---
- name: apparmor | Install apparmor and default profiles
  community.general.apk:
    name: apparmor, apparmor-profiles
    state: present

- name: apparmor | Enable writing cache and faster DFA transition table compression
  lineinfile:
    path: /etc/apparmor/parser.conf
    state: present
    search_string: '{{ item }}'
    line: '{{ item }}'
    owner: root
    group: root
    mode: 0644
  loop:
    - write-cache
    - Optimize=compress-fast

# Don't start it yet, as it requires the kernel parameters
- name: apparmor | Add apparmor service to runlevel 'boot'
  service:
    name: apparmor
    runlevel: boot
    enabled: true

- name: apparmor | Configure kernel parameters in GRUB config file
  import_tasks: grub.yml
  when: bootloader == 'grub'

# TODO: handle limine and efistub better
- name: apparmor | Notify about kernel parameters update
  debug:
    msg: Notify about kernel parameters update for apparmor
  notify: Notify apparmor kernel parameters
  when: bootloader != 'grub'