From 9eefef046efd09ee3858b596db8b865fffa46258 Mon Sep 17 00:00:00 2001
From: Acid Bong <acidbong@tilde.club>
Date: Sat, 3 Jan 2026 14:05:39 +0200
Subject: [PATCH] nixos/auditd: add `package` option

---
 nixos/modules/security/auditd.nix | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/nixos/modules/security/auditd.nix b/nixos/modules/security/auditd.nix
index f9e7fd6084c1..af6f6c8120db 100644
--- a/nixos/modules/security/auditd.nix
+++ b/nixos/modules/security/auditd.nix
@@ -101,6 +101,8 @@ in
   options.security.auditd = {
     enable = lib.mkEnableOption "the Linux Audit daemon";
 
+    package = lib.mkPackageOption pkgs "auditd" { default = "audit"; };
+
     settings = lib.mkOption {
       type = lib.types.submodule {
         freeformType = lib.types.attrsOf settingsType;
@@ -146,7 +148,7 @@ in
       defaultText = lib.literalExpression ''
         {
           af_unix = {
-            path = lib.getExe' pkgs.audit "audisp-af_unix";
+            path = lib.getExe' config.security.auditd.package "audisp-af_unix";
             args = [
               "0640"
               "/var/run/audispd_events"
@@ -155,15 +157,15 @@ in
             format = "binary";
           };
           remote = {
-            path = lib.getExe' pkgs.audit "audisp-remote";
+            path = lib.getExe' config.security.auditd.package "audisp-remote";
             settings = { };
           };
           filter = {
-            path = lib.getExe' pkgs.audit "audisp-filter";
+            path = lib.getExe' config.security.auditd.package "audisp-filter";
             args = [
               "allowlist"
               "/etc/audit/audisp-filter.conf"
-              (lib.getExe' pkgs.audit "audisp-syslog")
+              (lib.getExe' config.security.auditd.package "audisp-syslog")
               "LOG_USER"
               "LOG_INFO"
               "interpret"
@@ -171,7 +173,7 @@ in
             settings = { };
           };
           syslog = {
-            path = lib.getExe' pkgs.audit "audisp-syslog";
+            path = lib.getExe' config.security.auditd.package "audisp-syslog";
             args = [ "LOG_INFO" ];
           };
         }
@@ -226,7 +228,7 @@ in
 
     security.auditd.plugins = {
       af_unix = {
-        path = lib.getExe' pkgs.audit "audisp-af_unix";
+        path = lib.getExe' cfg.package "audisp-af_unix";
         args = [
           "0640"
           "/run/audit/audispd_events"
@@ -235,15 +237,15 @@ in
         format = "binary";
       };
       remote = {
-        path = lib.getExe' pkgs.audit "audisp-remote";
+        path = lib.getExe' cfg.package "audisp-remote";
         settings = { };
       };
       filter = {
-        path = lib.getExe' pkgs.audit "audisp-filter";
+        path = lib.getExe' cfg.package "audisp-filter";
         args = [
           "allowlist"
           "/etc/audit/audisp-filter.conf"
-          (lib.getExe' pkgs.audit "audisp-syslog")
+          (lib.getExe' cfg.package "audisp-syslog")
           "LOG_USER"
           "LOG_INFO"
           "interpret"
@@ -251,12 +253,12 @@ in
         settings = { };
       };
       syslog = {
-        path = lib.getExe' pkgs.audit "audisp-syslog";
+        path = lib.getExe' cfg.package "audisp-syslog";
         args = [ "LOG_INFO" ];
       };
     };
 
-    systemd.packages = [ pkgs.audit.out ];
+    systemd.packages = [ cfg.package.out ];
 
     systemd.services.auditd = {
       wantedBy = [ "multi-user.target" ];
@@ -271,7 +273,7 @@ in
         ExecStart = [
           # the upstream unit does not allow symlinks, so clear and rewrite the ExecStart
           ""
-          "${lib.getExe' pkgs.audit "auditd"} -l -s nochange"
+          "${lib.getExe' cfg.package "auditd"} -l -s nochange"
         ];
       };
     };