---
{%- from "apparmor/map.jinja" import apparmor with context %}
{%- if not salt['grains.get']('container') %}
{%- if apparmor.enabled is defined and apparmor.enabled %}
{%- for cfg in apparmor.configs %}
apparmor-{{ cfg }}:
  file.managed:
    - name: /etc/apparmor.d/{{ cfg }}
    - source: salt://apparmor/templates/{{ cfg }}.j2
    - user: root
    - group: root
    - mode: "0644"
    - template: jinja
    - watch_in:
      - service: apparmor-reload
{%- endfor %}

apparmor-reload:
  service.running:
    - name: apparmor
    - enable: true
{%- endif %}
{%- endif %}