---
Function {
 argument: None,
 arguments: FunctionArguments {
  arguments: [
   FunctionArgument {
    identifier: "pkgs",
    default: None,
   },
   FunctionArgument {
    identifier: "lib",
    default: None,
   },
   FunctionArgument {
    identifier: "config",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: With {
  expression: Variable {
   identifier: "lib",
   position: (3, 6),
  },
  target: LetIn {
   bindings: [
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "cfg",
        position: (6, 3),
       },
      ],
     },
     PropertyAccess {
      expression: Variable {
       identifier: "config",
       position: (6, 9),
      },
      attribute_path: AttributePath {
       attributes: [
        Raw {
         content: "security",
         position: (6, 16),
        },
        Raw {
         content: "audit",
         position: (6, 25),
        },
       ],
      },
      default: None,
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "enabled",
        position: (7, 3),
       },
      ],
     },
     BinaryOperation {
      operator: LogicalOr,
      operands: [
       BinaryOperation {
        operator: EqualTo,
        operands: [
         PropertyAccess {
          expression: Variable {
           identifier: "cfg",
           position: (7, 13),
          },
          attribute_path: AttributePath {
           attributes: [
            Raw {
             content: "enable",
             position: (7, 17),
            },
           ],
          },
          default: None,
         },
         String {
          parts: [
           Raw {
            content: "lock",
            position: (7, 28),
           },
          ],
         },
        ],
        position: (7, 24),
       },
       PropertyAccess {
        expression: Variable {
         identifier: "cfg",
         position: (7, 37),
        },
        attribute_path: AttributePath {
         attributes: [
          Raw {
           content: "enable",
           position: (7, 41),
          },
         ],
        },
        default: None,
       },
      ],
      position: (7, 34),
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "failureModes",
        position: (9, 3),
       },
      ],
     },
     Map {
      bindings: [
       KeyValue(
        AttributePath {
         attributes: [
          Raw {
           content: "silent",
           position: (10, 5),
          },
         ],
        },
        Int {
         value: 0,
         position: (10, 14),
        },
       ),
       KeyValue(
        AttributePath {
         attributes: [
          Raw {
           content: "printk",
           position: (11, 5),
          },
         ],
        },
        Int {
         value: 1,
         position: (11, 14),
        },
       ),
       KeyValue(
        AttributePath {
         attributes: [
          Raw {
           content: "panic",
           position: (12, 5),
          },
         ],
        },
        Int {
         value: 2,
         position: (12, 14),
        },
       ),
      ],
      recursive: false,
      position: (9, 18),
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "disableScript",
        position: (15, 3),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "pkgs",
        position: (15, 19),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "writeScript",
          position: (15, 24),
         },
        ],
       },
       default: None,
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "audit-disable",
          position: (15, 37),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "#!",
          position: (16, 1),
         },
         Expression {
          expression: PropertyAccess {
           expression: Variable {
            identifier: "pkgs",
            position: (16, 9),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "runtimeShell",
              position: (16, 14),
             },
            ],
           },
           default: None,
          },
         },
         Raw {
          content: " -eu\n# Explicitly disable everything, as otherwise journald might start it.\nauditctl -D\nauditctl -e 0 -a task,never\n",
          position: (16, 27),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "startScript",
        position: (25, 3),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "pkgs",
        position: (25, 17),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "writeScript",
          position: (25, 22),
         },
        ],
       },
       default: None,
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "audit-start",
          position: (25, 35),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "#!",
          position: (26, 1),
         },
         Expression {
          expression: PropertyAccess {
           expression: Variable {
            identifier: "pkgs",
            position: (26, 9),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "runtimeShell",
              position: (26, 14),
             },
            ],
           },
           default: None,
          },
         },
         Raw {
          content: " -eu\n# Clear out any rules we may start with\nauditctl -D\n\n# Put the rules in a temporary file owned and only readable by root\nrulesfile=\"$(mktemp)\"\n",
          position: (26, 27),
         },
         Expression {
          expression: FunctionApplication {
           function: Variable {
            identifier: "concatMapStrings",
            position: (32, 7),
           },
           arguments: [
            Function {
             argument: Some(
              "x",
             ),
             arguments: FunctionArguments {
              arguments: [],
              ellipsis: false,
             },
             definition: String {
              parts: [
               Raw {
                content: "echo '",
                position: (32, 29),
               },
               Expression {
                expression: Variable {
                 identifier: "x",
                 position: (32, 37),
                },
               },
               Raw {
                content: "' >> $rulesfile\n",
                position: (32, 39),
               },
              ],
             },
             position: (32, 25),
            },
            PropertyAccess {
             expression: Variable {
              identifier: "cfg",
              position: (32, 59),
             },
             attribute_path: AttributePath {
              attributes: [
               Raw {
                content: "rules",
                position: (32, 63),
               },
              ],
             },
             default: None,
            },
           ],
          },
         },
         Raw {
          content: "\n\n# Apply the requested rules\nauditctl -R \"$rulesfile\"\n\n# Enable and configure auditing\nauditctl \\\n  -e ",
          position: (32, 69),
         },
         Expression {
          expression: IfThenElse {
           predicate: BinaryOperation {
            operator: EqualTo,
            operands: [
             PropertyAccess {
              expression: Variable {
               identifier: "cfg",
               position: (39, 15),
              },
              attribute_path: AttributePath {
               attributes: [
                Raw {
                 content: "enable",
                 position: (39, 19),
                },
               ],
              },
              default: None,
             },
             String {
              parts: [
               Raw {
                content: "lock",
                position: (39, 30),
               },
              ],
             },
            ],
            position: (39, 26),
           },
           then: String {
            parts: [
             Raw {
              content: "2",
              position: (39, 42),
             },
            ],
           },
           else_: String {
            parts: [
             Raw {
              content: "1",
              position: (39, 51),
             },
            ],
           },
           position: (39, 12),
          },
         },
         Raw {
          content: " \\\n  -b ",
          position: (39, 54),
         },
         Expression {
          expression: FunctionApplication {
           function: Variable {
            identifier: "toString",
            position: (40, 12),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "cfg",
              position: (40, 21),
             },
             attribute_path: AttributePath {
              attributes: [
               Raw {
                content: "backlogLimit",
                position: (40, 25),
               },
              ],
             },
             default: None,
            },
           ],
          },
         },
         Raw {
          content: " \\\n  -f ",
          position: (40, 38),
         },
         Expression {
          expression: FunctionApplication {
           function: Variable {
            identifier: "toString",
            position: (41, 12),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "failureModes",
              position: (41, 21),
             },
             attribute_path: AttributePath {
              attributes: [
               Expression {
                expression: PropertyAccess {
                 expression: Variable {
                  identifier: "cfg",
                  position: (41, 36),
                 },
                 attribute_path: AttributePath {
                  attributes: [
                   Raw {
                    content: "failureMode",
                    position: (41, 40),
                   },
                  ],
                 },
                 default: None,
                },
               },
              ],
             },
             default: None,
            },
           ],
          },
         },
         Raw {
          content: " \\\n  -r ",
          position: (41, 53),
         },
         Expression {
          expression: FunctionApplication {
           function: Variable {
            identifier: "toString",
            position: (42, 12),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "cfg",
              position: (42, 21),
             },
             attribute_path: AttributePath {
              attributes: [
               Raw {
                content: "rateLimit",
                position: (42, 25),
               },
              ],
             },
             default: None,
            },
           ],
          },
         },
         Raw {
          content: "\n",
          position: (42, 35),
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "stopScript",
        position: (45, 3),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "pkgs",
        position: (45, 16),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "writeScript",
          position: (45, 21),
         },
        ],
       },
       default: None,
      },
      arguments: [
       String {
        parts: [
         Raw {
          content: "audit-stop",
          position: (45, 34),
         },
        ],
       },
       String {
        parts: [
         Raw {
          content: "#!",
          position: (46, 1),
         },
         Expression {
          expression: PropertyAccess {
           expression: Variable {
            identifier: "pkgs",
            position: (46, 9),
           },
           attribute_path: AttributePath {
            attributes: [
             Raw {
              content: "runtimeShell",
              position: (46, 14),
             },
            ],
           },
           default: None,
          },
         },
         Raw {
          content: " -eu\n# Clear the rules\nauditctl -D\n\n# Disable auditing\nauditctl -e 0\n",
          position: (46, 27),
         },
        ],
       },
      ],
     },
    ),
   ],
   target: Map {
    bindings: [
     KeyValue(
      AttributePath {
       attributes: [
        Raw {
         content: "options",
         position: (54, 3),
        },
       ],
      },
      Map {
       bindings: [
        KeyValue(
         AttributePath {
          attributes: [
           Raw {
            content: "security",
            position: (55, 5),
           },
           Raw {
            content: "audit",
            position: (55, 14),
           },
          ],
         },
         Map {
          bindings: [
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "enable",
               position: (56, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (56, 16),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (57, 9),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "types",
                    position: (57, 23),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "enum",
                      position: (57, 29),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   List {
                    elements: [
                     Variable {
                      identifier: "false",
                      position: (57, 36),
                     },
                     Variable {
                      identifier: "true",
                      position: (57, 42),
                     },
                     String {
                      parts: [
                       Raw {
                        content: "lock",
                        position: (57, 48),
                       },
                      ],
                     },
                    ],
                    position: (57, 34),
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (58, 9),
                   },
                  ],
                 },
                 Variable {
                  identifier: "false",
                  position: (58, 23),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (59, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "Whether to enable the Linux audit system. The special `lock' value can be used to\nenable auditing and prevent disabling it until a restart. Be careful about locking\nthis, as it will prevent you from changing your audit configuration until you\nrestart. If possible, test your configuration using build-vm beforehand.\n",
                    position: (60, 1),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (56, 25),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "failureMode",
               position: (67, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (67, 21),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (68, 9),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "types",
                    position: (68, 23),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "enum",
                      position: (68, 29),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   List {
                    elements: [
                     String {
                      parts: [
                       Raw {
                        content: "silent",
                        position: (68, 37),
                       },
                      ],
                     },
                     String {
                      parts: [
                       Raw {
                        content: "printk",
                        position: (68, 46),
                       },
                      ],
                     },
                     String {
                      parts: [
                       Raw {
                        content: "panic",
                        position: (68, 55),
                       },
                      ],
                     },
                    ],
                    position: (68, 34),
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (69, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "printk",
                    position: (69, 24),
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (70, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "How to handle critical errors in the auditing system",
                    position: (70, 24),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (67, 30),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "backlogLimit",
               position: (73, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (73, 22),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (74, 9),
                   },
                  ],
                 },
                 PropertyAccess {
                  expression: Variable {
                   identifier: "types",
                   position: (74, 23),
                  },
                  attribute_path: AttributePath {
                   attributes: [
                    Raw {
                     content: "int",
                     position: (74, 29),
                    },
                   ],
                  },
                  default: None,
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (75, 9),
                   },
                  ],
                 },
                 Int {
                  value: 64,
                  position: (75, 23),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (76, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "The maximum number of outstanding audit buffers allowed; exceeding this is\nconsidered a failure and handled in a manner specified by failureMode.\n",
                    position: (77, 1),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (73, 31),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "rateLimit",
               position: (82, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (82, 19),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (83, 9),
                   },
                  ],
                 },
                 PropertyAccess {
                  expression: Variable {
                   identifier: "types",
                   position: (83, 23),
                  },
                  attribute_path: AttributePath {
                   attributes: [
                    Raw {
                     content: "int",
                     position: (83, 29),
                    },
                   ],
                  },
                  default: None,
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (84, 9),
                   },
                  ],
                 },
                 Int {
                  value: 0,
                  position: (84, 23),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (85, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "The maximum messages per second permitted before triggering a failure as\nspecified by failureMode. Setting it to zero disables the limit.\n",
                    position: (86, 1),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (82, 28),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "rules",
               position: (91, 7),
              },
             ],
            },
            FunctionApplication {
             function: Variable {
              identifier: "mkOption",
              position: (91, 15),
             },
             arguments: [
              Map {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "type",
                    position: (92, 9),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "types",
                    position: (92, 23),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "listOf",
                      position: (92, 29),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   PropertyAccess {
                    expression: Variable {
                     identifier: "types",
                     position: (92, 36),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "str",
                       position: (92, 42),
                      },
                     ],
                    },
                    default: None,
                   },
                  ],
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "default",
                    position: (93, 9),
                   },
                  ],
                 },
                 List {
                  elements: [],
                  position: (93, 23),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "example",
                    position: (94, 9),
                   },
                  ],
                 },
                 List {
                  elements: [
                   String {
                    parts: [
                     Raw {
                      content: "-a exit,always -F arch=b64 -S execve",
                      position: (94, 26),
                     },
                    ],
                   },
                  ],
                  position: (94, 23),
                 },
                ),
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "description",
                    position: (95, 9),
                   },
                  ],
                 },
                 String {
                  parts: [
                   Raw {
                    content: "The ordered audit rules, with each string appearing as one line of the audit.rules file.\n",
                    position: (96, 1),
                   },
                  ],
                 },
                ),
               ],
               recursive: false,
               position: (91, 24),
              },
             ],
            },
           ),
          ],
          recursive: false,
          position: (55, 22),
         },
        ),
       ],
       recursive: false,
       position: (54, 13),
      },
     ),
     KeyValue(
      AttributePath {
       attributes: [
        Raw {
         content: "config",
         position: (102, 3),
        },
       ],
      },
      Map {
       bindings: [
        KeyValue(
         AttributePath {
          attributes: [
           Raw {
            content: "systemd",
            position: (103, 5),
           },
           Raw {
            content: "services",
            position: (103, 13),
           },
           Raw {
            content: "audit",
            position: (103, 22),
           },
          ],
         },
         Map {
          bindings: [
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "description",
               position: (104, 7),
              },
             ],
            },
            String {
             parts: [
              Raw {
               content: "Kernel Auditing",
               position: (104, 22),
              },
             ],
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "wantedBy",
               position: (105, 7),
              },
             ],
            },
            List {
             elements: [
              String {
               parts: [
                Raw {
                 content: "basic.target",
                 position: (105, 21),
                },
               ],
              },
             ],
             position: (105, 18),
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "unitConfig",
               position: (107, 7),
              },
             ],
            },
            Map {
             bindings: [
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "ConditionVirtualization",
                  position: (108, 9),
                 },
                ],
               },
               String {
                parts: [
                 Raw {
                  content: "!container",
                  position: (108, 36),
                 },
                ],
               },
              ),
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "ConditionSecurity",
                  position: (109, 9),
                 },
                ],
               },
               List {
                elements: [
                 String {
                  parts: [
                   Raw {
                    content: "audit",
                    position: (109, 32),
                   },
                  ],
                 },
                ],
                position: (109, 29),
               },
              ),
             ],
             recursive: false,
             position: (107, 20),
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "path",
               position: (113, 7),
              },
             ],
            },
            List {
             elements: [
              PropertyAccess {
               expression: Variable {
                identifier: "pkgs",
                position: (113, 16),
               },
               attribute_path: AttributePath {
                attributes: [
                 Raw {
                  content: "audit",
                  position: (113, 21),
                 },
                ],
               },
               default: None,
              },
             ],
             position: (113, 14),
            },
           ),
           KeyValue(
            AttributePath {
             attributes: [
              Raw {
               content: "serviceConfig",
               position: (115, 7),
              },
             ],
            },
            Map {
             bindings: [
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "Type",
                  position: (116, 9),
                 },
                ],
               },
               String {
                parts: [
                 Raw {
                  content: "oneshot",
                  position: (116, 17),
                 },
                ],
               },
              ),
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "RemainAfterExit",
                  position: (117, 9),
                 },
                ],
               },
               Variable {
                identifier: "true",
                position: (117, 27),
               },
              ),
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "ExecStart",
                  position: (118, 9),
                 },
                ],
               },
               String {
                parts: [
                 Raw {
                  content: "@",
                  position: (118, 22),
                 },
                 Expression {
                  expression: IfThenElse {
                   predicate: Variable {
                    identifier: "enabled",
                    position: (118, 28),
                   },
                   then: Variable {
                    identifier: "startScript",
                    position: (118, 41),
                   },
                   else_: Variable {
                    identifier: "disableScript",
                    position: (118, 58),
                   },
                   position: (118, 25),
                  },
                 },
                 Raw {
                  content: " audit-start",
                  position: (118, 72),
                 },
                ],
               },
              ),
              KeyValue(
               AttributePath {
                attributes: [
                 Raw {
                  content: "ExecStop",
                  position: (119, 9),
                 },
                ],
               },
               String {
                parts: [
                 Raw {
                  content: "@",
                  position: (119, 22),
                 },
                 Expression {
                  expression: Variable {
                   identifier: "stopScript",
                   position: (119, 25),
                  },
                 },
                 Raw {
                  content: " audit-stop",
                  position: (119, 36),
                 },
                ],
               },
              ),
             ],
             recursive: false,
             position: (115, 23),
            },
           ),
          ],
          recursive: false,
          position: (103, 30),
         },
        ),
       ],
       recursive: false,
       position: (102, 12),
      },
     ),
    ],
    recursive: false,
    position: (53, 4),
   },
   position: (5, 1),
  },
  position: (3, 1),
 },
 position: (1, 1),
}