diff --git a/modules/security/apparmor-suid.nix b/modules/security/apparmor-suid.nix
index 4b3d3bbdc00..b03047ac1f1 100644
--- a/modules/security/apparmor-suid.nix
+++ b/modules/security/apparmor-suid.nix
@@ -20,21 +20,21 @@ with pkgs.lib;
     security.apparmor.profiles = [ (pkgs.writeText "ping" ''
       #include <tunables/global>
       /var/setuid-wrappers/ping {
-	#include <abstractions/base>
-	#include <abstractions/consoles>
-	#include <abstractions/nameservice>
+        #include <abstractions/base>
+        #include <abstractions/consoles>
+        #include <abstractions/nameservice>
 
-	capability net_raw,
-	capability setuid,
-	network inet raw,
+        capability net_raw,
+        capability setuid,
+        network inet raw,
 
-	${pkgs.glibc}/lib/*.so mr,
-	/var/setuid-wrappers/ping.real mixr,
-	${pkgs.iputils}/sbin/ping mixr,
-	#/etc/modules.conf r,
+        ${pkgs.glibc}/lib/*.so mr,
+        /var/setuid-wrappers/ping.real mixr,
+        ${pkgs.iputils}/sbin/ping mixr,
+        #/etc/modules.conf r,
 
-	## Site-specific additions and overrides. See local/README for details.
-	##include <local/bin.ping>
+        ## Site-specific additions and overrides. See local/README for details.
+        ##include <local/bin.ping>
       }
     '') ];
   };
diff --git a/modules/security/apparmor.nix b/modules/security/apparmor.nix
index 51ae40ce326..8aa933e2996 100644
--- a/modules/security/apparmor.nix
+++ b/modules/security/apparmor.nix
@@ -1,8 +1,11 @@
 {pkgs, config, ...}:
+
 let
   cfg = config.security.apparmor;
 in
+
 with pkgs.lib;
+
 {
 
   ###### interface
@@ -14,17 +17,17 @@ with pkgs.lib;
       enable = mkOption {
         default = false;
         description = ''
-          Enable AppArmor application security system. Enable only if you want to further improve 
-AppArmor.
+          Enable AppArmor application security system. Enable only if
+          you want to further improve AppArmor.
         '';
       };
 
       profiles = mkOption {
         default = [];
-	merge = mergeListOption;
+        merge = mergeListOption;
         description = ''
-	  List of file names of AppArmor profiles.
-	'';
+          List of file names of AppArmor profiles.
+        '';
       };
 
     };
@@ -48,8 +51,8 @@ AppArmor.
       path = [ pkgs.apparmor ];
 
       serviceConfig = {
-	Type = "oneshot";
-	RemainAfterExit = "yes";
+        Type = "oneshot";
+        RemainAfterExit = "yes";
         ExecStart = concatMapStrings (profile: ''
           ${pkgs.apparmor}/sbin/apparmor_parser -rKv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
         '') cfg.profiles;