Function( Function { head: Destructured( FunctionHeadDestructured { ellipsis: true, identifier: None, arguments: [ FunctionHeadDestructuredArgument { identifier: "config", default: None, }, FunctionHeadDestructuredArgument { identifier: "lib", default: None, }, FunctionHeadDestructuredArgument { identifier: "pkgs", default: None, }, ], }, ), body: With( With { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 3, column: 6, }, end: Position { line: 3, column: 9, }, }, }, ), target: LetIn( LetIn { bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "cfg", span: Span { start: Position { line: 6, column: 3, }, end: Position { line: 6, column: 6, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "config", span: Span { start: Position { line: 6, column: 9, }, end: Position { line: 6, column: 15, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "services", span: Span { start: Position { line: 6, column: 16, }, end: Position { line: 6, column: 24, }, }, }, ), Raw( PartRaw { content: "libreddit", span: Span { start: Position { line: 6, column: 25, }, end: Position { line: 6, column: 34, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "args", span: Span { start: Position { line: 8, column: 3, }, end: Position { line: 8, column: 7, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "concatStringsSep", span: Span { start: Position { line: 8, column: 10, }, end: Position { line: 8, column: 26, }, }, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: " ", span: Span { start: Position { line: 8, column: 28, }, end: Position { line: 8, column: 29, }, }, }, ), ], span: Span { start: Position { line: 8, column: 27, }, end: Position { line: 8, column: 30, }, }, }, ), List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "--port ", span: Span { start: Position { line: 9, column: 6, }, end: Position { line: 9, column: 33, }, }, }, ), Interpolation( PartInterpolation { expression: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "toString", span: Span { start: Position { line: 9, column: 15, }, end: Position { line: 9, column: 23, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 9, column: 24, }, end: Position { line: 9, column: 27, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 9, column: 28, }, end: Position { line: 9, column: 32, }, }, }, ), ], default: None, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 9, column: 5, }, end: Position { line: 9, column: 34, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "--address ", span: Span { start: Position { line: 10, column: 6, }, end: Position { line: 10, column: 30, }, }, }, ), Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 10, column: 18, }, end: Position { line: 10, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "address", span: Span { start: Position { line: 10, column: 22, }, end: Position { line: 10, column: 29, }, }, }, ), ], default: None, }, ), }, ), ], span: Span { start: Position { line: 10, column: 5, }, end: Position { line: 10, column: 31, }, }, }, ), ], span: Span { start: Position { line: 8, column: 32, }, end: Position { line: 11, column: 4, }, }, }, ), ], }, ), }, ), ], target: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "options", span: Span { start: Position { line: 14, column: 3, }, end: Position { line: 14, column: 10, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "services", span: Span { start: Position { line: 15, column: 5, }, end: Position { line: 15, column: 13, }, }, }, ), Raw( PartRaw { content: "libreddit", span: Span { start: Position { line: 15, column: 14, }, end: Position { line: 15, column: 23, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 16, column: 7, }, end: Position { line: 16, column: 13, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkEnableOption", span: Span { start: Position { line: 16, column: 16, }, end: Position { line: 16, column: 30, }, }, }, ), arguments: [ FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 16, column: 32, }, end: Position { line: 16, column: 35, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 16, column: 36, }, end: Position { line: 16, column: 41, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "Private front-end for Reddit", span: Span { start: Position { line: 16, column: 43, }, end: Position { line: 16, column: 71, }, }, }, ), ], span: Span { start: Position { line: 16, column: 42, }, end: Position { line: 16, column: 72, }, }, }, ), ], }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "address", span: Span { start: Position { line: 18, column: 7, }, end: Position { line: 18, column: 14, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 18, column: 17, }, end: Position { line: 18, column: 25, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 19, column: 9, }, end: Position { line: 19, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "0.0.0.0", span: Span { start: Position { line: 19, column: 20, }, end: Position { line: 19, column: 27, }, }, }, ), ], span: Span { start: Position { line: 19, column: 19, }, end: Position { line: 19, column: 28, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 20, column: 9, }, end: Position { line: 20, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "127.0.0.1", span: Span { start: Position { line: 20, column: 20, }, end: Position { line: 20, column: 29, }, }, }, ), ], span: Span { start: Position { line: 20, column: 19, }, end: Position { line: 20, column: 30, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 21, column: 9, }, end: Position { line: 21, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 21, column: 17, }, end: Position { line: 21, column: 22, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "str", span: Span { start: Position { line: 21, column: 23, }, end: Position { line: 21, column: 26, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 22, column: 9, }, end: Position { line: 22, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 22, column: 23, }, end: Position { line: 22, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 22, column: 27, }, end: Position { line: 22, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The address to listen on", span: Span { start: Position { line: 22, column: 34, }, end: Position { line: 22, column: 58, }, }, }, ), ], span: Span { start: Position { line: 22, column: 33, }, end: Position { line: 22, column: 59, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 18, column: 26, }, end: Position { line: 23, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 25, column: 7, }, end: Position { line: 25, column: 11, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 25, column: 14, }, end: Position { line: 25, column: 22, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 26, column: 9, }, end: Position { line: 26, column: 16, }, }, }, ), ], to: Integer( Integer { value: "8080", span: Span { start: Position { line: 26, column: 19, }, end: Position { line: 26, column: 23, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "example", span: Span { start: Position { line: 27, column: 9, }, end: Position { line: 27, column: 16, }, }, }, ), ], to: Integer( Integer { value: "8000", span: Span { start: Position { line: 27, column: 19, }, end: Position { line: 27, column: 23, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 28, column: 9, }, end: Position { line: 28, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 28, column: 16, }, end: Position { line: 28, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 28, column: 22, }, end: Position { line: 28, column: 26, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 29, column: 9, }, end: Position { line: 29, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 29, column: 23, }, end: Position { line: 29, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 29, column: 27, }, end: Position { line: 29, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "The port to listen on", span: Span { start: Position { line: 29, column: 34, }, end: Position { line: 29, column: 55, }, }, }, ), ], span: Span { start: Position { line: 29, column: 33, }, end: Position { line: 29, column: 56, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 25, column: 23, }, end: Position { line: 30, column: 8, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "openFirewall", span: Span { start: Position { line: 32, column: 7, }, end: Position { line: 32, column: 19, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkOption", span: Span { start: Position { line: 32, column: 22, }, end: Position { line: 32, column: 30, }, }, }, ), arguments: [ Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "type", span: Span { start: Position { line: 33, column: 9, }, end: Position { line: 33, column: 13, }, }, }, ), ], to: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "types", span: Span { start: Position { line: 33, column: 16, }, end: Position { line: 33, column: 21, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "bool", span: Span { start: Position { line: 33, column: 22, }, end: Position { line: 33, column: 26, }, }, }, ), ], default: None, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "default", span: Span { start: Position { line: 34, column: 9, }, end: Position { line: 34, column: 16, }, }, }, ), ], to: Identifier( Identifier { id: "false", span: Span { start: Position { line: 34, column: 19, }, end: Position { line: 34, column: 24, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 35, column: 9, }, end: Position { line: 35, column: 20, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 35, column: 23, }, end: Position { line: 35, column: 26, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mdDoc", span: Span { start: Position { line: 35, column: 27, }, end: Position { line: 35, column: 32, }, }, }, ), ], default: None, }, ), arguments: [ String( String_ { parts: [ Raw( PartRaw { content: "Open ports in the firewall for the libreddit web interface", span: Span { start: Position { line: 35, column: 34, }, end: Position { line: 35, column: 92, }, }, }, ), ], span: Span { start: Position { line: 35, column: 33, }, end: Position { line: 35, column: 93, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 32, column: 31, }, end: Position { line: 36, column: 8, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 15, column: 26, }, end: Position { line: 38, column: 6, }, }, }, ), }, ), ], span: Span { start: Position { line: 14, column: 13, }, end: Position { line: 39, column: 4, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "config", span: Span { start: Position { line: 41, column: 3, }, end: Position { line: 41, column: 9, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkIf", span: Span { start: Position { line: 41, column: 12, }, end: Position { line: 41, column: 16, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 41, column: 17, }, end: Position { line: 41, column: 20, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "enable", span: Span { start: Position { line: 41, column: 21, }, end: Position { line: 41, column: 27, }, }, }, ), ], default: None, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "systemd", span: Span { start: Position { line: 42, column: 5, }, end: Position { line: 42, column: 12, }, }, }, ), Raw( PartRaw { content: "services", span: Span { start: Position { line: 42, column: 13, }, end: Position { line: 42, column: 21, }, }, }, ), Raw( PartRaw { content: "libreddit", span: Span { start: Position { line: 42, column: 22, }, end: Position { line: 42, column: 31, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "description", span: Span { start: Position { line: 43, column: 9, }, end: Position { line: 43, column: 20, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "Private front-end for Reddit", span: Span { start: Position { line: 43, column: 24, }, end: Position { line: 43, column: 52, }, }, }, ), ], span: Span { start: Position { line: 43, column: 23, }, end: Position { line: 43, column: 53, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "wantedBy", span: Span { start: Position { line: 44, column: 9, }, end: Position { line: 44, column: 17, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "multi-user.target", span: Span { start: Position { line: 44, column: 23, }, end: Position { line: 44, column: 40, }, }, }, ), ], span: Span { start: Position { line: 44, column: 22, }, end: Position { line: 44, column: 41, }, }, }, ), ], span: Span { start: Position { line: 44, column: 20, }, end: Position { line: 44, column: 43, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "after", span: Span { start: Position { line: 45, column: 9, }, end: Position { line: 45, column: 14, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "network.target", span: Span { start: Position { line: 45, column: 20, }, end: Position { line: 45, column: 34, }, }, }, ), ], span: Span { start: Position { line: 45, column: 19, }, end: Position { line: 45, column: 35, }, }, }, ), ], span: Span { start: Position { line: 45, column: 17, }, end: Position { line: 45, column: 37, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "serviceConfig", span: Span { start: Position { line: 46, column: 9, }, end: Position { line: 46, column: 22, }, }, }, ), ], to: Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "DynamicUser", span: Span { start: Position { line: 47, column: 11, }, end: Position { line: 47, column: 22, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 47, column: 25, }, end: Position { line: 47, column: 29, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ExecStart", span: Span { start: Position { line: 48, column: 11, }, end: Position { line: 48, column: 20, }, }, }, ), ], to: String( String_ { parts: [ Interpolation( PartInterpolation { expression: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "pkgs", span: Span { start: Position { line: 48, column: 26, }, end: Position { line: 48, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "libreddit", span: Span { start: Position { line: 48, column: 31, }, end: Position { line: 48, column: 40, }, }, }, ), ], default: None, }, ), }, ), Raw( PartRaw { content: "/bin/libreddit ", span: Span { start: Position { line: 48, column: 24, }, end: Position { line: 48, column: 56, }, }, }, ), Interpolation( PartInterpolation { expression: Identifier( Identifier { id: "args", span: Span { start: Position { line: 48, column: 58, }, end: Position { line: 48, column: 62, }, }, }, ), }, ), ], span: Span { start: Position { line: 48, column: 23, }, end: Position { line: 48, column: 64, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "AmbientCapabilities", span: Span { start: Position { line: 49, column: 11, }, end: Position { line: 49, column: 30, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "lib", span: Span { start: Position { line: 49, column: 33, }, end: Position { line: 49, column: 36, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "mkIf", span: Span { start: Position { line: 49, column: 37, }, end: Position { line: 49, column: 41, }, }, }, ), ], default: None, }, ), arguments: [ BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 49, column: 43, }, end: Position { line: 49, column: 46, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 49, column: 47, }, end: Position { line: 49, column: 51, }, }, }, ), ], default: None, }, ), operator: LessThan, right: Integer( Integer { value: "1024", span: Span { start: Position { line: 49, column: 54, }, end: Position { line: 49, column: 58, }, }, }, ), }, ), List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "CAP_NET_BIND_SERVICE", span: Span { start: Position { line: 49, column: 63, }, end: Position { line: 49, column: 83, }, }, }, ), ], span: Span { start: Position { line: 49, column: 62, }, end: Position { line: 49, column: 84, }, }, }, ), ], span: Span { start: Position { line: 49, column: 60, }, end: Position { line: 49, column: 86, }, }, }, ), ], }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "Restart", span: Span { start: Position { line: 50, column: 11, }, end: Position { line: 50, column: 18, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "on-failure", span: Span { start: Position { line: 50, column: 22, }, end: Position { line: 50, column: 32, }, }, }, ), ], span: Span { start: Position { line: 50, column: 21, }, end: Position { line: 50, column: 33, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RestartSec", span: Span { start: Position { line: 51, column: 11, }, end: Position { line: 51, column: 21, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "2s", span: Span { start: Position { line: 51, column: 25, }, end: Position { line: 51, column: 27, }, }, }, ), ], span: Span { start: Position { line: 51, column: 24, }, end: Position { line: 51, column: 28, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "CapabilityBoundingSet", span: Span { start: Position { line: 53, column: 11, }, end: Position { line: 53, column: 32, }, }, }, ), ], to: IfThenElse( IfThenElse { predicate: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 53, column: 39, }, end: Position { line: 53, column: 42, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 53, column: 43, }, end: Position { line: 53, column: 47, }, }, }, ), ], default: None, }, ), operator: LessThan, right: Integer( Integer { value: "1024", span: Span { start: Position { line: 53, column: 50, }, end: Position { line: 53, column: 54, }, }, }, ), }, ), then: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "CAP_NET_BIND_SERVICE", span: Span { start: Position { line: 53, column: 64, }, end: Position { line: 53, column: 84, }, }, }, ), ], span: Span { start: Position { line: 53, column: 63, }, end: Position { line: 53, column: 85, }, }, }, ), ], span: Span { start: Position { line: 53, column: 61, }, end: Position { line: 53, column: 87, }, }, }, ), else_: List( List { elements: [ String( String_ { parts: [], span: Span { start: Position { line: 53, column: 95, }, end: Position { line: 53, column: 97, }, }, }, ), ], span: Span { start: Position { line: 53, column: 93, }, end: Position { line: 53, column: 99, }, }, }, ), span: Span { start: Position { line: 53, column: 35, }, end: Position { line: 53, column: 99, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "DeviceAllow", span: Span { start: Position { line: 54, column: 11, }, end: Position { line: 54, column: 22, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [], span: Span { start: Position { line: 54, column: 27, }, end: Position { line: 54, column: 29, }, }, }, ), ], span: Span { start: Position { line: 54, column: 25, }, end: Position { line: 54, column: 31, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "LockPersonality", span: Span { start: Position { line: 55, column: 11, }, end: Position { line: 55, column: 26, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 55, column: 29, }, end: Position { line: 55, column: 33, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "MemoryDenyWriteExecute", span: Span { start: Position { line: 56, column: 11, }, end: Position { line: 56, column: 33, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 56, column: 36, }, end: Position { line: 56, column: 40, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "PrivateDevices", span: Span { start: Position { line: 57, column: 11, }, end: Position { line: 57, column: 25, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 57, column: 28, }, end: Position { line: 57, column: 32, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "PrivateUsers", span: Span { start: Position { line: 60, column: 11, }, end: Position { line: 60, column: 23, }, }, }, ), ], to: BinaryOperation( BinaryOperation { left: PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 60, column: 27, }, end: Position { line: 60, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 60, column: 31, }, end: Position { line: 60, column: 35, }, }, }, ), ], default: None, }, ), operator: GreaterThanOrEqualTo, right: Integer( Integer { value: "1024", span: Span { start: Position { line: 60, column: 39, }, end: Position { line: 60, column: 43, }, }, }, ), }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProcSubset", span: Span { start: Position { line: 61, column: 11, }, end: Position { line: 61, column: 21, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "pid", span: Span { start: Position { line: 61, column: 25, }, end: Position { line: 61, column: 28, }, }, }, ), ], span: Span { start: Position { line: 61, column: 24, }, end: Position { line: 61, column: 29, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectClock", span: Span { start: Position { line: 62, column: 11, }, end: Position { line: 62, column: 23, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 62, column: 26, }, end: Position { line: 62, column: 30, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectControlGroups", span: Span { start: Position { line: 63, column: 11, }, end: Position { line: 63, column: 31, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 63, column: 34, }, end: Position { line: 63, column: 38, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectHome", span: Span { start: Position { line: 64, column: 11, }, end: Position { line: 64, column: 22, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 64, column: 25, }, end: Position { line: 64, column: 29, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectHostname", span: Span { start: Position { line: 65, column: 11, }, end: Position { line: 65, column: 26, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 65, column: 29, }, end: Position { line: 65, column: 33, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectKernelLogs", span: Span { start: Position { line: 66, column: 11, }, end: Position { line: 66, column: 28, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 66, column: 31, }, end: Position { line: 66, column: 35, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectKernelModules", span: Span { start: Position { line: 67, column: 11, }, end: Position { line: 67, column: 31, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 67, column: 34, }, end: Position { line: 67, column: 38, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectKernelTunables", span: Span { start: Position { line: 68, column: 11, }, end: Position { line: 68, column: 32, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 68, column: 35, }, end: Position { line: 68, column: 39, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "ProtectProc", span: Span { start: Position { line: 69, column: 11, }, end: Position { line: 69, column: 22, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "invisible", span: Span { start: Position { line: 69, column: 26, }, end: Position { line: 69, column: 35, }, }, }, ), ], span: Span { start: Position { line: 69, column: 25, }, end: Position { line: 69, column: 36, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RestrictAddressFamilies", span: Span { start: Position { line: 70, column: 11, }, end: Position { line: 70, column: 34, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "AF_INET", span: Span { start: Position { line: 70, column: 40, }, end: Position { line: 70, column: 47, }, }, }, ), ], span: Span { start: Position { line: 70, column: 39, }, end: Position { line: 70, column: 48, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "AF_INET6", span: Span { start: Position { line: 70, column: 50, }, end: Position { line: 70, column: 58, }, }, }, ), ], span: Span { start: Position { line: 70, column: 49, }, end: Position { line: 70, column: 59, }, }, }, ), ], span: Span { start: Position { line: 70, column: 37, }, end: Position { line: 70, column: 61, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RestrictNamespaces", span: Span { start: Position { line: 71, column: 11, }, end: Position { line: 71, column: 29, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 71, column: 32, }, end: Position { line: 71, column: 36, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RestrictRealtime", span: Span { start: Position { line: 72, column: 11, }, end: Position { line: 72, column: 27, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 72, column: 30, }, end: Position { line: 72, column: 34, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "RestrictSUIDSGID", span: Span { start: Position { line: 73, column: 11, }, end: Position { line: 73, column: 27, }, }, }, ), ], to: Identifier( Identifier { id: "true", span: Span { start: Position { line: 73, column: 30, }, end: Position { line: 73, column: 34, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "SystemCallArchitectures", span: Span { start: Position { line: 74, column: 11, }, end: Position { line: 74, column: 34, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "native", span: Span { start: Position { line: 74, column: 38, }, end: Position { line: 74, column: 44, }, }, }, ), ], span: Span { start: Position { line: 74, column: 37, }, end: Position { line: 74, column: 45, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "SystemCallFilter", span: Span { start: Position { line: 75, column: 11, }, end: Position { line: 75, column: 27, }, }, }, ), ], to: List( List { elements: [ String( String_ { parts: [ Raw( PartRaw { content: "@system-service", span: Span { start: Position { line: 75, column: 33, }, end: Position { line: 75, column: 48, }, }, }, ), ], span: Span { start: Position { line: 75, column: 32, }, end: Position { line: 75, column: 49, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "~@privileged", span: Span { start: Position { line: 75, column: 51, }, end: Position { line: 75, column: 63, }, }, }, ), ], span: Span { start: Position { line: 75, column: 50, }, end: Position { line: 75, column: 64, }, }, }, ), String( String_ { parts: [ Raw( PartRaw { content: "~@resources", span: Span { start: Position { line: 75, column: 66, }, end: Position { line: 75, column: 77, }, }, }, ), ], span: Span { start: Position { line: 75, column: 65, }, end: Position { line: 75, column: 78, }, }, }, ), ], span: Span { start: Position { line: 75, column: 30, }, end: Position { line: 75, column: 80, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "UMask", span: Span { start: Position { line: 76, column: 11, }, end: Position { line: 76, column: 16, }, }, }, ), ], to: String( String_ { parts: [ Raw( PartRaw { content: "0077", span: Span { start: Position { line: 76, column: 20, }, end: Position { line: 76, column: 24, }, }, }, ), ], span: Span { start: Position { line: 76, column: 19, }, end: Position { line: 76, column: 25, }, }, }, ), }, ), ], span: Span { start: Position { line: 46, column: 25, }, end: Position { line: 77, column: 10, }, }, }, ), }, ), ], span: Span { start: Position { line: 42, column: 34, }, end: Position { line: 78, column: 6, }, }, }, ), }, ), KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "networking", span: Span { start: Position { line: 80, column: 5, }, end: Position { line: 80, column: 15, }, }, }, ), Raw( PartRaw { content: "firewall", span: Span { start: Position { line: 80, column: 16, }, end: Position { line: 80, column: 24, }, }, }, ), ], to: FunctionApplication( FunctionApplication { function: Identifier( Identifier { id: "mkIf", span: Span { start: Position { line: 80, column: 27, }, end: Position { line: 80, column: 31, }, }, }, ), arguments: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 80, column: 32, }, end: Position { line: 80, column: 35, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "openFirewall", span: Span { start: Position { line: 80, column: 36, }, end: Position { line: 80, column: 48, }, }, }, ), ], default: None, }, ), Map( Map { recursive: false, bindings: [ KeyValue( BindingKeyValue { from: [ Raw( PartRaw { content: "allowedTCPPorts", span: Span { start: Position { line: 81, column: 7, }, end: Position { line: 81, column: 22, }, }, }, ), ], to: List( List { elements: [ PropertyAccess( PropertyAccess { expression: Identifier( Identifier { id: "cfg", span: Span { start: Position { line: 81, column: 27, }, end: Position { line: 81, column: 30, }, }, }, ), attribute_path: [ Raw( PartRaw { content: "port", span: Span { start: Position { line: 81, column: 31, }, end: Position { line: 81, column: 35, }, }, }, ), ], default: None, }, ), ], span: Span { start: Position { line: 81, column: 25, }, end: Position { line: 81, column: 37, }, }, }, ), }, ), ], span: Span { start: Position { line: 80, column: 49, }, end: Position { line: 82, column: 6, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 41, column: 28, }, end: Position { line: 83, column: 4, }, }, }, ), ], }, ), }, ), ], span: Span { start: Position { line: 13, column: 1, }, end: Position { line: 84, column: 2, }, }, }, ), span: Span { start: Position { line: 5, column: 1, }, end: Position { line: 84, column: 2, }, }, }, ), span: Span { start: Position { line: 3, column: 1, }, end: Position { line: 84, column: 2, }, }, }, ), span: Span { start: Position { line: 1, column: 1, }, end: Position { line: 84, column: 2, }, }, }, )