From f824dad19aa3605d0178a3121bfcba9bda8a4ddb Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sun, 28 Apr 2019 14:22:19 +0200
Subject: [PATCH] nixos/apparmor: order before sysinit.target

Otherwise, profiles may be loaded way too late in the init process.
---
 nixos/modules/security/apparmor.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
index d323a158a4d..fdff85774a2 100644
--- a/nixos/modules/security/apparmor.nix
+++ b/nixos/modules/security/apparmor.nix
@@ -33,7 +33,12 @@ in
        paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
          ([ pkgs.apparmor-profiles ] ++ cfg.packages);
      in {
-       wantedBy = [ "local-fs.target" ];
+       after = [ "local-fs.target" ];
+       before = [ "sysinit.target" ];
+       wantedBy = [ "multi-user.target" ];
+       unitConfig = {
+         DefaultDependencies = "no";
+       };
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = "yes";