, column: 27, }, end: Position { line: 74, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enableCache", span: Span { start: Position { line: 75, column: 7, }, end: Position { line: 75, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkEnableOption", span: Span { start: Position { line: 75, column: 21, }, end: Position { line: 75, column: 35, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 75, column: 37, }, end: Position { line: 75, column: 40, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 75, column: 41, }, end: Position { line: 75, column: 46, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: " caching of AppArmor policies\nin `/var/cache/apparmor/`.\n\nBeware that AppArmor policies almost always contain Nix store paths,\nand thus produce at each change of these paths\na new cached version accumulating in the cache", span: Span { start: Position { line: 76, column: 1, }, end: Position { line: 81, column: 55, }, }, }, ), ], span: Span { start: Position { line: 75, column: 47, }, end: Position { line: 81, column: 57, }, }, }, ), ], }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "killUnconfinedConfinables", span: Span { start: Position { line: 82, column: 7, }, end: Position { line: 82, column: 32, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkEnableOption", span: Span { start: Position { line: 82, column: 35, }, end: Position { line: 82, column: 49, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 82, column: 51, }, end: Position { line: 82, column: 54, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 82, column: 55, }, end: Position { line: 82, column: 60, }, }, }, ), ], default: None, }, ), arguments: [ IndentedString( IndentedString { parts: [ Raw( PartRaw { content: " killing of processes which have an AppArmor profile enabled\n(in [](#opt-security.apparmor.policies))\nbut are not confined (because AppArmor can only confine new processes).\n\nThis is only sending a gracious `SIGTERM` signal to the processes,\nnot a `SIGKILL`.\n\nBeware that due to a current limitation of AppArmor,\nonly profiles with exact paths (and no name) can enable such kills", span: Span { start: Position { line: 83, column: 1, }, end: Position { line: 91, column: 75, }, }, }, ), ], span: Span { start: Position { line: 82, column: 61, }, end: Position { line: 91, column: 77, }, }, }, ), ], }, ), ], }, ), }, ), ], span: Span { start: Position { line: 26, column: 25, }, end: Position { line: 92, column: 6, }, }, }, ), }, ), ], span: Span { start: Position { line: 25, column: 13, }, end: Position { line: 93, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "config", span: Span { start: Position { line: 95, column: 3, }, end: Position { line: 95, column: 9, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkIf", span: Span { start: Position { line: 95, column: 12, }, end: Position { line: 95, column: 16, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 95, column: 17, }, end: Position { line: 95, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 95, column: 21, }, end: Position { line: 95, column: 27, }, }, }, ), ], default: None, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "assertions", span: Span { start: Position { line: 96, column: 5, }, end: Position { line: 96, column: 15, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "map", span: Span { start: Position { line: 96, column: 18, }, end: Position { line: 96, column: 21, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "policy", }, ), body: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "assertion", span: Span { start: Position { line: 97, column: 9, }, end: Position { line: 97, column: 18, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "match", span: Span { start: Position { line: 97, column: 21, }, end: Position { line: 97, column: 26, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: ".*/.*", span: Span { start: Position { line: 97, column: 28, }, end: Position { line: 97, column: 33, }, }, }, ), ], span: Span { start: Position { line: 97, column: 27, }, end: Position { line: 97, column: 34, }, }, }, ), Identifier( Identifier { id: "policy", span: Span { start: Position { line: 97, column: 35, }, end: Position { line: 97, column: 41, }, }, }, ), ], }, ), operator: EqualTo, right: Identifier( Identifier { id: "null", span: Span { start: Position { line: 97, column: 45, }, end: Position { line: 97, column: 49, }, }, }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "message", span: Span { start: Position { line: 98, column: 9, }, end: Position { line: 98, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "`security.apparmor.policies.\"", span: Span { start: Position { line: 98, column: 20, }, end: Position { line: 98, column: 59, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "policy", span: Span { start: Position { line: 98, column: 52, }, end: Position { line: 98, column: 58, }, }, }, ), }, ), Raw( PartRaw { content: "\"' must not contain a slash.", span: Span { start: Position { line: 98, column: 20, }, end: Position { line: 98, column: 88, }, }, }, ), ], span: Span { start: Position { line: 98, column: 19, }, end: Position { line: 98, column: 89, }, }, }, ), }, ), ], span: Span { start: Position { line: 97, column: 7, }, end: Position { line: 101, column: 8, }, }, }, ), span: Span { start: Position { line: 96, column: 23, }, end: Position { line: 101, column: 8, }, }, }, ), FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "attrNames", span: Span { start: Position { line: 102, column: 8, }, end: Position { line: 102, column: 17, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 102, column: 18, }, end: Position { line: 102, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "policies", span: Span { start: Position { line: 102, column: 22, }, end: Position { line: 102, column: 30, }, }, }, ), ], default: None, }, ), ], }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 104, column: 5, }, end: Position { line: 104, column: 16, }, }, }, ), Raw( PartRaw { content: "systemPackages", span: Span { start: Position { line: 104, column: 17, }, end: Position { line: 104, column: 31, }, }, }, ), ], to: List( List { elements: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 105, column: 7, }, end: Position { line: 105, column: 11, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 105, column: 12, }, end: Position { line: 105, column: 26, }, }, }, ), ], default: None, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 106, column: 7, }, end: Position { line: 106, column: 11, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-bin-utils", span: Span { start: Position { line: 106, column: 12, }, end: Position { line: 106, column: 30, }, }, }, ), ], default: None, }, ), ], span: Span { start: Position { line: 104, column: 34, }, end: Position { line: 107, column: 6, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 108, column: 5, }, end: Position { line: 108, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 108, column: 17, }, end: Position { line: 108, column: 20, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor.d", span: Span { start: Position { line: 108, column: 22, }, end: Position { line: 108, column: 32, }, }, }, ), ], span: Span { start: Position { line: 108, column: 21, }, end: Position { line: 108, column: 33, }, }, }, ), }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 108, column: 34, }, end: Position { line: 108, column: 40, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 108, column: 43, }, end: Position { line: 108, column: 47, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "linkFarm", span: Span { start: Position { line: 108, column: 48, }, end: Position { line: 108, column: 56, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "apparmor.d", span: Span { start: Position { line: 108, column: 58, }, end: Position { line: 108, column: 68, }, }, }, ), ], span: Span { start: Position { line: 108, column: 57, }, end: Position { line: 108, column: 69, }, }, }, ), BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mapAttrsToList", span: Span { start: Position { line: 111, column: 7, }, end: Position { line: 111, column: 21, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "name", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: Map( Map { recursive: false, bindings: [ Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "name", span: Span { start: Position { line: 111, column: 42, }, end: Position { line: 111, column: 46, }, }, }, ), ], span: Span { start: Position { line: 111, column: 33, }, end: Position { line: 111, column: 47, }, }, }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "path", span: Span { start: Position { line: 111, column: 48, }, end: Position { line: 111, column: 52, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 111, column: 55, }, end: Position { line: 111, column: 56, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "profile", span: Span { start: Position { line: 111, column: 57, }, end: Position { line: 111, column: 64, }, }, }, ), ], default: None, }, ), }, ), ], span: Span { start: Position { line: 111, column: 32, }, end: Position { line: 111, column: 67, }, }, }, ), span: Span { start: Position { line: 111, column: 29, }, end: Position { line: 111, column: 67, }, }, }, ), span: Span { start: Position { line: 111, column: 23, }, end: Position { line: 111, column: 67, }, }, }, ), Identifier( Identifier { id: "enabledPolicies", span: Span { start: Position { line: 111, column: 69, }, end: Position { line: 111, column: 84, }, }, }, ), ], }, ), operator: Concatenation, right: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mapAttrsToList", span: Span { start: Position { line: 112, column: 7, }, end: Position { line: 112, column: 21, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "name", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "path", }, ), body: Map( Map { recursive: false, bindings: [ Inherit( BindingInherit { from: None, attributes: [ Raw( PartRaw { content: "name", span: Span { start: Position { line: 112, column: 45, }, end: Position { line: 112, column: 49, }, }, }, ), Raw( PartRaw { content: "path", span: Span { start: Position { line: 112, column: 50, }, end: Position { line: 112, column: 54, }, }, }, ), ], span: Span { start: Position { line: 112, column: 36, }, end: Position { line: 112, column: 55, }, }, }, ), ], span: Span { start: Position { line: 112, column: 35, }, end: Position { line: 112, column: 57, }, }, }, ), span: Span { start: Position { line: 112, column: 29, }, end: Position { line: 112, column: 57, }, }, }, ), span: Span { start: Position { line: 112, column: 23, }, end: Position { line: 112, column: 57, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 112, column: 59, }, end: Position { line: 112, column: 62, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "includes", span: Span { start: Position { line: 112, column: 63, }, end: Position { line: 112, column: 71, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 114, column: 5, }, end: Position { line: 114, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 114, column: 17, }, end: Position { line: 114, column: 20, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor/parser.conf", span: Span { start: Position { line: 114, column: 22, }, end: Position { line: 114, column: 42, }, }, }, ), ], span: Span { start: Position { line: 114, column: 21, }, end: Position { line: 114, column: 43, }, }, }, ), }, ), Raw( PartRaw { content: "text", span: Span { start: Position { line: 114, column: 44, }, end: Position { line: 114, column: 48, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "", span: Span { start: Position { line: 115, column: 1, }, end: Position { line: 115, column: 9, }, }, }, ), Interpolation( PartInterpolation { expression: IfThenElse( IfThenElse { predicate: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 115, column: 14, }, end: Position { line: 115, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enableCache", span: Span { start: Position { line: 115, column: 18, }, end: Position { line: 115, column: 29, }, }, }, ), ], default: None, }, ), then: String( String_ { parts: [ Raw( PartRaw { content: "write-cache", span: Span { start: Position { line: 115, column: 36, }, end: Position { line: 115, column: 47, }, }, }, ), ], span: Span { start: Position { line: 115, column: 35, }, end: Position { line: 115, column: 48, }, }, }, ), else_: String( String_ { parts: [ Raw( PartRaw { content: "skip-cache", span: Span { start: Position { line: 115, column: 55, }, end: Position { line: 115, column: 65, }, }, }, ), ], span: Span { start: Position { line: 115, column: 54, }, end: Position { line: 115, column: 66, }, }, }, ), span: Span { start: Position { line: 115, column: 11, }, end: Position { line: 115, column: 66, }, }, }, ), }, ), Raw( PartRaw { content: "\ncache-loc /var/cache/apparmor\nInclude /etc/apparmor.d\n", span: Span { start: Position { line: 115, column: 1, }, end: Position { line: 118, column: 7, }, }, }, ), ], span: Span { start: Position { line: 114, column: 51, }, end: Position { line: 118, column: 9, }, }, }, ), operator: Addition, right: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatMapStrings", span: Span { start: Position { line: 119, column: 7, }, end: Position { line: 119, column: 23, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: String( String_ { parts: [ Raw( PartRaw { content: "Include ", span: Span { start: Position { line: 119, column: 29, }, end: Position { line: 119, column: 41, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 119, column: 39, }, end: Position { line: 119, column: 40, }, }, }, ), }, ), Raw( PartRaw { content: "/etc/apparmor.d\n", span: Span { start: Position { line: 119, column: 29, }, end: Position { line: 119, column: 58, }, }, }, ), ], span: Span { start: Position { line: 119, column: 28, }, end: Position { line: 119, column: 59, }, }, }, ), span: Span { start: Position { line: 119, column: 25, }, end: Position { line: 119, column: 59, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 119, column: 61, }, end: Position { line: 119, column: 64, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "packages", span: Span { start: Position { line: 119, column: 65, }, end: Position { line: 119, column: 73, }, }, }, ), ], default: None, }, ), ], }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 121, column: 5, }, end: Position { line: 121, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 121, column: 17, }, end: Position { line: 121, column: 20, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor/apparmor.conf", span: Span { start: Position { line: 121, column: 22, }, end: Position { line: 121, column: 44, }, }, }, ), ], span: Span { start: Position { line: 121, column: 21, }, end: Position { line: 121, column: 45, }, }, }, ), }, ), Raw( PartRaw { content: "text", span: Span { start: Position { line: 121, column: 46, }, end: Position { line: 121, column: 50, }, }, }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "", span: Span { start: Position { line: 122, column: 1, }, end: Position { line: 122, column: 5, }, }, }, ), ], span: Span { start: Position { line: 121, column: 53, }, end: Position { line: 122, column: 7, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 124, column: 5, }, end: Position { line: 124, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 124, column: 17, }, end: Position { line: 124, column: 20, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor/severity.db", span: Span { start: Position { line: 124, column: 22, }, end: Position { line: 124, column: 42, }, }, }, ), ], span: Span { start: Position { line: 124, column: 21, }, end: Position { line: 124, column: 43, }, }, }, ), }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 124, column: 44, }, end: Position { line: 124, column: 50, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 124, column: 53, }, end: Position { line: 124, column: 57, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 124, column: 58, }, end: Position { line: 124, column: 72, }, }, }, ), ], default: None, }, ), operator: Addition, right: String( String_ { parts: [ Raw( PartRaw { content: "/etc/apparmor/severity.db", span: Span { start: Position { line: 124, column: 76, }, end: Position { line: 124, column: 101, }, }, }, ), ], span: Span { start: Position { line: 124, column: 75, }, end: Position { line: 124, column: 102, }, }, }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "environment", span: Span { start: Position { line: 125, column: 5, }, end: Position { line: 125, column: 16, }, }, }, ), Raw( PartRaw { content: "etc", span: Span { start: Position { line: 125, column: 17, }, end: Position { line: 125, column: 20, }, }, }, ), Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor/logprof.conf", span: Span { start: Position { line: 125, column: 22, }, end: Position { line: 125, column: 43, }, }, }, ), ], span: Span { start: Position { line: 125, column: 21, }, end: Position { line: 125, column: 44, }, }, }, ), }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 125, column: 45, }, end: Position { line: 125, column: 51, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 125, column: 54, }, end: Position { line: 125, column: 58, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runCommand", span: Span { start: Position { line: 125, column: 59, }, end: Position { line: 125, column: 69, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "logprof.conf", span: Span { start: Position { line: 125, column: 71, }, end: Position { line: 125, column: 83, }, }, }, ), ], span: Span { start: Position { line: 125, column: 70, }, end: Position { line: 125, column: 84, }, }, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "header", span: Span { start: Position { line: 126, column: 7, }, end: Position { line: 126, column: 13, }, }, }, ), ], to: IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "[settings]\n # /etc/apparmor.d/ is read-only on NixOS\n profiledir = /var/cache/apparmor/logprof\n inactive_profiledir = /etc/apparmor.d/disable\n # Use: journalctl -b --since today --grep audit: | aa-logprof\n logfiles = /dev/stdin\n\n parser = ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 134, column: 20, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 134, column: 22, }, end: Position { line: 134, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-parser", span: Span { start: Position { line: 134, column: 27, }, end: Position { line: 134, column: 42, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/apparmor_parser\n ldd = ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 135, column: 17, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 135, column: 19, }, end: Position { line: 135, column: 23, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "glibc", span: Span { start: Position { line: 135, column: 24, }, end: Position { line: 135, column: 29, }, }, }, ), Raw( PartRaw { content: "bin", span: Span { start: Position { line: 135, column: 30, }, end: Position { line: 135, column: 33, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/ldd\n logger = ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 136, column: 20, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 136, column: 22, }, end: Position { line: 136, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "util-linux", span: Span { start: Position { line: 136, column: 27, }, end: Position { line: 136, column: 37, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/logger\n\n # customize how file ownership permissions are presented\n # 0 - off\n # 1 - default of what ever mode the log reported\n # 2 - force the new permissions to be user\n # 3 - force all perms on the rule to be user\n default_owner_prompt = 1\n\n custom_includes = /etc/apparmor.d ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 145, column: 45, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatMapStringsSep", span: Span { start: Position { line: 145, column: 47, }, end: Position { line: 145, column: 66, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: " ", span: Span { start: Position { line: 145, column: 68, }, end: Position { line: 145, column: 69, }, }, }, ), ], span: Span { start: Position { line: 145, column: 67, }, end: Position { line: 145, column: 70, }, }, }, ), Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 145, column: 78, }, end: Position { line: 145, column: 79, }, }, }, ), }, ), Raw( PartRaw { content: "/etc/apparmor.d", span: Span { start: Position { line: 145, column: 76, }, end: Position { line: 145, column: 95, }, }, }, ), ], span: Span { start: Position { line: 145, column: 75, }, end: Position { line: 145, column: 96, }, }, }, ), span: Span { start: Position { line: 145, column: 72, }, end: Position { line: 145, column: 96, }, }, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 145, column: 98, }, end: Position { line: 145, column: 101, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "packages", span: Span { start: Position { line: 145, column: 102, }, end: Position { line: 145, column: 110, }, }, }, ), ], default: None, }, ), ], }, ), }, ), Raw( PartRaw { content: "\n\n[qualifiers]\n ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 148, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 148, column: 13, }, end: Position { line: 148, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "runtimeShell", span: Span { start: Position { line: 148, column: 18, }, end: Position { line: 148, column: 30, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: " = icnu\n ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 149, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 149, column: 13, }, end: Position { line: 149, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bashInteractive", span: Span { start: Position { line: 149, column: 18, }, end: Position { line: 149, column: 33, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/sh = icnu\n ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 150, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 150, column: 13, }, end: Position { line: 150, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bashInteractive", span: Span { start: Position { line: 150, column: 18, }, end: Position { line: 150, column: 33, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/bash = icnu\n ", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 151, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 151, column: 13, }, end: Position { line: 151, column: 19, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "users", span: Span { start: Position { line: 151, column: 20, }, end: Position { line: 151, column: 25, }, }, }, ), Raw( PartRaw { content: "defaultUserShell", span: Span { start: Position { line: 151, column: 26, }, end: Position { line: 151, column: 42, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: " = icnu\n", span: Span { start: Position { line: 127, column: 1, }, end: Position { line: 152, column: 7, }, }, }, ), ], span: Span { start: Position { line: 126, column: 16, }, end: Position { line: 152, column: 9, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "footer", span: Span { start: Position { line: 153, column: 7, }, end: Position { line: 153, column: 13, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 153, column: 19, }, end: Position { line: 153, column: 23, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 153, column: 24, }, end: Position { line: 153, column: 38, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/etc/apparmor/logprof.conf", span: Span { start: Position { line: 153, column: 17, }, end: Position { line: 153, column: 65, }, }, }, ), ], span: Span { start: Position { line: 153, column: 16, }, end: Position { line: 153, column: 66, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "passAsFile", span: Span { start: Position { line: 154, column: 7, }, end: Position { line: 154, column: 17, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "header", span: Span { start: Position { line: 154, column: 23, }, end: Position { line: 154, column: 29, }, }, }, ), ], span: Span { start: Position { line: 154, column: 22, }, end: Position { line: 154, column: 30, }, }, }, ), ], span: Span { start: Position { line: 154, column: 20, }, end: Position { line: 154, column: 32, }, }, }, ), }, ), ], span: Span { start: Position { line: 125, column: 85, }, end: Position { line: 155, column: 6, }, }, }, ), IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "cp $headerPath $out\nsed '1,/\\[qualifiers\\]/d' $footer >> $out\n", span: Span { start: Position { line: 156, column: 1, }, end: Position { line: 158, column: 5, }, }, }, ), ], span: Span { start: Position { line: 155, column: 7, }, end: Position { line: 158, column: 7, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "boot", span: Span { start: Position { line: 160, column: 5, }, end: Position { line: 160, column: 9, }, }, }, ), Raw( PartRaw { content: "kernelParams", span: Span { start: Position { line: 160, column: 10, }, end: Position { line: 160, column: 22, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "apparmor=1", span: Span { start: Position { line: 160, column: 28, }, end: Position { line: 160, column: 38, }, }, }, ), ], span: Span { start: Position { line: 160, column: 27, }, end: Position { line: 160, column: 39, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "security=apparmor", span: Span { start: Position { line: 160, column: 41, }, end: Position { line: 160, column: 58, }, }, }, ), ], span: Span { start: Position { line: 160, column: 40, }, end: Position { line: 160, column: 59, }, }, }, ), ], span: Span { start: Position { line: 160, column: 25, }, end: Position { line: 160, column: 61, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "systemd", span: Span { start: Position { line: 162, column: 5, }, end: Position { line: 162, column: 12, }, }, }, ), Raw( PartRaw { content: "services", span: Span { start: Position { line: 162, column: 13, }, end: Position { line: 162, column: 21, }, }, }, ), Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 162, column: 22, }, end: Position { line: 162, column: 30, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "after", span: Span { start: Position { line: 163, column: 7, }, end: Position { line: 163, column: 12, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "local-fs.target", span: Span { start: Position { line: 164, column: 10, }, end: Position { line: 164, column: 25, }, }, }, ), ], span: Span { start: Position { line: 164, column: 9, }, end: Position { line: 164, column: 26, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "systemd-journald-audit.socket", span: Span { start: Position { line: 165, column: 10, }, end: Position { line: 165, column: 39, }, }, }, ), ], span: Span { start: Position { line: 165, column: 9, }, end: Position { line: 165, column: 40, }, }, }, ), ], span: Span { start: Position { line: 163, column: 15, }, end: Position { line: 166, column: 8, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "before", span: Span { start: Position { line: 167, column: 7, }, end: Position { line: 167, column: 13, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "sysinit.target", span: Span { start: Position { line: 167, column: 19, }, end: Position { line: 167, column: 33, }, }, }, ), ], span: Span { start: Position { line: 167, column: 18, }, end: Position { line: 167, column: 34, }, }, }, ), ], span: Span { start: Position { line: 167, column: 16, }, end: Position { line: 167, column: 36, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "wantedBy", span: Span { start: Position { line: 168, column: 7, }, end: Position { line: 168, column: 15, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "multi-user.target", span: Span { start: Position { line: 168, column: 21, }, end: Position { line: 168, column: 38, }, }, }, ), ], span: Span { start: Position { line: 168, column: 20, }, end: Position { line: 168, column: 39, }, }, }, ), ], span: Span { start: Position { line: 168, column: 18, }, end: Position { line: 168, column: 41, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "unitConfig", span: Span { start: Position { line: 169, column: 7, }, end: Position { line: 169, column: 17, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "Description", span: Span { start: Position { line: 170, column: 9, }, end: Position { line: 170, column: 20, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "Load AppArmor policies", span: Span { start: Position { line: 170, column: 22, }, end: Position { line: 170, column: 44, }, }, }, ), ], span: Span { start: Position { line: 170, column: 21, }, end: Position { line: 170, column: 45, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "DefaultDependencies", span: Span { start: Position { line: 171, column: 9, }, end: Position { line: 171, column: 28, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "no", span: Span { start: Position { line: 171, column: 32, }, end: Position { line: 171, column: 34, }, }, }, ), ], span: Span { start: Position { line: 171, column: 31, }, end: Position { line: 171, column: 35, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ConditionSecurity", span: Span { start: Position { line: 172, column: 9, }, end: Position { line: 172, column: 26, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 172, column: 30, }, end: Position { line: 172, column: 38, }, }, }, ), ], span: Span { start: Position { line: 172, column: 29, }, end: Position { line: 172, column: 39, }, }, }, ), }, ), ], span: Span { start: Position { line: 169, column: 20, }, end: Position { line: 173, column: 8, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "reloadIfChanged", span: Span { start: Position { line: 176, column: 7, }, end: Position { line: 176, column: 22, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 176, column: 25, }, end: Position { line: 176, column: 29, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "restartTriggers", span: Span { start: Position { line: 177, column: 7, }, end: Position { line: 177, column: 22, }, }, }, ), ], to: List( List { elements: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "etc", span: Span { start: Position { line: 178, column: 9, }, end: Position { line: 178, column: 12, }, }, }, ), attribute_path: [ Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor/parser.conf", span: Span { start: Position { line: 178, column: 14, }, end: Position { line: 178, column: 34, }, }, }, ), ], span: Span { start: Position { line: 178, column: 13, }, end: Position { line: 178, column: 35, }, }, }, ), }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 178, column: 36, }, end: Position { line: 178, column: 42, }, }, }, ), ], default: None, }, ), PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "etc", span: Span { start: Position { line: 179, column: 9, }, end: Position { line: 179, column: 12, }, }, }, ), attribute_path: [ Expression( PartExpression { expression: String( String_ { parts: [ Raw( PartRaw { content: "apparmor.d", span: Span { start: Position { line: 179, column: 14, }, end: Position { line: 179, column: 24, }, }, }, ), ], span: Span { start: Position { line: 179, column: 13, }, end: Position { line: 179, column: 25, }, }, }, ), }, ), Raw( PartRaw { content: "source", span: Span { start: Position { line: 179, column: 26, }, end: Position { line: 179, column: 32, }, }, }, ), ], default: None, }, ), ], span: Span { start: Position { line: 177, column: 25, }, end: Position { line: 180, column: 8, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "serviceConfig", span: Span { start: Position { line: 181, column: 7, }, end: Position { line: 181, column: 20, }, }, }, ), ], to: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "killUnconfinedConfinables", span: Span { start: Position { line: 182, column: 9, }, end: Position { line: 182, column: 34, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 182, column: 37, }, end: Position { line: 182, column: 41, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "writeShellScript", span: Span { start: Position { line: 182, column: 42, }, end: Position { line: 182, column: 58, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "apparmor-kill", span: Span { start: Position { line: 182, column: 60, }, end: Position { line: 182, column: 73, }, }, }, ), ], span: Span { start: Position { line: 182, column: 59, }, end: Position { line: 182, column: 74, }, }, }, ), IndentedString( IndentedString { parts: [ Raw( PartRaw { content: "set -eu\n", span: Span { start: Position { line: 183, column: 1, }, end: Position { line: 184, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 184, column: 13, }, end: Position { line: 184, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-bin-utils", span: Span { start: Position { line: 184, column: 18, }, end: Position { line: 184, column: 36, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/aa-status --json |\n", span: Span { start: Position { line: 183, column: 1, }, end: Position { line: 185, column: 11, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 185, column: 13, }, end: Position { line: 185, column: 17, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "jq", span: Span { start: Position { line: 185, column: 18, }, end: Position { line: 185, column: 20, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/jq --raw-output '.processes | .[] | .[] | select (.status == \"unconfined\") | .pid' |\nxargs --verbose --no-run-if-empty --delimiter='\\n' \\\nkill\n", span: Span { start: Position { line: 183, column: 1, }, end: Position { line: 188, column: 9, }, }, }, ), ], span: Span { start: Position { line: 182, column: 75, }, end: Position { line: 188, column: 11, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "commonOpts", span: Span { start: Position { line: 189, column: 9, }, end: Position { line: 189, column: 19, }, }, }, ), ], to: Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: String( String_ { parts: [ Raw( PartRaw { content: "--verbose --show-cache ", span: Span { start: Position { line: 189, column: 26, }, end: Position { line: 189, column: 93, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "optionalString", span: Span { start: Position { line: 189, column: 51, }, end: Position { line: 189, column: 65, }, }, }, ), arguments: [ UnaryOperation( UnaryOperation { operator: Not, operand: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 189, column: 68, }, end: Position { line: 189, column: 69, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enforce", span: Span { start: Position { line: 189, column: 70, }, end: Position { line: 189, column: 77, }, }, }, ), ], default: None, }, ), span: Span { start: Position { line: 189, column: 67, }, end: Position { line: 189, column: 77, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "--complain ", span: Span { start: Position { line: 189, column: 80, }, end: Position { line: 189, column: 91, }, }, }, ), ], span: Span { start: Position { line: 189, column: 79, }, end: Position { line: 189, column: 92, }, }, }, ), ], }, ), }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "p", span: Span { start: Position { line: 189, column: 95, }, end: Position { line: 189, column: 96, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "profile", span: Span { start: Position { line: 189, column: 97, }, end: Position { line: 189, column: 104, }, }, }, ), ], default: None, }, ), }, ), ], span: Span { start: Position { line: 189, column: 25, }, end: Position { line: 189, column: 106, }, }, }, ), span: Span { start: Position { line: 189, column: 22, }, end: Position { line: 189, column: 106, }, }, }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "Type", span: Span { start: Position { line: 191, column: 9, }, end: Position { line: 191, column: 13, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "oneshot", span: Span { start: Position { line: 191, column: 17, }, end: Position { line: 191, column: 24, }, }, }, ), ], span: Span { start: Position { line: 191, column: 16, }, end: Position { line: 191, column: 25, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RemainAfterExit", span: Span { start: Position { line: 192, column: 9, }, end: Position { line: 192, column: 24, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "yes", span: Span { start: Position { line: 192, column: 28, }, end: Position { line: 192, column: 31, }, }, }, ), ], span: Span { start: Position { line: 192, column: 27, }, end: Position { line: 192, column: 32, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecStartPre", span: Span { start: Position { line: 193, column: 9, }, end: Position { line: 193, column: 21, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 193, column: 27, }, end: Position { line: 193, column: 31, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 193, column: 32, }, end: Position { line: 193, column: 46, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/aa-teardown", span: Span { start: Position { line: 193, column: 25, }, end: Position { line: 193, column: 63, }, }, }, ), ], span: Span { start: Position { line: 193, column: 24, }, end: Position { line: 193, column: 64, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecStart", span: Span { start: Position { line: 194, column: 9, }, end: Position { line: 194, column: 18, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mapAttrsToList", span: Span { start: Position { line: 194, column: 21, }, end: Position { line: 194, column: 35, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "n", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 194, column: 46, }, end: Position { line: 194, column: 50, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-parser", span: Span { start: Position { line: 194, column: 51, }, end: Position { line: 194, column: 66, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/apparmor_parser --add ", span: Span { start: Position { line: 194, column: 44, }, end: Position { line: 194, column: 94, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "commonOpts", span: Span { start: Position { line: 194, column: 96, }, end: Position { line: 194, column: 106, }, }, }, ), arguments: [ Identifier( Identifier { id: "p", span: Span { start: Position { line: 194, column: 107, }, end: Position { line: 194, column: 108, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 194, column: 43, }, end: Position { line: 194, column: 110, }, }, }, ), span: Span { start: Position { line: 194, column: 40, }, end: Position { line: 194, column: 110, }, }, }, ), span: Span { start: Position { line: 194, column: 37, }, end: Position { line: 194, column: 110, }, }, }, ), Identifier( Identifier { id: "enabledPolicies", span: Span { start: Position { line: 194, column: 112, }, end: Position { line: 194, column: 127, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecStartPost", span: Span { start: Position { line: 195, column: 9, }, end: Position { line: 195, column: 22, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "optional", span: Span { start: Position { line: 195, column: 25, }, end: Position { line: 195, column: 33, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 195, column: 34, }, end: Position { line: 195, column: 37, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "killUnconfinedConfinables", span: Span { start: Position { line: 195, column: 38, }, end: Position { line: 195, column: 63, }, }, }, ), ], default: None, }, ), Identifier( Identifier { id: "killUnconfinedConfinables", span: Span { start: Position { line: 195, column: 64, }, end: Position { line: 195, column: 89, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecReload", span: Span { start: Position { line: 196, column: 9, }, end: Position { line: 196, column: 19, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mapAttrsToList", span: Span { start: Position { line: 199, column: 11, }, end: Position { line: 199, column: 25, }, }, }, ), arguments: [ Function( Function { head: Simple( FunctionHeadSimple { identifier: "n", }, ), body: Function( Function { head: Simple( FunctionHeadSimple { identifier: "p", }, ), body: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 199, column: 36, }, end: Position { line: 199, column: 40, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-parser", span: Span { start: Position { line: 199, column: 41, }, end: Position { line: 199, column: 56, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/apparmor_parser --replace ", span: Span { start: Position { line: 199, column: 34, }, end: Position { line: 199, column: 88, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "commonOpts", span: Span { start: Position { line: 199, column: 90, }, end: Position { line: 199, column: 100, }, }, }, ), arguments: [ Identifier( Identifier { id: "p", span: Span { start: Position { line: 199, column: 101, }, end: Position { line: 199, column: 102, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 199, column: 33, }, end: Position { line: 199, column: 104, }, }, }, ), span: Span { start: Position { line: 199, column: 30, }, end: Position { line: 199, column: 104, }, }, }, ), span: Span { start: Position { line: 199, column: 27, }, end: Position { line: 199, column: 104, }, }, }, ), Identifier( Identifier { id: "enabledPolicies", span: Span { start: Position { line: 199, column: 106, }, end: Position { line: 199, column: 121, }, }, }, ), ], }, ), operator: Concatenation, right: BinaryOperation( BinaryOperation { left: List( List { elements: [ String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 204, column: 16, }, end: Position { line: 204, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 204, column: 21, }, end: Position { line: 204, column: 35, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/aa-remove-unknown", span: Span { start: Position { line: 204, column: 14, }, end: Position { line: 204, column: 58, }, }, }, ), ], span: Span { start: Position { line: 204, column: 13, }, end: Position { line: 204, column: 59, }, }, }, ), ], span: Span { start: Position { line: 204, column: 11, }, end: Position { line: 204, column: 61, }, }, }, ), operator: Concatenation, right: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "optional", span: Span { start: Position { line: 207, column: 11, }, end: Position { line: 207, column: 19, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 207, column: 20, }, end: Position { line: 207, column: 23, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "killUnconfinedConfinables", span: Span { start: Position { line: 207, column: 24, }, end: Position { line: 207, column: 49, }, }, }, ), ], default: None, }, ), Identifier( Identifier { id: "killUnconfinedConfinables", span: Span { start: Position { line: 207, column: 50, }, end: Position { line: 207, column: 75, }, }, }, ), ], }, ), }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecStop", span: Span { start: Position { line: 208, column: 9, }, end: Position { line: 208, column: 17, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 208, column: 23, }, end: Position { line: 208, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "apparmor-utils", span: Span { start: Position { line: 208, column: 28, }, end: Position { line: 208, column: 42, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/aa-teardown", span: Span { start: Position { line: 208, column: 21, }, end: Position { line: 208, column: 59, }, }, }, ), ], span: Span { start: Position { line: 208, column: 20, }, end: Position { line: 208, column: 60, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "CacheDirectory", span: Span { start: Position { line: 209, column: 9, }, end: Position { line: 209, column: 23, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "apparmor", span: Span { start: Position { line: 209, column: 29, }, end: Position { line: 209, column: 37, }, }, }, ), ], span: Span { start: Position { line: 209, column: 28, }, end: Position { line: 209, column: 38, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "apparmor/logprof", span: Span { start: Position { line: 209, column: 40, }, end: Position { line: 209, column: 56, }, }, }, ), ], span: Span { start: Position { line: 209, column: 39, }, end: Position { line: 209, column: 57, }, }, }, ), ], span: Span { start: Position { line: 209, column: 26, }, end: Position { line: 209, column: 59, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "CacheDirectoryMode", span: Span { start: Position { line: 210, column: 9, }, end: Position { line: 210, column: 27, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "0700", span: Span { start: Position { line: 210, column: 31, }, end: Position { line: 210, column: 35, }, }, }, ), ], span: Span { start: Position { line: 210, column: 30, }, end: Position { line: 210, column: 36, }, }, }, ), }, ), ], span: Span { start: Position { line: 190, column: 12, }, end: Position { line: 211, column: 8, }, }, }, ), span: Span { start: Position { line: 181, column: 23, }, end: Position { line: 211, column: 8, }, }, }, ), }, ), ], span: Span { start: Position { line: 162, column: 33, }, end: Position { line: 212, column: 6, }, }, }, ), }, ), ], span: Span { start: Position { line: 95, column: 28, }, end: Position { line: 213, column: 4, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "meta", span: Span { start: Position { line: 215, column: 3, }, end: Position { line: 215, column: 7, }, }, }, ), Raw( PartRaw { content: "maintainers", span: Span { start: Position { line: 215, column: 8, }, end: Position { line: 215, column: 19, }, }, }, ), ], to: With( With { expression: Identifier( Identifier { id: "maintainers", span: Span { start: Position { line: 215, column: 27, }, end: Position { line: 215, column: 38, }, }, }, ), target: List( List { elements: [ Identifier( Identifier { id: "julm", span: Span { start: Position { line: 215, column: 42, }, end: Position { line: 215, column: 46, }, }, }, ), ], span: Span { start: Position { line: 215, column: 40, }, end: Position { line: 215, column: 48, }, }, }, ), span: Span { start: Position { line: 215, column: 22, }, end: Position { line: 215, column: 48, }, }, }, ), }, ), ], span: Span { start: Position { line: 17, column: 1, }, end: Position { line: 216, column: 2, }, }, }, ), span: Span { start: Position { line: 5, column: 1, }, end: Position { line: 216, column: 2, }, }, }, ), span: Span { start: Position { line: 3, column: 1, }, end: Position { line: 216, column: 2, }, }, }, ), span: Span { start: Position { line: 1, column: 1, }, end: Position { line: 216, column: 2, }, }, }, )