---
Function {
 argument: None,
 arguments: FunctionArguments {
  arguments: [
   FunctionArgument {
    identifier: "utils",
    default: None,
   },
   FunctionArgument {
    identifier: "lib",
    default: None,
   },
   FunctionArgument {
    identifier: "pkgs",
    default: None,
   },
   FunctionArgument {
    identifier: "config",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: LetIn {
  bindings: [
   KeyValue(
    AttributePath {
     attributes: [
      Raw {
       content: "toplevelConfig",
       position: (4, 3),
      },
     ],
    },
    Variable {
     identifier: "config",
     position: (4, 20),
    },
   ),
   Inherit(
    Some(
     Variable {
      identifier: "lib",
      position: (5, 12),
     },
    ),
    [
     Raw {
      content: "types",
      position: (5, 17),
     },
    ],
   ),
   Inherit(
    Some(
     PropertyAccess {
      expression: Variable {
       identifier: "utils",
       position: (6, 12),
      },
      attribute_path: AttributePath {
       attributes: [
        Raw {
         content: "systemdUtils",
         position: (6, 18),
        },
        Raw {
         content: "lib",
         position: (6, 31),
        },
       ],
      },
      default: None,
     },
    ),
    [
     Raw {
      content: "mkPathSafeName",
      position: (6, 36),
     },
    ],
   ),
  ],
  target: Map {
   bindings: [
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "options",
        position: (8, 3),
       },
       Raw {
        content: "systemd",
        position: (8, 11),
       },
       Raw {
        content: "services",
        position: (8, 19),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "lib",
        position: (8, 30),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "mkOption",
          position: (8, 34),
         },
        ],
       },
       default: None,
      },
      arguments: [
       Map {
        bindings: [
         KeyValue(
          AttributePath {
           attributes: [
            Raw {
             content: "type",
             position: (9, 5),
            },
           ],
          },
          FunctionApplication {
           function: PropertyAccess {
            expression: Variable {
             identifier: "types",
             position: (9, 12),
            },
            attribute_path: AttributePath {
             attributes: [
              Raw {
               content: "attrsOf",
               position: (9, 18),
              },
             ],
            },
            default: None,
           },
           arguments: [
            FunctionApplication {
             function: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (9, 27),
              },
              attribute_path: AttributePath {
               attributes: [
                Raw {
                 content: "submodule",
                 position: (9, 33),
                },
               ],
              },
              default: None,
             },
             arguments: [
              Function {
               argument: None,
               arguments: FunctionArguments {
                arguments: [
                 FunctionArgument {
                  identifier: "config",
                  default: None,
                 },
                 FunctionArgument {
                  identifier: "name",
                  default: None,
                 },
                ],
                ellipsis: true,
               },
               definition: Map {
                bindings: [
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "options",
                     position: (10, 7),
                    },
                    Raw {
                     content: "confinement",
                     position: (10, 15),
                    },
                    Raw {
                     content: "enable",
                     position: (10, 27),
                    },
                   ],
                  },
                  FunctionApplication {
                   function: PropertyAccess {
                    expression: Variable {
                     identifier: "lib",
                     position: (10, 36),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "mkOption",
                       position: (10, 40),
                      },
                     ],
                    },
                    default: None,
                   },
                   arguments: [
                    Map {
                     bindings: [
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "type",
                          position: (11, 9),
                         },
                        ],
                       },
                       PropertyAccess {
                        expression: Variable {
                         identifier: "types",
                         position: (11, 16),
                        },
                        attribute_path: AttributePath {
                         attributes: [
                          Raw {
                           content: "bool",
                           position: (11, 22),
                          },
                         ],
                        },
                        default: None,
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "default",
                          position: (12, 9),
                         },
                        ],
                       },
                       Variable {
                        identifier: "false",
                        position: (12, 19),
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "description",
                          position: (13, 9),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: "If set, all the required runtime store paths for this service are\nbind-mounted into a <literal>tmpfs</literal>-based <citerefentry>\n  <refentrytitle>chroot</refentrytitle>\n  <manvolnum>2</manvolnum>\n</citerefentry>.\n",
                          position: (14, 1),
                         },
                        ],
                       },
                      ),
                     ],
                     recursive: false,
                     position: (10, 49),
                    },
                   ],
                  },
                 ),
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "options",
                     position: (22, 7),
                    },
                    Raw {
                     content: "confinement",
                     position: (22, 15),
                    },
                    Raw {
                     content: "fullUnit",
                     position: (22, 27),
                    },
                   ],
                  },
                  FunctionApplication {
                   function: PropertyAccess {
                    expression: Variable {
                     identifier: "lib",
                     position: (22, 38),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "mkOption",
                       position: (22, 42),
                      },
                     ],
                    },
                    default: None,
                   },
                   arguments: [
                    Map {
                     bindings: [
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "type",
                          position: (23, 9),
                         },
                        ],
                       },
                       PropertyAccess {
                        expression: Variable {
                         identifier: "types",
                         position: (23, 16),
                        },
                        attribute_path: AttributePath {
                         attributes: [
                          Raw {
                           content: "bool",
                           position: (23, 22),
                          },
                         ],
                        },
                        default: None,
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "default",
                          position: (24, 9),
                         },
                        ],
                       },
                       Variable {
                        identifier: "false",
                        position: (24, 19),
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "description",
                          position: (25, 9),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: "Whether to include the full closure of the systemd unit file into the\nchroot, instead of just the dependencies for the executables.\n\n<warning><para>While it may be tempting to just enable this option to\nmake things work quickly, please be aware that this might add paths\nto the closure of the chroot that you didn't anticipate. It's better\nto use <option>confinement.packages</option> to <emphasis\nrole=\"strong\">explicitly</emphasis> add additional store paths to the\nchroot.</para></warning>\n",
                          position: (26, 1),
                         },
                        ],
                       },
                      ),
                     ],
                     recursive: false,
                     position: (22, 51),
                    },
                   ],
                  },
                 ),
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "options",
                     position: (38, 7),
                    },
                    Raw {
                     content: "confinement",
                     position: (38, 15),
                    },
                    Raw {
                     content: "packages",
                     position: (38, 27),
                    },
                   ],
                  },
                  FunctionApplication {
                   function: PropertyAccess {
                    expression: Variable {
                     identifier: "lib",
                     position: (38, 38),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "mkOption",
                       position: (38, 42),
                      },
                     ],
                    },
                    default: None,
                   },
                   arguments: [
                    Map {
                     bindings: [
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "type",
                          position: (39, 9),
                         },
                        ],
                       },
                       FunctionApplication {
                        function: PropertyAccess {
                         expression: Variable {
                          identifier: "types",
                          position: (39, 16),
                         },
                         attribute_path: AttributePath {
                          attributes: [
                           Raw {
                            content: "listOf",
                            position: (39, 22),
                           },
                          ],
                         },
                         default: None,
                        },
                        arguments: [
                         FunctionApplication {
                          function: PropertyAccess {
                           expression: Variable {
                            identifier: "types",
                            position: (39, 30),
                           },
                           attribute_path: AttributePath {
                            attributes: [
                             Raw {
                              content: "either",
                              position: (39, 36),
                             },
                            ],
                           },
                           default: None,
                          },
                          arguments: [
                           PropertyAccess {
                            expression: Variable {
                             identifier: "types",
                             position: (39, 43),
                            },
                            attribute_path: AttributePath {
                             attributes: [
                              Raw {
                               content: "str",
                               position: (39, 49),
                              },
                             ],
                            },
                            default: None,
                           },
                           PropertyAccess {
                            expression: Variable {
                             identifier: "types",
                             position: (39, 53),
                            },
                            attribute_path: AttributePath {
                             attributes: [
                              Raw {
                               content: "package",
                               position: (39, 59),
                              },
                             ],
                            },
                            default: None,
                           },
                          ],
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "default",
                          position: (40, 9),
                         },
                        ],
                       },
                       List {
                        elements: [],
                        position: (40, 19),
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "description",
                          position: (41, 9),
                         },
                        ],
                       },
                       LetIn {
                        bindings: [
                         KeyValue(
                          AttributePath {
                           attributes: [
                            Raw {
                             content: "mkScOption",
                             position: (42, 11),
                            },
                           ],
                          },
                          Function {
                           argument: Some(
                            "optName",
                           ),
                           arguments: FunctionArguments {
                            arguments: [],
                            ellipsis: false,
                           },
                           definition: String {
                            parts: [
                             Raw {
                              content: "<option>serviceConfig.",
                              position: (42, 34),
                             },
                             Expression {
                              expression: Variable {
                               identifier: "optName",
                               position: (42, 58),
                              },
                             },
                             Raw {
                              content: "</option>",
                              position: (42, 66),
                             },
                            ],
                           },
                           position: (42, 24),
                          },
                         ),
                        ],
                        target: String {
                         parts: [
                          Raw {
                           content: "Additional packages or strings with context to add to the closure of\nthe chroot. By default, this includes all the packages from the\n",
                           position: (44, 1),
                          },
                          Expression {
                           expression: FunctionApplication {
                            function: PropertyAccess {
                             expression: Variable {
                              identifier: "lib",
                              position: (46, 13),
                             },
                             attribute_path: AttributePath {
                              attributes: [
                               Raw {
                                content: "concatMapStringsSep",
                                position: (46, 17),
                               },
                              ],
                             },
                             default: None,
                            },
                            arguments: [
                             String {
                              parts: [
                               Raw {
                                content: ", ",
                                position: (46, 38),
                               },
                              ],
                             },
                             Variable {
                              identifier: "mkScOption",
                              position: (46, 42),
                             },
                             List {
                              elements: [
                               String {
                                parts: [
                                 Raw {
                                  content: "ExecReload",
                                  position: (47, 14),
                                 },
                                ],
                               },
                               String {
                                parts: [
                                 Raw {
                                  content: "ExecStartPost",
                                  position: (47, 27),
                                 },
                                ],
                               },
                               String {
                                parts: [
                                 Raw {
                                  content: "ExecStartPre",
                                  position: (47, 43),
                                 },
                                ],
                               },
                               String {
                                parts: [
                                 Raw {
                                  content: "ExecStop",
                                  position: (47, 58),
                                 },
                                ],
                               },
                               String {
                                parts: [
                                 Raw {
                                  content: "ExecStopPost",
                                  position: (48, 14),
                                 },
                                ],
                               },
                              ],
                              position: (46, 53),
                             },
                            ],
                           },
                          },
                          Raw {
                           content: " and ",
                           position: (49, 13),
                          },
                          Expression {
                           expression: FunctionApplication {
                            function: Variable {
                             identifier: "mkScOption",
                             position: (49, 20),
                            },
                            arguments: [
                             String {
                              parts: [
                               Raw {
                                content: "ExecStart",
                                position: (49, 32),
                               },
                              ],
                             },
                            ],
                           },
                          },
                          Raw {
                           content: " options. If you want to have all the\ndependencies of this systemd unit, you can use\n<option>confinement.fullUnit</option>.\n\n<note><para>The store paths listed in <option>path</option> are\n<emphasis role=\"strong\">not</emphasis> included in the closure as\nwell as paths from other options except those listed\nabove.</para></note>\n",
                           position: (49, 43),
                          },
                         ],
                        },
                        position: (41, 23),
                       },
                      ),
                     ],
                     recursive: false,
                     position: (38, 51),
                    },
                   ],
                  },
                 ),
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "options",
                     position: (60, 7),
                    },
                    Raw {
                     content: "confinement",
                     position: (60, 15),
                    },
                    Raw {
                     content: "binSh",
                     position: (60, 27),
                    },
                   ],
                  },
                  FunctionApplication {
                   function: PropertyAccess {
                    expression: Variable {
                     identifier: "lib",
                     position: (60, 35),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "mkOption",
                       position: (60, 39),
                      },
                     ],
                    },
                    default: None,
                   },
                   arguments: [
                    Map {
                     bindings: [
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "type",
                          position: (61, 9),
                         },
                        ],
                       },
                       FunctionApplication {
                        function: PropertyAccess {
                         expression: Variable {
                          identifier: "types",
                          position: (61, 16),
                         },
                         attribute_path: AttributePath {
                          attributes: [
                           Raw {
                            content: "nullOr",
                            position: (61, 22),
                           },
                          ],
                         },
                         default: None,
                        },
                        arguments: [
                         PropertyAccess {
                          expression: Variable {
                           identifier: "types",
                           position: (61, 29),
                          },
                          attribute_path: AttributePath {
                           attributes: [
                            Raw {
                             content: "path",
                             position: (61, 35),
                            },
                           ],
                          },
                          default: None,
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "default",
                          position: (62, 9),
                         },
                        ],
                       },
                       PropertyAccess {
                        expression: Variable {
                         identifier: "toplevelConfig",
                         position: (62, 19),
                        },
                        attribute_path: AttributePath {
                         attributes: [
                          Raw {
                           content: "environment",
                           position: (62, 34),
                          },
                          Raw {
                           content: "binsh",
                           position: (62, 46),
                          },
                         ],
                        },
                        default: None,
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "defaultText",
                          position: (63, 9),
                         },
                        ],
                       },
                       FunctionApplication {
                        function: PropertyAccess {
                         expression: Variable {
                          identifier: "lib",
                          position: (63, 23),
                         },
                         attribute_path: AttributePath {
                          attributes: [
                           Raw {
                            content: "literalExpression",
                            position: (63, 27),
                           },
                          ],
                         },
                         default: None,
                        },
                        arguments: [
                         String {
                          parts: [
                           Raw {
                            content: "config.environment.binsh",
                            position: (63, 46),
                           },
                          ],
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "example",
                          position: (64, 9),
                         },
                        ],
                       },
                       FunctionApplication {
                        function: PropertyAccess {
                         expression: Variable {
                          identifier: "lib",
                          position: (64, 19),
                         },
                         attribute_path: AttributePath {
                          attributes: [
                           Raw {
                            content: "literalExpression",
                            position: (64, 23),
                           },
                          ],
                         },
                         default: None,
                        },
                        arguments: [
                         String {
                          parts: [
                           Raw {
                            content: "\"",
                            position: (64, 43),
                           },
                           Raw {
                            content: "$",
                            position: (64, 44),
                           },
                           Raw {
                            content: "{pkgs.dash}/bin/dash\"",
                            position: (64, 47),
                           },
                          ],
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "description",
                          position: (65, 9),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: "The program to make available as <filename>/bin/sh</filename> inside\nthe chroot. If this is set to <literal>null</literal>, no\n<filename>/bin/sh</filename> is provided at all.\n\nThis is useful for some applications, which for example use the\n<citerefentry>\n  <refentrytitle>system</refentrytitle>\n  <manvolnum>3</manvolnum>\n</citerefentry> library function to execute commands.\n",
                          position: (66, 1),
                         },
                        ],
                       },
                      ),
                     ],
                     recursive: false,
                     position: (60, 48),
                    },
                   ],
                  },
                 ),
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "options",
                     position: (78, 7),
                    },
                    Raw {
                     content: "confinement",
                     position: (78, 15),
                    },
                    Raw {
                     content: "mode",
                     position: (78, 27),
                    },
                   ],
                  },
                  FunctionApplication {
                   function: PropertyAccess {
                    expression: Variable {
                     identifier: "lib",
                     position: (78, 34),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "mkOption",
                       position: (78, 38),
                      },
                     ],
                    },
                    default: None,
                   },
                   arguments: [
                    Map {
                     bindings: [
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "type",
                          position: (79, 9),
                         },
                        ],
                       },
                       FunctionApplication {
                        function: PropertyAccess {
                         expression: Variable {
                          identifier: "types",
                          position: (79, 16),
                         },
                         attribute_path: AttributePath {
                          attributes: [
                           Raw {
                            content: "enum",
                            position: (79, 22),
                           },
                          ],
                         },
                         default: None,
                        },
                        arguments: [
                         List {
                          elements: [
                           String {
                            parts: [
                             Raw {
                              content: "full-apivfs",
                              position: (79, 30),
                             },
                            ],
                           },
                           String {
                            parts: [
                             Raw {
                              content: "chroot-only",
                              position: (79, 44),
                             },
                            ],
                           },
                          ],
                          position: (79, 27),
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "default",
                          position: (80, 9),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: "full-apivfs",
                          position: (80, 20),
                         },
                        ],
                       },
                      ),
                      KeyValue(
                       AttributePath {
                        attributes: [
                         Raw {
                          content: "description",
                          position: (81, 9),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: "The value <literal>full-apivfs</literal> (the default) sets up\nprivate <filename class=\"directory\">/dev</filename>, <filename\nclass=\"directory\">/proc</filename>, <filename\nclass=\"directory\">/sys</filename> and <filename\nclass=\"directory\">/tmp</filename> file systems in a separate user\nname space.\n\nIf this is set to <literal>chroot-only</literal>, only the file\nsystem name space is set up along with the call to <citerefentry>\n  <refentrytitle>chroot</refentrytitle>\n  <manvolnum>2</manvolnum>\n</citerefentry>.\n\n<note><para>This doesn't cover network namespaces and is solely for\nfile system level isolation.</para></note>\n",
                          position: (82, 1),
                         },
                        ],
                       },
                      ),
                     ],
                     recursive: false,
                     position: (78, 47),
                    },
                   ],
                  },
                 ),
                 KeyValue(
                  AttributePath {
                   attributes: [
                    Raw {
                     content: "config",
                     position: (100, 7),
                    },
                   ],
                  },
                  LetIn {
                   bindings: [
                    KeyValue(
                     AttributePath {
                      attributes: [
                       Raw {
                        content: "rootName",
                        position: (101, 9),
                       },
                      ],
                     },
                     String {
                      parts: [
                       Expression {
                        expression: FunctionApplication {
                         function: Variable {
                          identifier: "mkPathSafeName",
                          position: (101, 23),
                         },
                         arguments: [
                          Variable {
                           identifier: "name",
                           position: (101, 38),
                          },
                         ],
                        },
                       },
                       Raw {
                        content: "-chroot",
                        position: (101, 43),
                       },
                      ],
                     },
                    ),
                    Inherit(
                     Some(
                      PropertyAccess {
                       expression: Variable {
                        identifier: "config",
                        position: (102, 18),
                       },
                       attribute_path: AttributePath {
                        attributes: [
                         Raw {
                          content: "confinement",
                          position: (102, 25),
                         },
                        ],
                       },
                       default: None,
                      },
                     ),
                     [
                      Raw {
                       content: "binSh",
                       position: (102, 38),
                      },
                      Raw {
                       content: "fullUnit",
                       position: (102, 44),
                      },
                     ],
                    ),
                    KeyValue(
                     AttributePath {
                      attributes: [
                       Raw {
                        content: "wantsAPIVFS",
                        position: (103, 9),
                       },
                      ],
                     },
                     FunctionApplication {
                      function: PropertyAccess {
                       expression: Variable {
                        identifier: "lib",
                        position: (103, 23),
                       },
                       attribute_path: AttributePath {
                        attributes: [
                         Raw {
                          content: "mkDefault",
                          position: (103, 27),
                         },
                        ],
                       },
                       default: None,
                      },
                      arguments: [
                       BinaryOperation {
                        operator: EqualTo,
                        operands: [
                         PropertyAccess {
                          expression: Variable {
                           identifier: "config",
                           position: (103, 38),
                          },
                          attribute_path: AttributePath {
                           attributes: [
                            Raw {
                             content: "confinement",
                             position: (103, 45),
                            },
                            Raw {
                             content: "mode",
                             position: (103, 57),
                            },
                           ],
                          },
                          default: None,
                         },
                         String {
                          parts: [
                           Raw {
                            content: "full-apivfs",
                            position: (103, 66),
                           },
                          ],
                         },
                        ],
                        position: (103, 62),
                       },
                      ],
                     },
                    ),
                   ],
                   target: FunctionApplication {
                    function: PropertyAccess {
                     expression: Variable {
                      identifier: "lib",
                      position: (104, 10),
                     },
                     attribute_path: AttributePath {
                      attributes: [
                       Raw {
                        content: "mkIf",
                        position: (104, 14),
                       },
                      ],
                     },
                     default: None,
                    },
                    arguments: [
                     PropertyAccess {
                      expression: Variable {
                       identifier: "config",
                       position: (104, 19),
                      },
                      attribute_path: AttributePath {
                       attributes: [
                        Raw {
                         content: "confinement",
                         position: (104, 26),
                        },
                        Raw {
                         content: "enable",
                         position: (104, 38),
                        },
                       ],
                      },
                      default: None,
                     },
                     Map {
                      bindings: [
                       KeyValue(
                        AttributePath {
                         attributes: [
                          Raw {
                           content: "serviceConfig",
                           position: (105, 9),
                          },
                         ],
                        },
                        Map {
                         bindings: [
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "RootDirectory",
                              position: (106, 11),
                             },
                            ],
                           },
                           String {
                            parts: [
                             Raw {
                              content: "/var/empty",
                              position: (106, 28),
                             },
                            ],
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "TemporaryFileSystem",
                              position: (107, 11),
                             },
                            ],
                           },
                           String {
                            parts: [
                             Raw {
                              content: "/",
                              position: (107, 34),
                             },
                            ],
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "PrivateMounts",
                              position: (108, 11),
                             },
                            ],
                           },
                           FunctionApplication {
                            function: PropertyAccess {
                             expression: Variable {
                              identifier: "lib",
                              position: (108, 27),
                             },
                             attribute_path: AttributePath {
                              attributes: [
                               Raw {
                                content: "mkDefault",
                                position: (108, 31),
                               },
                              ],
                             },
                             default: None,
                            },
                            arguments: [
                             Variable {
                              identifier: "true",
                              position: (108, 41),
                             },
                            ],
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "MountAPIVFS",
                              position: (121, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (121, 25),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "PrivateDevices",
                              position: (122, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (122, 28),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "PrivateTmp",
                              position: (123, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (123, 24),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "PrivateUsers",
                              position: (124, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (124, 26),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "ProtectControlGroups",
                              position: (125, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (125, 34),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "ProtectKernelModules",
                              position: (126, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (126, 34),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "ProtectKernelTunables",
                              position: (127, 11),
                             },
                            ],
                           },
                           Variable {
                            identifier: "wantsAPIVFS",
                            position: (127, 35),
                           },
                          ),
                         ],
                         recursive: false,
                         position: (105, 25),
                        },
                       ),
                       KeyValue(
                        AttributePath {
                         attributes: [
                          Raw {
                           content: "confinement",
                           position: (129, 9),
                          },
                          Raw {
                           content: "packages",
                           position: (129, 21),
                          },
                         ],
                        },
                        LetIn {
                         bindings: [
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "execOpts",
                              position: (130, 11),
                             },
                            ],
                           },
                           List {
                            elements: [
                             String {
                              parts: [
                               Raw {
                                content: "ExecReload",
                                position: (131, 14),
                               },
                              ],
                             },
                             String {
                              parts: [
                               Raw {
                                content: "ExecStart",
                                position: (131, 27),
                               },
                              ],
                             },
                             String {
                              parts: [
                               Raw {
                                content: "ExecStartPost",
                                position: (131, 39),
                               },
                              ],
                             },
                             String {
                              parts: [
                               Raw {
                                content: "ExecStartPre",
                                position: (131, 55),
                               },
                              ],
                             },
                             String {
                              parts: [
                               Raw {
                                content: "ExecStop",
                                position: (131, 70),
                               },
                              ],
                             },
                             String {
                              parts: [
                               Raw {
                                content: "ExecStopPost",
                                position: (132, 14),
                               },
                              ],
                             },
                            ],
                            position: (130, 22),
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "execPkgs",
                              position: (134, 11),
                             },
                            ],
                           },
                           FunctionApplication {
                            function: PropertyAccess {
                             expression: Variable {
                              identifier: "lib",
                              position: (134, 22),
                             },
                             attribute_path: AttributePath {
                              attributes: [
                               Raw {
                                content: "concatMap",
                                position: (134, 26),
                               },
                              ],
                             },
                             default: None,
                            },
                            arguments: [
                             Function {
                              argument: Some(
                               "opt",
                              ),
                              arguments: FunctionArguments {
                               arguments: [],
                               ellipsis: false,
                              },
                              definition: LetIn {
                               bindings: [
                                KeyValue(
                                 AttributePath {
                                  attributes: [
                                   Raw {
                                    content: "isSet",
                                    position: (135, 13),
                                   },
                                  ],
                                 },
                                 HasProperty {
                                  expression: PropertyAccess {
                                   expression: Variable {
                                    identifier: "config",
                                    position: (135, 21),
                                   },
                                   attribute_path: AttributePath {
                                    attributes: [
                                     Raw {
                                      content: "serviceConfig",
                                      position: (135, 28),
                                     },
                                    ],
                                   },
                                   default: None,
                                  },
                                  attribute_path: AttributePath {
                                   attributes: [
                                    Expression {
                                     expression: Variable {
                                      identifier: "opt",
                                      position: (135, 46),
                                     },
                                    },
                                   ],
                                  },
                                  position: (135, 42),
                                 },
                                ),
                               ],
                               target: FunctionApplication {
                                function: PropertyAccess {
                                 expression: Variable {
                                  identifier: "lib",
                                  position: (136, 14),
                                 },
                                 attribute_path: AttributePath {
                                  attributes: [
                                   Raw {
                                    content: "flatten",
                                    position: (136, 18),
                                   },
                                  ],
                                 },
                                 default: None,
                                },
                                arguments: [
                                 FunctionApplication {
                                  function: PropertyAccess {
                                   expression: Variable {
                                    identifier: "lib",
                                    position: (136, 27),
                                   },
                                   attribute_path: AttributePath {
                                    attributes: [
                                     Raw {
                                      content: "optional",
                                      position: (136, 31),
                                     },
                                    ],
                                   },
                                   default: None,
                                  },
                                  arguments: [
                                   Variable {
                                    identifier: "isSet",
                                    position: (136, 40),
                                   },
                                   PropertyAccess {
                                    expression: Variable {
                                     identifier: "config",
                                     position: (136, 46),
                                    },
                                    attribute_path: AttributePath {
                                     attributes: [
                                      Raw {
                                       content: "serviceConfig",
                                       position: (136, 53),
                                      },
                                      Expression {
                                       expression: Variable {
                                        identifier: "opt",
                                        position: (136, 69),
                                       },
                                      },
                                     ],
                                    },
                                    default: None,
                                   },
                                  ],
                                 },
                                ],
                               },
                               position: (134, 42),
                              },
                              position: (134, 37),
                             },
                             Variable {
                              identifier: "execOpts",
                              position: (136, 76),
                             },
                            ],
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "unitAttrs",
                              position: (137, 11),
                             },
                            ],
                           },
                           PropertyAccess {
                            expression: Variable {
                             identifier: "toplevelConfig",
                             position: (137, 23),
                            },
                            attribute_path: AttributePath {
                             attributes: [
                              Raw {
                               content: "systemd",
                               position: (137, 38),
                              },
                              Raw {
                               content: "units",
                               position: (137, 46),
                              },
                              Expression {
                               expression: String {
                                parts: [
                                 Expression {
                                  expression: Variable {
                                   identifier: "name",
                                   position: (137, 55),
                                  },
                                 },
                                 Raw {
                                  content: ".service",
                                  position: (137, 60),
                                 },
                                ],
                               },
                              },
                             ],
                            },
                            default: None,
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "allPkgs",
                              position: (138, 11),
                             },
                            ],
                           },
                           FunctionApplication {
                            function: PropertyAccess {
                             expression: Variable {
                              identifier: "lib",
                              position: (138, 21),
                             },
                             attribute_path: AttributePath {
                              attributes: [
                               Raw {
                                content: "singleton",
                                position: (138, 25),
                               },
                              ],
                             },
                             default: None,
                            },
                            arguments: [
                             FunctionApplication {
                              function: PropertyAccess {
                               expression: Variable {
                                identifier: "builtins",
                                position: (138, 36),
                               },
                               attribute_path: AttributePath {
                                attributes: [
                                 Raw {
                                  content: "toJSON",
                                  position: (138, 45),
                                 },
                                ],
                               },
                               default: None,
                              },
                              arguments: [
                               Variable {
                                identifier: "unitAttrs",
                                position: (138, 52),
                               },
                              ],
                             },
                            ],
                           },
                          ),
                          KeyValue(
                           AttributePath {
                            attributes: [
                             Raw {
                              content: "unitPkgs",
                              position: (139, 11),
                             },
                            ],
                           },
                           IfThenElse {
                            predicate: Variable {
                             identifier: "fullUnit",
                             position: (139, 25),
                            },
                            then: Variable {
                             identifier: "allPkgs",
                             position: (139, 39),
                            },
                            else_: Variable {
                             identifier: "execPkgs",
                             position: (139, 52),
                            },
                            position: (139, 22),
                           },
                          ),
                         ],
                         target: BinaryOperation {
                          operator: Concatenation,
                          operands: [
                           Variable {
                            identifier: "unitPkgs",
                            position: (140, 12),
                           },
                           FunctionApplication {
                            function: PropertyAccess {
                             expression: Variable {
                              identifier: "lib",
                              position: (140, 24),
                             },
                             attribute_path: AttributePath {
                              attributes: [
                               Raw {
                                content: "optional",
                                position: (140, 28),
                               },
                              ],
                             },
                             default: None,
                            },
                            arguments: [
                             BinaryOperation {
                              operator: NotEqualTo,
                              operands: [
                               Variable {
                                identifier: "binSh",
                                position: (140, 38),
                               },
                               Variable {
                                identifier: "null",
                                position: (140, 47),
                               },
                              ],
                              position: (140, 44),
                             },
                             Variable {
                              identifier: "binSh",
                              position: (140, 53),
                             },
                            ],
                           },
                          ],
                          position: (140, 21),
                         },
                         position: (129, 32),
                        },
                       ),
                      ],
                      recursive: false,
                      position: (104, 45),
                     },
                    ],
                   },
                   position: (100, 16),
                  },
                 ),
                ],
                recursive: false,
                position: (9, 67),
               },
               position: (9, 44),
              },
             ],
            },
           ],
          },
         ),
        ],
        recursive: false,
        position: (8, 43),
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "config",
        position: (145, 3),
       },
       Raw {
        content: "assertions",
        position: (145, 10),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "lib",
        position: (145, 23),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "concatLists",
          position: (145, 27),
         },
        ],
       },
       default: None,
      },
      arguments: [
       FunctionApplication {
        function: PropertyAccess {
         expression: Variable {
          identifier: "lib",
          position: (145, 40),
         },
         attribute_path: AttributePath {
          attributes: [
           Raw {
            content: "mapAttrsToList",
            position: (145, 44),
           },
          ],
         },
         default: None,
        },
        arguments: [
         Function {
          argument: Some(
           "name",
          ),
          arguments: FunctionArguments {
           arguments: [],
           ellipsis: false,
          },
          definition: Function {
           argument: Some(
            "cfg",
           ),
           arguments: FunctionArguments {
            arguments: [],
            ellipsis: false,
           },
           definition: LetIn {
            bindings: [
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "whatOpt",
                 position: (146, 5),
                },
               ],
              },
              Function {
               argument: Some(
                "optName",
               ),
               arguments: FunctionArguments {
                arguments: [],
                ellipsis: false,
               },
               definition: BinaryOperation {
                operator: Addition,
                operands: [
                 BinaryOperation {
                  operator: Addition,
                  operands: [
                   String {
                    parts: [
                     Raw {
                      content: "The 'serviceConfig' option '",
                      position: (146, 25),
                     },
                     Expression {
                      expression: Variable {
                       identifier: "optName",
                       position: (146, 55),
                      },
                     },
                     Raw {
                      content: "' for",
                      position: (146, 63),
                     },
                    ],
                   },
                   String {
                    parts: [
                     Raw {
                      content: " service '",
                      position: (147, 24),
                     },
                     Expression {
                      expression: Variable {
                       identifier: "name",
                       position: (147, 36),
                      },
                     },
                     Raw {
                      content: "' is enabled in conjunction with",
                      position: (147, 41),
                     },
                    ],
                   },
                  ],
                  position: (147, 21),
                 },
                 String {
                  parts: [
                   Raw {
                    content: " 'confinement.enable'",
                    position: (148, 24),
                   },
                  ],
                 },
                ],
                position: (148, 21),
               },
               position: (146, 15),
              },
             ),
            ],
            target: FunctionApplication {
             function: PropertyAccess {
              expression: Variable {
               identifier: "lib",
               position: (149, 6),
              },
              attribute_path: AttributePath {
               attributes: [
                Raw {
                 content: "optionals",
                 position: (149, 10),
                },
               ],
              },
              default: None,
             },
             arguments: [
              PropertyAccess {
               expression: Variable {
                identifier: "cfg",
                position: (149, 20),
               },
               attribute_path: AttributePath {
                attributes: [
                 Raw {
                  content: "confinement",
                  position: (149, 24),
                 },
                 Raw {
                  content: "enable",
                  position: (149, 36),
                 },
                ],
               },
               default: None,
              },
              List {
               elements: [
                Map {
                 bindings: [
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "assertion",
                      position: (150, 7),
                     },
                    ],
                   },
                   UnaryOperation {
                    operator: Not,
                    operand: PropertyAccess {
                     expression: Variable {
                      identifier: "cfg",
                      position: (150, 20),
                     },
                     attribute_path: AttributePath {
                      attributes: [
                       Raw {
                        content: "serviceConfig",
                        position: (150, 24),
                       },
                       Raw {
                        content: "RootDirectoryStartOnly",
                        position: (150, 38),
                       },
                      ],
                     },
                     default: Some(
                      Variable {
                       identifier: "false",
                       position: (150, 64),
                      },
                     ),
                    },
                    position: (150, 19),
                   },
                  ),
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "message",
                      position: (151, 7),
                     },
                    ],
                   },
                   BinaryOperation {
                    operator: Addition,
                    operands: [
                     BinaryOperation {
                      operator: Addition,
                      operands: [
                       BinaryOperation {
                        operator: Addition,
                        operands: [
                         String {
                          parts: [
                           Expression {
                            expression: FunctionApplication {
                             function: Variable {
                              identifier: "whatOpt",
                              position: (151, 20),
                             },
                             arguments: [
                              String {
                               parts: [
                                Raw {
                                 content: "RootDirectoryStartOnly",
                                 position: (151, 29),
                                },
                               ],
                              },
                             ],
                            },
                           },
                           Raw {
                            content: ", but right now systemd",
                            position: (151, 53),
                           },
                          ],
                         },
                         String {
                          parts: [
                           Raw {
                            content: " doesn't support restricting bind-mounts to 'ExecStart'.",
                            position: (152, 18),
                           },
                          ],
                         },
                        ],
                        position: (152, 15),
                       },
                       String {
                        parts: [
                         Raw {
                          content: " Please either define a separate service or find a way to run",
                          position: (153, 18),
                         },
                        ],
                       },
                      ],
                      position: (153, 15),
                     },
                     String {
                      parts: [
                       Raw {
                        content: " commands other than ExecStart within the chroot.",
                        position: (154, 18),
                       },
                      ],
                     },
                    ],
                    position: (154, 15),
                   },
                  ),
                 ],
                 recursive: false,
                 position: (150, 5),
                },
                Map {
                 bindings: [
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "assertion",
                      position: (156, 7),
                     },
                    ],
                   },
                   UnaryOperation {
                    operator: Not,
                    operand: PropertyAccess {
                     expression: Variable {
                      identifier: "cfg",
                      position: (156, 20),
                     },
                     attribute_path: AttributePath {
                      attributes: [
                       Raw {
                        content: "serviceConfig",
                        position: (156, 24),
                       },
                       Raw {
                        content: "DynamicUser",
                        position: (156, 38),
                       },
                      ],
                     },
                     default: Some(
                      Variable {
                       identifier: "false",
                       position: (156, 53),
                      },
                     ),
                    },
                    position: (156, 19),
                   },
                  ),
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "message",
                      position: (157, 7),
                     },
                    ],
                   },
                   BinaryOperation {
                    operator: Addition,
                    operands: [
                     BinaryOperation {
                      operator: Addition,
                      operands: [
                       String {
                        parts: [
                         Expression {
                          expression: FunctionApplication {
                           function: Variable {
                            identifier: "whatOpt",
                            position: (157, 20),
                           },
                           arguments: [
                            String {
                             parts: [
                              Raw {
                               content: "DynamicUser",
                               position: (157, 29),
                              },
                             ],
                            },
                           ],
                          },
                         },
                         Raw {
                          content: ". Please create a dedicated user via",
                          position: (157, 42),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: " the 'users.users' option instead as this combination is",
                          position: (158, 18),
                         },
                        ],
                       },
                      ],
                      position: (158, 15),
                     },
                     String {
                      parts: [
                       Raw {
                        content: " currently not supported.",
                        position: (159, 18),
                       },
                      ],
                     },
                    ],
                    position: (159, 15),
                   },
                  ),
                 ],
                 recursive: false,
                 position: (156, 5),
                },
                Map {
                 bindings: [
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "assertion",
                      position: (161, 7),
                     },
                    ],
                   },
                   BinaryOperation {
                    operator: Implication,
                    operands: [
                     HasProperty {
                      expression: PropertyAccess {
                       expression: Variable {
                        identifier: "cfg",
                        position: (161, 19),
                       },
                       attribute_path: AttributePath {
                        attributes: [
                         Raw {
                          content: "serviceConfig",
                          position: (161, 23),
                         },
                        ],
                       },
                       default: None,
                      },
                      attribute_path: AttributePath {
                       attributes: [
                        Raw {
                         content: "ProtectSystem",
                         position: (161, 39),
                        },
                       ],
                      },
                      position: (161, 37),
                     },
                     BinaryOperation {
                      operator: EqualTo,
                      operands: [
                       PropertyAccess {
                        expression: Variable {
                         identifier: "cfg",
                         position: (161, 56),
                        },
                        attribute_path: AttributePath {
                         attributes: [
                          Raw {
                           content: "serviceConfig",
                           position: (161, 60),
                          },
                          Raw {
                           content: "ProtectSystem",
                           position: (161, 74),
                          },
                         ],
                        },
                        default: None,
                       },
                       Variable {
                        identifier: "false",
                        position: (161, 91),
                       },
                      ],
                      position: (161, 88),
                     },
                    ],
                    position: (161, 53),
                   },
                  ),
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "message",
                      position: (162, 7),
                     },
                    ],
                   },
                   BinaryOperation {
                    operator: Addition,
                    operands: [
                     BinaryOperation {
                      operator: Addition,
                      operands: [
                       String {
                        parts: [
                         Expression {
                          expression: FunctionApplication {
                           function: Variable {
                            identifier: "whatOpt",
                            position: (162, 20),
                           },
                           arguments: [
                            String {
                             parts: [
                              Raw {
                               content: "ProtectSystem",
                               position: (162, 29),
                              },
                             ],
                            },
                           ],
                          },
                         },
                         Raw {
                          content: ". ProtectSystem is not compatible",
                          position: (162, 44),
                         },
                        ],
                       },
                       String {
                        parts: [
                         Raw {
                          content: " with service confinement as it fails to remount /usr within",
                          position: (163, 18),
                         },
                        ],
                       },
                      ],
                      position: (163, 15),
                     },
                     String {
                      parts: [
                       Raw {
                        content: " our chroot. Please disable the option.",
                        position: (164, 18),
                       },
                      ],
                     },
                    ],
                    position: (164, 15),
                   },
                  ),
                 ],
                 recursive: false,
                 position: (161, 5),
                },
               ],
               position: (149, 43),
              },
             ],
            },
            position: (145, 71),
           },
           position: (145, 66),
          },
          position: (145, 60),
         },
         PropertyAccess {
          expression: Variable {
           identifier: "config",
           position: (166, 6),
          },
          attribute_path: AttributePath {
           attributes: [
            Raw {
             content: "systemd",
             position: (166, 13),
            },
            Raw {
             content: "services",
             position: (166, 21),
            },
           ],
          },
          default: None,
         },
        ],
       },
      ],
     },
    ),
    KeyValue(
     AttributePath {
      attributes: [
       Raw {
        content: "config",
        position: (168, 3),
       },
       Raw {
        content: "systemd",
        position: (168, 10),
       },
       Raw {
        content: "packages",
        position: (168, 18),
       },
      ],
     },
     FunctionApplication {
      function: PropertyAccess {
       expression: Variable {
        identifier: "lib",
        position: (168, 29),
       },
       attribute_path: AttributePath {
        attributes: [
         Raw {
          content: "concatLists",
          position: (168, 33),
         },
        ],
       },
       default: None,
      },
      arguments: [
       FunctionApplication {
        function: PropertyAccess {
         expression: Variable {
          identifier: "lib",
          position: (168, 46),
         },
         attribute_path: AttributePath {
          attributes: [
           Raw {
            content: "mapAttrsToList",
            position: (168, 50),
           },
          ],
         },
         default: None,
        },
        arguments: [
         Function {
          argument: Some(
           "name",
          ),
          arguments: FunctionArguments {
           arguments: [],
           ellipsis: false,
          },
          definition: Function {
           argument: Some(
            "cfg",
           ),
           arguments: FunctionArguments {
            arguments: [],
            ellipsis: false,
           },
           definition: LetIn {
            bindings: [
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "rootPaths",
                 position: (169, 5),
                },
               ],
              },
              LetIn {
               bindings: [
                KeyValue(
                 AttributePath {
                  attributes: [
                   Raw {
                    content: "contents",
                    position: (170, 7),
                   },
                  ],
                 },
                 FunctionApplication {
                  function: PropertyAccess {
                   expression: Variable {
                    identifier: "lib",
                    position: (170, 18),
                   },
                   attribute_path: AttributePath {
                    attributes: [
                     Raw {
                      content: "concatStringsSep",
                      position: (170, 22),
                     },
                    ],
                   },
                   default: None,
                  },
                  arguments: [
                   String {
                    parts: [
                     Raw {
                      content: "\n",
                      position: (170, 40),
                     },
                    ],
                   },
                   PropertyAccess {
                    expression: Variable {
                     identifier: "cfg",
                     position: (170, 44),
                    },
                    attribute_path: AttributePath {
                     attributes: [
                      Raw {
                       content: "confinement",
                       position: (170, 48),
                      },
                      Raw {
                       content: "packages",
                       position: (170, 60),
                      },
                     ],
                    },
                    default: None,
                   },
                  ],
                 },
                ),
               ],
               target: FunctionApplication {
                function: PropertyAccess {
                 expression: Variable {
                  identifier: "pkgs",
                  position: (171, 8),
                 },
                 attribute_path: AttributePath {
                  attributes: [
                   Raw {
                    content: "writeText",
                    position: (171, 13),
                   },
                  ],
                 },
                 default: None,
                },
                arguments: [
                 String {
                  parts: [
                   Expression {
                    expression: FunctionApplication {
                     function: Variable {
                      identifier: "mkPathSafeName",
                      position: (171, 26),
                     },
                     arguments: [
                      Variable {
                       identifier: "name",
                       position: (171, 41),
                      },
                     ],
                    },
                   },
                   Raw {
                    content: "-string-contexts.txt",
                    position: (171, 46),
                   },
                  ],
                 },
                 Variable {
                  identifier: "contents",
                  position: (171, 68),
                 },
                ],
               },
               position: (169, 17),
              },
             ),
             KeyValue(
              AttributePath {
               attributes: [
                Raw {
                 content: "chrootPaths",
                 position: (173, 5),
                },
               ],
              },
              FunctionApplication {
               function: PropertyAccess {
                expression: Variable {
                 identifier: "pkgs",
                 position: (173, 19),
                },
                attribute_path: AttributePath {
                 attributes: [
                  Raw {
                   content: "runCommand",
                   position: (173, 24),
                  },
                 ],
                },
                default: None,
               },
               arguments: [
                String {
                 parts: [
                  Expression {
                   expression: FunctionApplication {
                    function: Variable {
                     identifier: "mkPathSafeName",
                     position: (173, 38),
                    },
                    arguments: [
                     Variable {
                      identifier: "name",
                      position: (173, 53),
                     },
                    ],
                   },
                  },
                  Raw {
                   content: "-chroot-paths",
                   position: (173, 58),
                  },
                 ],
                },
                Map {
                 bindings: [
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "closureInfo",
                      position: (174, 7),
                     },
                    ],
                   },
                   FunctionApplication {
                    function: PropertyAccess {
                     expression: Variable {
                      identifier: "pkgs",
                      position: (174, 21),
                     },
                     attribute_path: AttributePath {
                      attributes: [
                       Raw {
                        content: "closureInfo",
                        position: (174, 26),
                       },
                      ],
                     },
                     default: None,
                    },
                    arguments: [
                     Map {
                      bindings: [
                       Inherit(
                        None,
                        [
                         Raw {
                          content: "rootPaths",
                          position: (174, 48),
                         },
                        ],
                       ),
                      ],
                      recursive: false,
                      position: (174, 38),
                     },
                    ],
                   },
                  ),
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "serviceName",
                      position: (175, 7),
                     },
                    ],
                   },
                   String {
                    parts: [
                     Expression {
                      expression: Variable {
                       identifier: "name",
                       position: (175, 24),
                      },
                     },
                     Raw {
                      content: ".service",
                      position: (175, 29),
                     },
                    ],
                   },
                  ),
                  KeyValue(
                   AttributePath {
                    attributes: [
                     Raw {
                      content: "excludedPath",
                      position: (176, 7),
                     },
                    ],
                   },
                   Variable {
                    identifier: "rootPaths",
                    position: (176, 22),
                   },
                  ),
                 ],
                 recursive: false,
                 position: (173, 73),
                },
                String {
                 parts: [
                  Raw {
                   content: "mkdir -p \"$out/lib/systemd/system\"\nserviceFile=\"$out/lib/systemd/system/$serviceName\"\n\necho '[Service]' > \"$serviceFile\"\n\n# /bin/sh is special here, because the option value could contain a\n# symlink and we need to properly resolve it.\n",
                   position: (178, 1),
                  },
                  Expression {
                   expression: FunctionApplication {
                    function: PropertyAccess {
                     expression: Variable {
                      identifier: "lib",
                      position: (185, 9),
                     },
                     attribute_path: AttributePath {
                      attributes: [
                       Raw {
                        content: "optionalString",
                        position: (185, 13),
                       },
                      ],
                     },
                     default: None,
                    },
                    arguments: [
                     BinaryOperation {
                      operator: NotEqualTo,
                      operands: [
                       PropertyAccess {
                        expression: Variable {
                         identifier: "cfg",
                         position: (185, 29),
                        },
                        attribute_path: AttributePath {
                         attributes: [
                          Raw {
                           content: "confinement",
                           position: (185, 33),
                          },
                          Raw {
                           content: "binSh",
                           position: (185, 45),
                          },
                         ],
                        },
                        default: None,
                       },
                       Variable {
                        identifier: "null",
                        position: (185, 54),
                       },
                      ],
                      position: (185, 51),
                     },
                     String {
                      parts: [
                       Raw {
                        content: "binsh=",
                        position: (186, 1),
                       },
                       Expression {
                        expression: FunctionApplication {
                         function: PropertyAccess {
                          expression: Variable {
                           identifier: "lib",
                           position: (186, 17),
                          },
                          attribute_path: AttributePath {
                           attributes: [
                            Raw {
                             content: "escapeShellArg",
                             position: (186, 21),
                            },
                           ],
                          },
                          default: None,
                         },
                         arguments: [
                          PropertyAccess {
                           expression: Variable {
                            identifier: "cfg",
                            position: (186, 36),
                           },
                           attribute_path: AttributePath {
                            attributes: [
                             Raw {
                              content: "confinement",
                              position: (186, 40),
                             },
                             Raw {
                              content: "binSh",
                              position: (186, 52),
                             },
                            ],
                           },
                           default: None,
                          },
                         ],
                        },
                       },
                       Raw {
                        content: "\nrealprog=\"$(readlink -e \"$binsh\")\"\necho \"BindReadOnlyPaths=$realprog:/bin/sh\" >> \"$serviceFile\"\n",
                        position: (186, 58),
                       },
                      ],
                     },
                    ],
                   },
                  },
                  Raw {
                   content: "\n\nwhile read storePath; do\n  if [ -L \"$storePath\" ]; then\n    # Currently, systemd can't cope with symlinks in Bind(ReadOnly)Paths,\n    # so let's just bind-mount the target to that location.\n    echo \"BindReadOnlyPaths=$(readlink -e \"$storePath\"):$storePath\"\n  elif [ \"$storePath\" != \"$excludedPath\" ]; then\n    echo \"BindReadOnlyPaths=$storePath\"\n  fi\ndone < \"$closureInfo/store-paths\" >> \"$serviceFile\"\n",
                   position: (189, 10),
                  },
                 ],
                },
               ],
              },
             ),
            ],
            target: FunctionApplication {
             function: PropertyAccess {
              expression: Variable {
               identifier: "lib",
               position: (201, 6),
              },
              attribute_path: AttributePath {
               attributes: [
                Raw {
                 content: "optional",
                 position: (201, 10),
                },
               ],
              },
              default: None,
             },
             arguments: [
              PropertyAccess {
               expression: Variable {
                identifier: "cfg",
                position: (201, 19),
               },
               attribute_path: AttributePath {
                attributes: [
                 Raw {
                  content: "confinement",
                  position: (201, 23),
                 },
                 Raw {
                  content: "enable",
                  position: (201, 35),
                 },
                ],
               },
               default: None,
              },
              Variable {
               identifier: "chrootPaths",
               position: (201, 42),
              },
             ],
            },
            position: (168, 77),
           },
           position: (168, 72),
          },
          position: (168, 66),
         },
         PropertyAccess {
          expression: Variable {
           identifier: "config",
           position: (201, 55),
          },
          attribute_path: AttributePath {
           attributes: [
            Raw {
             content: "systemd",
             position: (201, 62),
            },
            Raw {
             content: "services",
             position: (201, 70),
            },
           ],
          },
          default: None,
         },
        ],
       },
      ],
     },
    ),
   ],
   recursive: false,
   position: (7, 4),
  },
  position: (3, 1),
 },
 position: (1, 1),
}