biboumi: add service

[sourcephile-nix.git] / nixos / modules / virtualisation / lxc.nix

diff --git a/nixos/modules/virtualisation/lxc.nix b/nixos/modules/virtualisation/lxc.nix
index db1aeab2bc5a2f20c9433844c5cd74920abee0af..a2f4a9867c615cd5f7ff8612314effea54eebcdc 100644 (file)
--- a/nixos/modules/virtualisation/lxc.nix
+++ b/nixos/modules/virtualisation/lxc.nix
@@ -73,16 +73,14 @@ in
     environment.etc."lxc/default.conf".text = cfg.defaultConfig;
     systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
 
-    security.apparmor = {
-      profiles = {
-        "bin.lxc-start" = ''
-          #include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start
-        '';
-        "lxc-containers" = ''
-          #include ${pkgs.lxc}/etc/apparmor.d/lxc-containers
-        '';
-      };
-      includes = [ (pkgs.lxc+"/etc/apparmor.d") ];
+    security.apparmor.packages = [ pkgs.lxc ];
+    security.apparmor.policies = {
+      "bin/lxc-start".profile = ''
+        #include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start
+      '';
+      "lxc-containers".profile = ''
+        #include ${pkgs.lxc}/etc/apparmor.d/lxc-containers
+      '';
     };
   };
 }