---
Function {
 argument: None,
 arguments: FunctionArguments {
  arguments: [
   FunctionArgument {
    identifier: "pkgs",
    default: None,
   },
   FunctionArgument {
    identifier: "lib",
    default: None,
   },
   FunctionArgument {
    identifier: "config",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: With {
  expression: Variable {
   identifier: "lib",
   position: (11, 6),
  },
  target: Map {
   bindings: [
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "meta",
        position: (14, 3),
       },
      ],
     },
     Map {
      bindings: [
       KeyValue(
        AttributePath {
         attributes: [
          Raw {
           content: "maintainers",
           position: (15, 5),
          },
         ],
        },
        List {
         elements: [
          PropertyAccess {
           expression: Variable {
            identifier: "maintainers",
            position: (15, 21),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "joachifm",
              position: (15, 33),
             },
            ],
           },
           default: None,
          },
          PropertyAccess {
           expression: Variable {
            identifier: "maintainers",
            position: (15, 42),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "emily",
              position: (15, 54),
             },
            ],
           },
           default: None,
          },
         ],
         position: (15, 19),
        },
       ),
      ],
      recursive: false,
      position: (14, 10),
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (18, 3),
       },
       Raw {
        content: "kernelPackages",
        position: (18, 8),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (18, 25),
      },
      arguments: [
       PropertyAccess {
        expression: Variable {
         identifier: "pkgs",
         position: (18, 35),
        },
        attribute_path: AttributePath {
         attributes: [
          Raw {
           content: "linuxPackages_hardened",
           position: (18, 40),
          },
         ],
        },
        default: None,
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "nix",
        position: (20, 3),
       },
       Raw {
        content: "settings",
        position: (20, 7),
       },
       Raw {
        content: "allowed-users",
        position: (20, 16),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (20, 32),
      },
      arguments: [
       List {
        elements: [
         String {
          parts: [
           Raw {
            content: "@users",
            position: (20, 45),
           },
          ],
         },
        ],
        position: (20, 42),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "environment",
        position: (22, 3),
       },
       Raw {
        content: "memoryAllocator",
        position: (22, 15),
       },
       Raw {
        content: "provider",
        position: (22, 31),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (22, 42),
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "scudo",
          position: (22, 53),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "environment",
        position: (23, 3),
       },
       Raw {
        content: "variables",
        position: (23, 15),
       },
       Raw {
        content: "SCUDO_OPTIONS",
        position: (23, 25),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (23, 41),
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "ZeroContents=1",
          position: (23, 52),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (25, 3),
       },
       Raw {
        content: "lockKernelModules",
        position: (25, 12),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (25, 32),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (25, 42),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (27, 3),
       },
       Raw {
        content: "protectKernelImage",
        position: (27, 12),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (27, 33),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (27, 43),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (29, 3),
       },
       Raw {
        content: "allowSimultaneousMultithreading",
        position: (29, 12),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (29, 46),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (29, 56),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (31, 3),
       },
       Raw {
        content: "forcePageTableIsolation",
        position: (31, 12),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (31, 38),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (31, 48),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (34, 3),
       },
       Raw {
        content: "unprivilegedUsernsClone",
        position: (34, 12),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (34, 38),
      },
      arguments: [
       PropertyAccess {
        expression: Variable {
         identifier: "config",
         position: (34, 48),
        },
        attribute_path: AttributePath {
         attributes: [
          Raw {
           content: "virtualisation",
           position: (34, 55),
          },
          Raw {
           content: "containers",
           position: (34, 70),
          },
          Raw {
           content: "enable",
           position: (34, 81),
          },
         ],
        },
        default: None,
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (36, 3),
       },
       Raw {
        content: "virtualisation",
        position: (36, 12),
       },
       Raw {
        content: "flushL1DataCache",
        position: (36, 27),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (36, 46),
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "always",
          position: (36, 57),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (38, 3),
       },
       Raw {
        content: "apparmor",
        position: (38, 12),
       },
       Raw {
        content: "enable",
        position: (38, 21),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (38, 30),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (38, 40),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "security",
        position: (39, 3),
       },
       Raw {
        content: "apparmor",
        position: (39, 12),
       },
       Raw {
        content: "killUnconfinedConfinables",
        position: (39, 21),
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (39, 49),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (39, 59),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (41, 3),
       },
       Raw {
        content: "kernelParams",
        position: (41, 8),
       },
      ],
     },
     List {
      elements: [
       String {
        parts: [
         Raw {
          content: "slub_debug=FZP",
          position: (43, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "page_poison=1",
          position: (46, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "page_alloc.shuffle=1",
          position: (49, 6),
         },
        ],
       },
      ],
      position: (41, 23),
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (52, 3),
       },
       Raw {
        content: "blacklistedKernelModules",
        position: (52, 8),
       },
      ],
     },
     List {
      elements: [
       String {
        parts: [
         Raw {
          content: "ax25",
          position: (54, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "netrom",
          position: (55, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "rose",
          position: (56, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "adfs",
          position: (59, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "affs",
          position: (60, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "bfs",
          position: (61, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "befs",
          position: (62, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "cramfs",
          position: (63, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "efs",
          position: (64, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "erofs",
          position: (65, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "exofs",
          position: (66, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "freevxfs",
          position: (67, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "f2fs",
          position: (68, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "hfs",
          position: (69, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "hpfs",
          position: (70, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "jfs",
          position: (71, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "minix",
          position: (72, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "nilfs2",
          position: (73, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "ntfs",
          position: (74, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "omfs",
          position: (75, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "qnx4",
          position: (76, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "qnx6",
          position: (77, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "sysv",
          position: (78, 6),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "ufs",
          position: (79, 6),
         },
        ],
       },
      ],
      position: (52, 35),
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (84, 3),
       },
       Raw {
        content: "kernel",
        position: (84, 8),
       },
       Raw {
        content: "sysctl",
        position: (84, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "kernel.yama.ptrace_scope",
           position: (84, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkOverride",
       position: (84, 51),
      },
      arguments: [
       Int {
        value: 500,
        position: (84, 62),
       },
       Int {
        value: 1,
        position: (84, 66),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (87, 3),
       },
       Raw {
        content: "kernel",
        position: (87, 8),
       },
       Raw {
        content: "sysctl",
        position: (87, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "kernel.kptr_restrict",
           position: (87, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkOverride",
       position: (87, 47),
      },
      arguments: [
       Int {
        value: 500,
        position: (87, 58),
       },
       Int {
        value: 2,
        position: (87, 62),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (90, 3),
       },
       Raw {
        content: "kernel",
        position: (90, 8),
       },
       Raw {
        content: "sysctl",
        position: (90, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.core.bpf_jit_enable",
           position: (90, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (90, 50),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (90, 60),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (93, 3),
       },
       Raw {
        content: "kernel",
        position: (93, 8),
       },
       Raw {
        content: "sysctl",
        position: (93, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "kernel.ftrace_enabled",
           position: (93, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (93, 48),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (93, 58),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (98, 3),
       },
       Raw {
        content: "kernel",
        position: (98, 8),
       },
       Raw {
        content: "sysctl",
        position: (98, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.all.log_martians",
           position: (98, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (98, 57),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (98, 67),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (99, 3),
       },
       Raw {
        content: "kernel",
        position: (99, 8),
       },
       Raw {
        content: "sysctl",
        position: (99, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.all.rp_filter",
           position: (99, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (99, 54),
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "1",
          position: (99, 65),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (100, 3),
       },
       Raw {
        content: "kernel",
        position: (100, 8),
       },
       Raw {
        content: "sysctl",
        position: (100, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.default.log_martians",
           position: (100, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (100, 61),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (100, 71),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (101, 3),
       },
       Raw {
        content: "kernel",
        position: (101, 8),
       },
       Raw {
        content: "sysctl",
        position: (101, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.default.rp_filter",
           position: (101, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (101, 58),
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "1",
          position: (101, 69),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (104, 3),
       },
       Raw {
        content: "kernel",
        position: (104, 8),
       },
       Raw {
        content: "sysctl",
        position: (104, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.icmp_echo_ignore_broadcasts",
           position: (104, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (104, 63),
      },
      arguments: [
       Variable {
        identifier: "true",
        position: (104, 73),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (108, 3),
       },
       Raw {
        content: "kernel",
        position: (108, 8),
       },
       Raw {
        content: "sysctl",
        position: (108, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.all.accept_redirects",
           position: (108, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (108, 61),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (108, 71),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (109, 3),
       },
       Raw {
        content: "kernel",
        position: (109, 8),
       },
       Raw {
        content: "sysctl",
        position: (109, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.all.secure_redirects",
           position: (109, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (109, 61),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (109, 71),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (110, 3),
       },
       Raw {
        content: "kernel",
        position: (110, 8),
       },
       Raw {
        content: "sysctl",
        position: (110, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.default.accept_redirects",
           position: (110, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (110, 65),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (110, 75),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (111, 3),
       },
       Raw {
        content: "kernel",
        position: (111, 8),
       },
       Raw {
        content: "sysctl",
        position: (111, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.default.secure_redirects",
           position: (111, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (111, 65),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (111, 75),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (112, 3),
       },
       Raw {
        content: "kernel",
        position: (112, 8),
       },
       Raw {
        content: "sysctl",
        position: (112, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv6.conf.all.accept_redirects",
           position: (112, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (112, 61),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (112, 71),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (113, 3),
       },
       Raw {
        content: "kernel",
        position: (113, 8),
       },
       Raw {
        content: "sysctl",
        position: (113, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv6.conf.default.accept_redirects",
           position: (113, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (113, 65),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (113, 75),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (116, 3),
       },
       Raw {
        content: "kernel",
        position: (116, 8),
       },
       Raw {
        content: "sysctl",
        position: (116, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.all.send_redirects",
           position: (116, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (116, 59),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (116, 69),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "boot",
        position: (117, 3),
       },
       Raw {
        content: "kernel",
        position: (117, 8),
       },
       Raw {
        content: "sysctl",
        position: (117, 15),
       },
       Expression {
        expression: String {
         parts: [
          Raw {
           content: "net.ipv4.conf.default.send_redirects",
           position: (117, 23),
          },
         ],
        },
       },
      ],
     },
     FunctionApplication {
      function: Variable {
       identifier: "mkDefault",
       position: (117, 63),
      },
      arguments: [
       Variable {
        identifier: "false",
        position: (117, 73),
       },
      ],
     },
    ),
   ],
   recursive: false,
   position: (13, 1),
  },
  position: (11, 1),
 },
 position: (9, 1),
}